AMBARI-13445. LDAP related properties in ranger-admin-site should be derived from similar properties in ranger
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/85489482 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/85489482 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/85489482 Branch: refs/heads/branch-dev-patch-upgrade Commit: 85489482409753a81aa34354f70fda344fd89ca9 Parents: 4ba6ace Author: Gautam Borad <[email protected]> Authored: Fri Oct 16 12:35:42 2015 +0530 Committer: Gautam Borad <[email protected]> Committed: Mon Oct 19 11:28:19 2015 +0530 ---------------------------------------------------------------------- .../RANGER/0.4.0/package/scripts/params.py | 5 +++++ .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 22 +++++++++++++------- .../RANGER/configuration/ranger-admin-site.xml | 20 +++++++++--------- .../RANGER/configuration/ranger-ugsync-site.xml | 2 +- 4 files changed, 30 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/85489482/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index ca77837..3900196 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -173,3 +173,8 @@ if xml_configurations_supported: ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts'] is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False +ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"] +ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"] +ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"] +ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"] +ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"] \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/85489482/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index e14c209..570b2b7 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -266,19 +266,19 @@ def enable_kms_plugin(): if params.has_ranger_admin: ranger_adm_obj = Rangeradmin(url=params.policymgr_mgr_url) - response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(params.policymgr_mgr_url + '/login.jsp', 'test:test') + ambari_username_password_for_ranger = format("{ambari_ranger_admin}:{ambari_ranger_password}") + response_code = ranger_adm_obj.check_ranger_login_urllib2(params.policymgr_mgr_url) if response_code is not None and response_code == 200: - ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password) - ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password + user_resp_code = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password) else: raise Fail('Ranger service is not started on given host') - if ambari_ranger_admin != '' and ambari_ranger_password != '': + if user_resp_code is not None and user_resp_code == 200: get_repo_flag = get_repo(params.policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger) if not get_repo_flag: create_repo(params.policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger) else: - raise Fail('Ambari admin username and password not available') + raise Fail('Ambari admin user creation failed') current_datetime = datetime.now() @@ -361,7 +361,10 @@ def create_repo(url, data, usernamepassword): else: Logger.info('Repository not created') except urllib2.URLError, e: - raise Fail('Repository creation failed, {0}'.format(str(e))) + if isinstance(e, urllib2.HTTPError): + raise Fail("Error creating service. Http status code - {0}. \n {1}".format(e.code, e.read())) + else: + raise Fail("Error creating service. Reason - {0}.".format(e.reason)) def get_repo(url, name, usernamepassword): try: @@ -376,7 +379,7 @@ def get_repo(url, name, usernamepassword): response = json.loads(result.read()) if response_code == 200 and len(response) > 0: for repo in response: - if repo.get('name') == name and repo.has_key('name'): + if repo.get('name').lower() == name.lower() and repo.has_key('name'): Logger.info('KMS repository exist') return True else: @@ -386,4 +389,7 @@ def get_repo(url, name, usernamepassword): Logger.info('KMS repository doesnot exist') return False except urllib2.URLError, e: - raise Fail('Get repository failed, {0}'.format(str(e))) + if isinstance(e, urllib2.HTTPError): + raise Fail("Error getting {0} service. Http status code - {1}. \n {2}".format(name, e.code, e.read())) + else: + raise Fail("Error getting {0} service. Reason - {1}.".format(name, e.reason)) http://git-wip-us.apache.org/repos/asf/ambari/blob/85489482/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml index 0a246a6..aea5857 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml @@ -179,7 +179,7 @@ <property> <name>ranger.ldap.url</name> <display-name>âLDAP URL</display-name> - <value>ldap://71.127.43.33:389</value> + <value>{{ranger_ug_ldap_url}}</value> <description>LDAP Server URL, only used if Authentication method is LDAP</description> <value-attributes> <overridable>false</overridable> @@ -198,21 +198,21 @@ <property> <name>ranger.ldap.group.searchbase</name> <display-name>Group Search Base</display-name> - <value>ou=groups,dc=xasecure,dc=net</value> + <value>{{ranger_ug_ldap_group_searchbase}}</value> <description>LDAP group searchbase, only used if Authentication method is LDAP</description> </property> <property> <name>ranger.ldap.group.searchfilter</name> <display-name>Group Search Filter</display-name> - <value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value> + <value>{{ranger_ug_ldap_group_searchfilter}}</value> <description>LDAP group search filter, only used if Authentication method is LDAP</description> </property> <property> <name>ranger.ldap.user.searchfilter</name> <display-name>User Search Filter</display-name> - <value>(uid={0})</value> + <value>{{ranger_ug_ldap_user_searchfilter}}</value> <description>Search filter used for Bind Authentication</description> <value-attributes> <overridable>false</overridable> @@ -240,7 +240,7 @@ <property> <name>ranger.ldap.bind.dn</name> <display-name>Bind User</display-name> - <value>cn=adadmin,cn=Users,dc=example,dc=com</value> + <value>{{ranger_ug_ldap_bind_dn}}</value> <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description> <value-attributes> <overridable>false</overridable> @@ -250,7 +250,7 @@ <property> <name>ranger.ldap.bind.password</name> <display-name>âBind User Password</display-name> - <value></value> + <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> <property-type>PASSWORD</property-type> <description>Password for the account that can search for users</description> <value-attributes> @@ -279,7 +279,7 @@ <property> <name>ranger.ldap.ad.url</name> - <value>ldap://ad.xasecure.net:389</value> + <value>{{ranger_ug_ldap_url}}</value> <description>AD URL, only used if Authentication method is AD</description> <value-attributes> <overridable>false</overridable> @@ -297,7 +297,7 @@ <property> <name>ranger.ldap.ad.bind.dn</name> - <value>cn=adadmin,cn=Users,dc=example,dc=com</value> + <value>{{ranger_ug_ldap_bind_dn}}</value> <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description> <value-attributes> <overridable>false</overridable> @@ -306,7 +306,7 @@ <property> <name>ranger.ldap.ad.bind.password</name> - <value></value> + <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> <property-type>PASSWORD</property-type> <description>Password for the account that can search for users</description> <value-attributes> @@ -316,7 +316,7 @@ <property> <name>ranger.ldap.ad.user.searchfilter</name> - <value>(sAMAccountName={0})</value> + <value>{{ranger_ug_ldap_user_searchfilter}}</value> <description>Search filter used for Bind Authentication</description> <value-attributes> <overridable>false</overridable> http://git-wip-us.apache.org/repos/asf/ambari/blob/85489482/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml index c8bd2db..22e53dc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml @@ -363,7 +363,7 @@ <property> <name>ranger.usersync.group.searchscope</name> - <value> </value> + <value></value> <description>"# search scope for the groups, only base, one and sub are supported values # please customize the value to suit your deployment # default value: sub"</description>
