Repository: ambari Updated Branches: refs/heads/trunk ec9adba8e -> 83452cbdc
AMBARI-15914. Ranger stack changes to remove audit to db config params (Mugdha Varadkar via gautam) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/83452cbd Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/83452cbd Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/83452cbd Branch: refs/heads/trunk Commit: 83452cbdc47a6cc8ba57820f2ebb8cfec20c81b0 Parents: ec9adba Author: Gautam Borad <[email protected]> Authored: Fri Apr 15 20:04:34 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Tue Apr 19 10:43:19 2016 +0530 ---------------------------------------------------------------------- .../libraries/functions/constants.py | 1 + .../libraries/functions/stack_features.py | 6 ++ .../0.96.0.2.0/package/scripts/params_linux.py | 64 ++++++++++--------- .../2.1.0.2.0/package/scripts/params_linux.py | 66 ++++++++++--------- .../0.12.0.2.0/package/scripts/params_linux.py | 63 +++++++++--------- .../KAFKA/0.8.1.2.2/package/scripts/params.py | 67 ++++++++++---------- .../0.5.0.2.2/package/scripts/params_linux.py | 67 ++++++++++---------- .../RANGER/0.4.0/package/scripts/params.py | 17 ++--- .../0.5.0.2.3/package/scripts/params.py | 64 ++++++++++--------- .../0.9.1.2.1/package/scripts/params_linux.py | 65 ++++++++++--------- .../2.1.0.2.0/package/scripts/params_linux.py | 67 ++++++++++---------- .../HDP/2.0.6/properties/stack_features.json | 6 ++ .../HBASE/configuration/ranger-hbase-audit.xml | 58 +++++++++++++++++ .../HDFS/configuration/ranger-hdfs-audit.xml | 59 +++++++++++++++++ .../HIVE/configuration/ranger-hive-audit.xml | 58 +++++++++++++++++ .../KAFKA/configuration/ranger-kafka-audit.xml | 58 +++++++++++++++++ .../KNOX/configuration/ranger-knox-audit.xml | 58 +++++++++++++++++ .../RANGER/configuration/admin-properties.xml | 39 ++++++++++++ .../RANGER/configuration/ranger-admin-site.xml | 51 +++++++++++++++ .../RANGER/configuration/ranger-env.xml | 29 +++++++++ .../configuration/ranger-kms-audit.xml | 58 +++++++++++++++++ .../STORM/configuration/ranger-storm-audit.xml | 58 +++++++++++++++++ .../YARN/configuration/ranger-yarn-audit.xml | 58 +++++++++++++++++ 23 files changed, 881 insertions(+), 256 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-common/src/main/python/resource_management/libraries/functions/constants.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py index 86dbc48..658c56f 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py @@ -62,6 +62,7 @@ class StackFeature: KAFKA_KERBEROS = "kafka_kerberos" PIG_ON_TEZ = "pig_on_tez" RANGER_USERSYNC_NON_ROOT = "ranger_usersync_non_root" + RANGER_AUDIT_DB_SUPPORT = "ranger_audit_db_support" ACCUMULO_KERBEROS_USER_AUTH = "accumulo_kerberos_user_auth" KNOX_VERSIONED_DATA_DIR = "knox_versioned_data_dir" KNOX_SSO_TOPOLOGY = "knox_sso_topology" http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py b/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py index 7201c36..cf56acf 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py @@ -142,6 +142,12 @@ _DEFAULT_STACK_FEATURES = { "min_version": "2.3.0.0" }, { + "name": "ranger_audit_db_support", + "description": "Ranger Audit to DB support", + "min_version": "2.2.0.0", + "max_version": "2.5.0.0" + }, + { "name": "accumulo_kerberos_user_auth", "description": "Accumulo Kerberos User Auth (AMBARI-10163)", "min_version": "2.3.0.0" http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index c66a0e9..ff9b638 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -246,6 +246,7 @@ HdfsResource = functools.partial( ) # ranger host +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -278,38 +279,39 @@ java_share_dir = '/usr/share/java' enable_ranger_hbase = False if has_ranger_admin: enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes') - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None repo_config_password = unicode(config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']) xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() - if xa_audit_db_flavor == 'mysql': - jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor == 'oracle': - jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor == 'postgres': - jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor == 'mssql': - jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor == 'sqla': - jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}") - driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") - driver_curl_target = format("{stack_root}/current/{component_directory}/lib/{jdbc_jar_name}") + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor == 'mysql': + jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor == 'oracle': + jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor == 'postgres': + jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor == 'mssql': + jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor == 'sqla': + jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_target = format("{stack_root}/current/{component_directory}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None sql_connector_jar = '' hbase_ranger_plugin_config = { @@ -333,8 +335,10 @@ if has_ranger_admin: 'assetType': '2' } + xa_audit_db_is_enabled = False ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py index 6949ced..7ad9f39 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py @@ -379,6 +379,7 @@ mapred_pid_dir_prefix = default("/configurations/mapred-env/mapred_pid_dir_prefi mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefix","/var/log/hadoop-mapreduce") # ranger host +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -417,38 +418,40 @@ is_https_enabled = config['configurations']['hdfs-site']['dfs.https.enable'] if if has_ranger_admin: enable_ranger_hdfs = (config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled'].lower() == 'yes') - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None repo_config_password = unicode(config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']) xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() - if xa_audit_db_flavor == 'mysql': - jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor == 'oracle': - jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor == 'postgres': - jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor == 'mssql': - jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor == 'sqla': - jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") - driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") - driver_curl_target = format("{hadoop_lib_home}/{jdbc_jar_name}") + if stack_supports_ranger_audit_db: + + if xa_audit_db_flavor == 'mysql': + jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor == 'oracle': + jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor == 'postgres': + jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor == 'mssql': + jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor == 'sqla': + jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_target = format("{hadoop_lib_home}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None sql_connector_jar = '' @@ -474,9 +477,10 @@ if has_ranger_admin: 'repositoryType': 'hdfs', 'assetType': '1' } - + xa_audit_db_is_enabled = False ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py index 1205202..9bee786 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py @@ -501,6 +501,7 @@ if has_hive_interactive: hive_headless_keytab = config['configurations']['hive-interactive-site']['hive.llap.zk.sm.principal'] # ranger host +stack_supports_ranger_audit_db = stack_version_formatted_major and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted_major) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -530,35 +531,35 @@ if has_ranger_admin: repo_config_password = unicode(config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']) xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() - if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql': - ranger_jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle': - ranger_jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres': - ranger_jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql': - ranger_jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla': - ranger_jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql': + ranger_jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle': + ranger_jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres': + ranger_jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql': + ranger_jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla': + ranger_jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}") - - ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}") - ranger_driver_curl_target = format("{hive_lib}/{ranger_jdbc_jar_name}") + ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}") if stack_supports_ranger_audit_db else None + ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}") if stack_supports_ranger_audit_db else None + ranger_driver_curl_target = format("{hive_lib}/{ranger_jdbc_jar_name}") if stack_supports_ranger_audit_db else None sql_connector_jar = '' hive_ranger_plugin_config = { @@ -578,9 +579,11 @@ if has_ranger_admin: 'assetType': '3' } - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_is_enabled = False + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py index 8d483dc..d4ee6f9 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1.2.2/package/scripts/params.py @@ -158,6 +158,7 @@ else: # *********************** RANGER PLUGIN CHANGES *********************** # ranger host # ********************************************************************** +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -176,7 +177,7 @@ if has_ranger_admin and is_supported_kafka_ranger: xa_audit_db_flavor = xa_audit_db_flavor.lower() if xa_audit_db_flavor else None xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name'] xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user'] - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None xa_db_host = config['configurations']['admin-properties']['db_host'] repo_name = str(config['clusterName']) + '_kafka' @@ -211,38 +212,40 @@ if has_ranger_admin and is_supported_kafka_ranger: #For curl command in ranger plugin to get db connector jdk_location = config['hostLevelParams']['jdk_location'] java_share_dir = '/usr/share/java' - if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql': - jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle': - jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres': - jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql': - jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla': - jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") - - driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") - driver_curl_target = format("{kafka_home}/libs/{jdbc_jar_name}") - + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql': + jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle': + jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres': + jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql': + jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla': + jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_target = format("{kafka_home}/libs/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + + xa_audit_db_is_enabled = False ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-kafka-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-kafka-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-kafka-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py index 5c65a1e..dff9cc0 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py @@ -236,6 +236,7 @@ if security_enabled: knox_principal_name = config['configurations']['knox-env']['knox_principal_name'].replace('_HOST',_hostname_lowercase) # ranger host +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -263,39 +264,39 @@ jdk_location = config['hostLevelParams']['jdk_location'] java_share_dir = '/usr/share/java' if has_ranger_admin: enable_ranger_knox = (config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled'].lower() == 'yes') - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None repo_config_password = unicode(config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']) xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() - if xa_audit_db_flavor == 'mysql': - jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor == 'oracle': - jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor == 'postgres': - jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor == 'mssql': - jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor == 'sqla': - jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") - - driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") - driver_curl_target = format("{stack_root}/current/knox-server/ext/{jdbc_jar_name}") + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor == 'mysql': + jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor == 'oracle': + jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor == 'postgres': + jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor == 'mssql': + jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor == 'sqla': + jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_target = format("{stack_root}/current/knox-server/ext/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None sql_connector_jar = '' knox_ranger_plugin_config = { @@ -314,8 +315,10 @@ if has_ranger_admin: 'assetType': '5', } + xa_audit_db_is_enabled = False ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None @@ -349,4 +352,4 @@ HdfsResource = functools.partial( hdfs_site = hdfs_site, default_fs = default_fs, immutable_paths = get_not_managed_resources() -) \ No newline at end of file +) http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index c0ab3e8..0a05173 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -58,6 +58,7 @@ stack_supports_rolling_upgrade = stack_version_formatted and check_stack_feature stack_supports_config_versioning = stack_version_formatted and check_stack_feature(StackFeature.CONFIG_VERSIONING, stack_version_formatted) stack_supports_usersync_non_root = stack_version_formatted and check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, stack_version_formatted) stack_supports_ranger_tagsync = stack_version_formatted and check_stack_feature(StackFeature.RANGER_TAGSYNC_COMPONENT, stack_version_formatted) +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) downgrade_from_version = default("/commandParams/downgrade_from_version", None) upgrade_direction = default("/commandParams/upgrade_direction", None) @@ -136,27 +137,27 @@ jdk_location = config['hostLevelParams']['jdk_location'] java_share_dir = '/usr/share/java' if db_flavor.lower() == 'mysql': jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}') + audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform" elif db_flavor.lower() == 'oracle': jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform" colon_count = db_host.count(':') if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}') + audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}') if stack_supports_ranger_audit_db else None else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}') + audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}') if stack_supports_ranger_audit_db else None elif db_flavor.lower() == 'postgres': jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}') + audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform" elif db_flavor.lower() == 'mssql': jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}') + audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}') if stack_supports_ranger_audit_db else None jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform" elif db_flavor.lower() == 'sqla': jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}') + audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}') if stack_supports_ranger_audit_db else None jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform" downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") @@ -183,8 +184,8 @@ ranger_credential_provider_path = config["configurations"]["ranger-admin-site"][ ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"] ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"]) -ranger_jpa_audit_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.audit.jdbc.credential.alias"] -ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"]) +ranger_jpa_audit_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.audit.jdbc.credential.alias"] if stack_supports_ranger_audit_db else None +ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"]) if stack_supports_ranger_audit_db else None ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"] cred_lib_path = os.path.join(ranger_home,"cred","lib","*") http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index fc722da..4bdbd80 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -37,6 +37,7 @@ stack_version_unformatted = config['hostLevelParams']['stack_version'] stack_version_formatted = format_stack_version(stack_version_unformatted) stack_supports_config_versioning = stack_version_formatted and check_stack_feature(StackFeature.CONFIG_VERSIONING, stack_version_formatted) +stack_support_kms_hsm = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_HSM_SUPPORT, stack_version_formatted) hadoop_conf_dir = conf_select.get_hadoop_conf_dir() security_enabled = config['configurations']['cluster-env']['security_enabled'] @@ -53,6 +54,7 @@ jdk_location = config['hostLevelParams']['jdk_location'] kms_log4j = config['configurations']['kms-log4j']['content'] # ranger host +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts'][0] has_ranger_admin = len(ranger_admin_hosts) > 0 kms_host = config['clusterHostInfo']['ranger_kms_server_hosts'][0] @@ -136,35 +138,35 @@ if db_flavor == 'sqla': ld_library_path = format("{jdbc_libs_dir}") if has_ranger_admin: - if xa_audit_db_flavor == 'mysql': - jdbc_jar = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor == 'oracle': - jdbc_jar = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor == 'postgres': - jdbc_jar = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor == 'mssql': - jdbc_jar = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor == 'sqla': - jdbc_jar = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") - - driver_source = format("{jdk_location}/{jdbc_jar}") - driver_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar}") + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor == 'mysql': + jdbc_jar = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor == 'oracle': + jdbc_jar = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor == 'postgres': + jdbc_jar = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor == 'mssql': + jdbc_jar = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor == 'sqla': + jdbc_jar = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") if stack_supports_ranger_audit_db else None + driver_source = format("{jdk_location}/{jdbc_jar}") if stack_supports_ranger_audit_db else None + driver_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar}") if stack_supports_ranger_audit_db else None repo_config_username = config['configurations']['kms-properties']['REPOSITORY_CONFIG_USERNAME'] repo_config_password = unicode(config['configurations']['kms-properties']['REPOSITORY_CONFIG_PASSWORD']) @@ -183,7 +185,9 @@ kms_ranger_plugin_repo = { 'type' : 'kms' } -xa_audit_db_is_enabled = config['configurations']['ranger-kms-audit']['xasecure.audit.destination.db'] +xa_audit_db_is_enabled = False +if stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-kms-audit']['xasecure.audit.destination.db'] ssl_keystore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) ssl_truststore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py index 101ca46..3b65ea9 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py @@ -197,6 +197,7 @@ if has_atlas: jar_jvm_opts = '-Datlas.conf=' + atlas_conf_dir # ranger host +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -229,39 +230,39 @@ java_share_dir = '/usr/share/java' if has_ranger_admin: enable_ranger_storm = (config['configurations']['ranger-storm-plugin-properties']['ranger-storm-plugin-enabled'].lower() == 'yes') - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None repo_config_password = unicode(config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']) xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() - if xa_audit_db_flavor == 'mysql': - jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor == 'oracle': - jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor == 'postgres': - jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor == 'mssql': - jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor == 'sqla': - jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") - - driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") - driver_curl_target = format("{storm_component_home_dir}/lib/{jdbc_jar_name}") + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor == 'mysql': + jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor == 'oracle': + jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor == 'postgres': + jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor == 'mssql': + jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor == 'sqla': + jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_target = format("{storm_component_home_dir}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None sql_connector_jar = '' storm_ranger_plugin_config = { @@ -280,8 +281,10 @@ if has_ranger_admin: 'assetType': '6' } + xa_audit_db_is_enabled = False ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py index 5c37e4b..327781a 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py @@ -314,6 +314,7 @@ cgroups_dir = "/cgroups_test/cpu" # *********************** RANGER PLUGIN CHANGES *********************** # ranger host +stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, stack_version_formatted) ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) has_ranger_admin = not len(ranger_admin_hosts) == 0 xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported'] @@ -358,7 +359,7 @@ if has_ranger_admin: xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name'] xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user'] - xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) + xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password']) if stack_supports_ranger_audit_db else None xa_db_host = config['configurations']['admin-properties']['db_host'] repo_name = str(config['clusterName']) + '_yarn' @@ -386,38 +387,40 @@ if has_ranger_admin: #For curl command in ranger plugin to get db connector jdk_location = config['hostLevelParams']['jdk_location'] java_share_dir = '/usr/share/java' - if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql': - jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) - audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "com.mysql.jdbc.Driver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle': - jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) - colon_count = xa_db_host.count(':') - if colon_count == 2 or colon_count == 0: - audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') - else: - audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') - jdbc_driver = "oracle.jdbc.OracleDriver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres': - jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) - audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') - jdbc_driver = "org.postgresql.Driver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql': - jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') - jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" - elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla': - jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) - audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') - jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" - - downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") - - driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") - driver_curl_target = format("{hadoop_yarn_home}/lib/{jdbc_jar_name}") - + if stack_supports_ranger_audit_db: + if xa_audit_db_flavor and xa_audit_db_flavor == 'mysql': + jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None) + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'oracle': + jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None) + colon_count = xa_db_host.count(':') + if colon_count == 2 or colon_count == 0: + audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}') + else: + audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'postgres': + jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None) + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'mssql': + jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + elif xa_audit_db_flavor and xa_audit_db_flavor == 'sqla': + jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None) + audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}') + jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver" + + downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + driver_curl_target = format("{hadoop_yarn_home}/lib/{jdbc_jar_name}") if stack_supports_ranger_audit_db else None + + xa_audit_db_is_enabled = False ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls'] - xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None + if xml_configurations_supported and stack_supports_ranger_audit_db: + xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.db'] xa_audit_hdfs_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.destination.hdfs'] if xml_configurations_supported else None ssl_keystore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None ssl_truststore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json index 03b7e01..4cead39 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json @@ -119,6 +119,12 @@ "min_version": "2.3.0.0" }, { + "name": "ranger_audit_db_support", + "description": "Ranger Audit to DB support", + "min_version": "2.2.0.0", + "max_version": "2.5.0.0" + }, + { "name": "accumulo_kerberos_user_auth", "description": "Accumulo Kerberos User Auth (AMBARI-10163)", "min_version": "2.3.0.0" http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml new file mode 100644 index 0000000..2cbea00 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/admin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/admin-properties.xml new file mode 100644 index 0000000..c81d892 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/admin-properties.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>audit_db_name</name> + <deleted>true</deleted> + </property> + + <property> + <name>audit_db_user</name> + <deleted>true</deleted> + </property> + + <property> + <name>audit_db_password</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-admin-site.xml new file mode 100644 index 0000000..d533dbc --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-admin-site.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration> + + <property> + <name>ranger.jpa.audit.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.credential.alias</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.dialect</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-env.xml new file mode 100644 index 0000000..43975af --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-env.xml @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/STORM/configuration/ranger-storm-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/83452cbd/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml new file mode 100644 index 0000000..bfa0fd2 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + </property> + + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file
