AMBARI-13438. Ranger Audit properties for all services should be recommended to be same as in ranger service. (jaimin)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d834d3a3 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d834d3a3 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d834d3a3 Branch: refs/heads/branch-dev-patch-upgrade Commit: d834d3a3756d42def793aa487e6abab8c27297c6 Parents: 86fb757 Author: Jaimin Jetly <[email protected]> Authored: Thu Oct 15 16:45:23 2015 -0700 Committer: Jaimin Jetly <[email protected]> Committed: Thu Oct 15 17:23:32 2015 -0700 ---------------------------------------------------------------------- .../RANGER/0.4.0/configuration/ranger-env.xml | 20 +++--- .../stacks/HDP/2.0.6/services/stack_advisor.py | 33 +++++++++ .../HBASE/configuration/ranger-hbase-audit.xml | 43 +++++++++++- .../HDFS/configuration/ranger-hdfs-audit.xml | 43 +++++++++++- .../HIVE/configuration/ranger-hive-audit.xml | 43 +++++++++++- .../KAFKA/configuration/ranger-kafka-audit.xml | 45 +++++++++++- .../KNOX/configuration/ranger-knox-audit.xml | 43 +++++++++++- .../RANGER/configuration/ranger-admin-site.xml | 10 ++- .../RANGER/configuration/ranger-env.xml | 32 +++++---- .../RANGER/configuration/ranger-ugsync-site.xml | 8 +-- .../services/RANGER/themes/theme_version_2.json | 72 ++++++++++---------- .../STORM/configuration/ranger-storm-audit.xml | 43 +++++++++++- .../YARN/configuration/ranger-yarn-audit.xml | 43 +++++++++++- .../stacks/HDP/2.3/services/stack_advisor.py | 47 +++++++++++++ .../stacks/2.0.6/common/test_stack_advisor.py | 65 ++++++++++++++++++ 15 files changed, 510 insertions(+), 80 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml index 0a2a3db..59b7d9e 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml @@ -116,11 +116,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -138,11 +138,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -160,11 +160,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -182,11 +182,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -204,11 +204,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py index 9bb21ea..7fb9884 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py @@ -483,6 +483,18 @@ class HDP206StackAdvisor(DefaultStackAdvisor): pass + def getHostNamesWithComponent(self, serviceName, componentName, services): + """ + Returns the list of hostnames on which service component is installed + """ + if services is not None and serviceName in [service["StackServices"]["service_name"] for service in services["services"]]: + service = [serviceEntry for serviceEntry in services["services"] if serviceEntry["StackServices"]["service_name"] == serviceName][0] + components = [componentEntry for componentEntry in service["components"] if componentEntry["StackServiceComponents"]["component_name"] == componentName] + if (len(components) > 0 and len(components[0]["StackServiceComponents"]["hostnames"]) > 0): + componentHostnames = components[0]["StackServiceComponents"]["hostnames"] + return componentHostnames + return [] + def getHostsWithComponent(self, serviceName, componentName, services, hosts): if services is not None and hosts is not None and serviceName in [service["StackServices"]["service_name"] for service in services["services"]]: service = [serviceEntry for serviceEntry in services["services"] if serviceEntry["StackServices"]["service_name"] == serviceName][0] @@ -508,6 +520,27 @@ class HDP206StackAdvisor(DefaultStackAdvisor): and hostname in componentEntry["StackServiceComponents"]["hostnames"]]) return components + def getZKHostPortString(self, services): + """ + Returns the comma delimited string of zookeeper server host with the configure port installed in a cluster + Example: zk.host1.org:2181,zk.host2.org:2181,zk.host3.org:2181 + """ + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] + include_zookeeper = "ZOOKEEPER" in servicesList + zookeeper_host_port = '' + + if include_zookeeper: + zookeeper_hosts = self.getHostNamesWithComponent("ZOOKEEPER", "ZOOKEEPER_SERVER", services) + zookeeper_port = 2181 #default port + if 'zoo.cfg' in services['configurations'] and ('clientPort' in services['configurations']['zoo.cfg']['properties']): + zookeeper_port = services['configurations']['zoo.cfg']['properties']['clientPort'] + + zookeeper_host_port_arr = [] + for i in range(len(zookeeper_hosts)): + zookeeper_host_port_arr.append(zookeeper_hosts[i] + ':' + zookeeper_port) + zookeeper_host_port = ",".join(zookeeper_host_port_arr) + return zookeeper_host_port + def getConfigurationClusterSummary(self, servicesList, hosts, components, services): hBaseInstalled = False http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml index a45414d..0de24b6 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -103,18 +121,39 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml index aba0357..888b135 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -103,18 +121,39 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml index c22d5ee..0610dd1 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -103,18 +121,39 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml index b181f29..3ba44e6 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -97,24 +115,45 @@ <property> <name>xasecure.audit.destination.solr</name> - <value>true</value> + <value>false</value> <display-name>Audit to SOLR</display-name> <description>Is Solr audit enabled?</description> <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml index cce87e3..07f1adf 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -103,18 +121,39 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml index 6d48ca5..0a246a6 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml @@ -418,8 +418,14 @@ <property> <name>ranger.audit.solr.zookeepers</name> - <value></value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>zoo.cfg</type> + <name>clientPort</name> + </property> + </depends-on> </property> <property> @@ -430,7 +436,7 @@ <property> <name>ranger.audit.solr.password</name> - <value></value> + <value>NONE</value> <property-type>PASSWORD</property-type> <description>Solr password</description> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml index 1ca8a65..0f1c837 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml @@ -106,11 +106,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -128,11 +128,11 @@ <entries> <entry> <value>Yes</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>No</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -150,11 +150,11 @@ <entries> <entry> <value>true</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>false</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -172,11 +172,11 @@ <entries> <entry> <value>true</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>false</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -194,11 +194,11 @@ <entries> <entry> <value>true</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>false</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -217,11 +217,11 @@ <entries> <entry> <value>true</value> - <label>Enabled</label> + <label>ON</label> </entry> <entry> <value>false</value> - <label>Disabled</label> + <label>OFF</label> </entry> </entries> <selection-cardinality>1</selection-cardinality> @@ -230,9 +230,15 @@ <property> <name>xasecure.audit.destination.hdfs.dir</name> - <value>hdfs://localhost:8020/ranger/audit</value> + <value>hdfs://localhost:8020</value> <display-name>Destination HDFS Directory</display-name> <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description> + <depends-on> + <property> + <type>core-site</type> + <name>fs.defaultFS</name> + </property> + </depends-on> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml index f180957..c8bd2db 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml @@ -65,7 +65,7 @@ <property> <name>ranger.usersync.enabled</name> <display-name>Enable User Sync</display-name> - <value>true</value> + <value>false</value> <description>Usersync enabled?</description> <value-attributes> <empty-value-valid>true</empty-value-valid> @@ -185,8 +185,8 @@ <property> <name>ranger.usersync.ldap.binddn</name> <display-name>âBind User</display-name> - <value>cn=admin,dc=xasecure,dc=net</value> - <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description> + <value></value> + <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. Example: cn=admin,dc=xasecure,dc=net</description> </property> <property> @@ -263,7 +263,7 @@ <property> <name>ranger.usersync.ldap.user.nameattribute</name> <display-name>Username Attribute</display-name> - <value>cn</value> + <value></value> <description>LDAP user name attribute</description> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json index 6fe7e90..187942c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/themes/theme_version_2.json @@ -272,43 +272,36 @@ "tab-rows": "2", "sections": [ { - "name": "section-ranger-audit-db", - "display-name": "Audit to DB", + "name": "section-ranger-audit-solr", + "display-name": "Audit to Solr", "row-index": "0", "column-index": "0", "row-span": "1", - "column-span": "2", - "section-columns": "2", + "column-span": "1", + "section-columns": "1", "section-rows": "1", "subsections": [ { - "name": "subsection-ranger-audit-db-row1-col1", + "name": "subsection-ranger-solr-row1-col1", "row-index": "0", "column-index": "0", "row-span": "1", "column-span": "1" - }, - { - "name": "subsection-ranger-audit-db-row1-col2", - "row-index": "0", - "column-index": "1", - "row-span": "1", - "column-span": "1" } ] }, { - "name": "section-ranger-audit-solr", - "display-name": "Audit to Solr", - "row-index": "1", - "column-index": "0", + "name": "section-ranger-audit-hdfs", + "display-name": "Audit to HDFS", + "row-index": "0", + "column-index": "1", "row-span": "1", "column-span": "1", "section-columns": "1", "section-rows": "1", "subsections": [ { - "name": "subsection-ranger-solr-row2-col1", + "name": "subsection-ranger-hdfs-row1-col2", "row-index": "0", "column-index": "0", "row-span": "1", @@ -317,21 +310,28 @@ ] }, { - "name": "section-ranger-audit-hdfs", - "display-name": "Audit to HDFS", + "name": "section-ranger-audit-db", + "display-name": "Audit to DB", "row-index": "1", - "column-index": "1", + "column-index": "0", "row-span": "1", - "column-span": "1", - "section-columns": "1", + "column-span": "2", + "section-columns": "2", "section-rows": "1", "subsections": [ { - "name": "subsection-ranger-hdfs-row2-col2", + "name": "subsection-ranger-audit-db-row2-col1", "row-index": "0", "column-index": "0", "row-span": "1", "column-span": "1" + }, + { + "name": "subsection-ranger-audit-db-row2-col2", + "row-index": "0", + "column-index": "1", + "row-span": "1", + "column-span": "1" } ] } @@ -1006,27 +1006,27 @@ }, { "config": "ranger-env/xasecure.audit.destination.db", - "subsection-name": "subsection-ranger-audit-db-row1-col1" + "subsection-name": "subsection-ranger-audit-db-row2-col1" }, { "config": "admin-properties/audit_db_user", - "subsection-name": "subsection-ranger-audit-db-row1-col1" + "subsection-name": "subsection-ranger-audit-db-row2-col1" }, { "config": "admin-properties/audit_db_name", - "subsection-name": "subsection-ranger-audit-db-row1-col2" + "subsection-name": "subsection-ranger-audit-db-row2-col2" }, { "config": "admin-properties/audit_db_password", - "subsection-name": "subsection-ranger-audit-db-row1-col2" + "subsection-name": "subsection-ranger-audit-db-row2-col2" }, { "config": "ranger-env/xasecure.audit.destination.solr", - "subsection-name": "subsection-ranger-solr-row2-col1" + "subsection-name": "subsection-ranger-solr-row1-col1" }, { "config": "ranger-env/is_solrCloud_enabled", - "subsection-name": "subsection-ranger-solr-row2-col1", + "subsection-name": "subsection-ranger-solr-row1-col1", "depends-on": [ { "configs":[ @@ -1048,7 +1048,7 @@ }, { "config": "ranger-admin-site/ranger.audit.solr.urls", - "subsection-name": "subsection-ranger-solr-row2-col1", + "subsection-name": "subsection-ranger-solr-row1-col1", "depends-on": [ { "configs":[ @@ -1071,7 +1071,7 @@ }, { "config": "ranger-admin-site/ranger.audit.solr.zookeepers", - "subsection-name": "subsection-ranger-solr-row2-col1", + "subsection-name": "subsection-ranger-solr-row1-col1", "depends-on": [ { "configs":[ @@ -1094,7 +1094,7 @@ }, { "config": "ranger-admin-site/ranger.audit.solr.username", - "subsection-name": "subsection-ranger-solr-row2-col1", + "subsection-name": "subsection-ranger-solr-row1-col1", "depends-on": [ { "configs":[ @@ -1116,7 +1116,7 @@ }, { "config": "ranger-admin-site/ranger.audit.solr.password", - "subsection-name": "subsection-ranger-solr-row2-col1", + "subsection-name": "subsection-ranger-solr-row1-col1", "depends-on": [ { "configs":[ @@ -1138,11 +1138,11 @@ }, { "config": "ranger-env/xasecure.audit.destination.hdfs", - "subsection-name": "subsection-ranger-hdfs-row2-col2" + "subsection-name": "subsection-ranger-hdfs-row1-col2" }, { "config": "ranger-env/xasecure.audit.destination.hdfs.dir", - "subsection-name": "subsection-ranger-hdfs-row2-col2", + "subsection-name": "subsection-ranger-hdfs-row1-col2", "depends-on": [ { "configs":[ @@ -1516,7 +1516,7 @@ { "config": "ranger-admin-site/ranger.audit.solr.password", "widget": { - "type": "password" + "type": "text-field" } }, { http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml index 6c2d7c8..c04ba74 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -103,18 +121,39 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml index 71c8cce..87a48d7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml @@ -34,6 +34,12 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> </property> <property> @@ -81,12 +87,24 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> </property> <property> @@ -103,18 +121,39 @@ <value-attributes> <type>boolean</type> </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.urls</name> - <value>{{ranger_audit_solr_urls}}</value> + <value></value> <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> - <value>none</value> + <value>localhost:2181</value> <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index a2bae0f..501517f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -261,6 +261,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor): def recommendRangerConfigurations(self, configurations, clusterData, services, hosts): super(HDP23StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData, services, hosts) + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services) putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services) @@ -297,6 +298,52 @@ class HDP23StackAdvisor(HDP22StackAdvisor): for key in rangerPrivelegeDbProperties: putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key)) + # Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir + include_hdfs = "HDFS" in servicesList + zookeeper_host_port = self.getZKHostPortString(services) + if zookeeper_host_port: + putRangerAdminProperty('ranger.audit.solr.zookeepers', zookeeper_host_port) + + if include_hdfs: + if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']): + default_fs = services['configurations']['core-site']['properties']['fs.defaultFS'] + putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs) + + # Recommend Ranger supported service's audit properties + ranger_services = [ + {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'}, + {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'}, + {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'}, + {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'}, + {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'}, + {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'}, + {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'} + ] + + for item in range(len(ranger_services)): + if ranger_services[item]['service_name'] in servicesList: + component_audit_file = ranger_services[item]['audit_file'] + if component_audit_file in services["configurations"]: + ranger_audit_dict = [ + {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'xasecure.audit.destination.db'}, + {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'xasecure.audit.destination.hdfs'}, + {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'xasecure.audit.destination.hdfs.dir'}, + {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.solr', 'target_configname': 'xasecure.audit.destination.solr'}, + {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'}, + {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'} + ] + putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services) + + for item in ranger_audit_dict: + if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]: + if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]: + rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']] + else: + rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']] + putRangerAuditProperty(item['target_configname'], rangerAuditProperty) + + + def recommendYARNConfigurations(self, configurations, clusterData, services, hosts): super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts) if "ranger-env" in services["configurations"] and "ranger-yarn-plugin-properties" in services["configurations"] and \ http://git-wip-us.apache.org/repos/asf/ambari/blob/d834d3a3/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py index 8ba37c0..abddc71 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py @@ -966,6 +966,71 @@ class TestHDP206StackAdvisor(TestCase): self.stackAdvisor.recommendHDFSConfigurations(configurations, clusterData, services, hosts) self.assertEquals(configurations, expected) + + + def test_getHostNamesWithComponent(self): + + services = { + "services": [ + { + "StackServices": { + "service_name": "SERVICE" + }, + "components": [ + { + "StackServiceComponents": { + "component_name": "COMPONENT", + "hostnames": ["host1","host2","host3"] + } + } + ] + } + ], + "configurations": {} + } + + result = self.stackAdvisor.getHostNamesWithComponent("SERVICE","COMPONENT", services) + expected = ["host1","host2","host3"] + self.assertEquals(result, expected) + + + def test_getZKHostPortString(self): + configurations = { + "zoo.cfg": { + "properties": { + 'clientPort': "2183" + } + } + } + + services = { + "services": [ + { + "StackServices": { + "service_name": "ZOOKEEPER" + }, + "components": [ + { + "StackServiceComponents": { + "component_name": "ZOOKEEPER_SERVER", + "hostnames": ["zk.host1","zk.host2","zk.host3"] + } + }, { + "StackServiceComponents": { + "component_name": "ZOOKEEPER_CLIENT", + "hostnames": ["host1"] + } + } + ] + } + ], + "configurations": configurations + } + + result = self.stackAdvisor.getZKHostPortString(services) + expected = "zk.host1:2183,zk.host2:2183,zk.host3:2183" + self.assertEquals(result, expected) + def test_validateHDFSConfigurationsEnv(self): configurations = {}
