Repository: ambari Updated Branches: refs/heads/branch-2.4 e64a34713 -> 116d47df8
AMBARI-16890 Updating Ambari configs changes for latest Ranger configs (Mugdha Varadkar via srimanth) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/116d47df Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/116d47df Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/116d47df Branch: refs/heads/branch-2.4 Commit: 116d47df8200554739b727c0004607d32c2c2c0e Parents: e64a347 Author: Srimanth Gunturi <sgunt...@hortonworks.com> Authored: Wed Jun 1 17:08:48 2016 -0700 Committer: Srimanth Gunturi <sgunt...@hortonworks.com> Committed: Wed Jun 1 17:09:34 2016 -0700 ---------------------------------------------------------------------- .../RANGER/0.4.0/configuration/ranger-site.xml | 3 + .../0.5.0/configuration/ranger-admin-site.xml | 10 ++++ .../0.6.0/configuration/ranger-admin-site.xml | 58 ++++++++++++++++++++ .../configuration/ranger-kms-audit.xml | 12 ++-- .../stacks/HDP/2.3/services/stack_advisor.py | 9 +++ .../stacks/HDP/2.3/upgrades/config-upgrade.xml | 6 ++ .../HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml | 4 ++ .../stacks/HDP/2.3/upgrades/upgrade-2.5.xml | 1 + .../stacks/HDP/2.4/upgrades/config-upgrade.xml | 6 ++ .../HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml | 4 ++ .../stacks/HDP/2.4/upgrades/upgrade-2.5.xml | 1 + .../stacks/HDP/2.5/services/stack_advisor.py | 14 ++++- ambari-web/app/data/HDP2.3/site_properties.js | 9 ++- 13 files changed, 127 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml index 88af5db..d51265d 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml @@ -48,6 +48,9 @@ <description>The keystore pass to be used </description> <on-ambari-upgrade add="false" change="true" delete="true"/> <on-stack-upgrade add="true" change="true" delete="false"/> + <value-attributes> + <type>password</type> + </value-attributes> </property> <property> <name>https.attrib.keyAlias</name> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml index babf248..22ed674 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml @@ -533,6 +533,12 @@ </value-attributes> <on-ambari-upgrade add="false" change="true" delete="true"/> <on-stack-upgrade add="true" change="true" delete="false"/> + <depends-on> + <property> + <type>gateway-site</type> + <name>gateway.port</name> + </property> + </depends-on> </property> <property> <name>ranger.sso.publicKey</name> @@ -564,6 +570,10 @@ <description/> <on-ambari-upgrade add="false" change="true" delete="true"/> <on-stack-upgrade add="true" change="true" delete="false"/> + <value-attributes> + <overridable>false</overridable> + <type>boolean</type> + </value-attributes> </property> <property> <name>ranger.sso.query.param.originalurl</name> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml index 60bd840..71dd5fe 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml @@ -170,4 +170,62 @@ <on-ambari-upgrade add="false" change="true" delete="true"/> <on-stack-upgrade add="true" change="true" delete="false"/> </property> + <property> + <name>ranger.sso.cookiename</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.sso.query.param.originalurl</name> + <deleted>true</deleted> + </property> + + <property> + <name>ranger.ldap.ad.user.searchfilter</name> + <value>(sAMAccountName={0})</value> + <description>Search filter used for Bind Authentication</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + </property> + + <property> + <name>ranger.ldap.user.searchfilter</name> + <display-name>User Search Filter</display-name> + <value>(uid={0})</value> + <description>Search filter used for Bind Authentication</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + </property> + + <property> + <name>ranger.kms.service.user.hdfs</name> + <value></value> + <description></description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hadoop-env</type> + <name>hdfs_user</name> + </property> + </depends-on> + </property> + + <property> + <name>ranger.kms.service.user.hive</name> + <value></value> + <description></description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hive-env</type> + <name>hive_user</name> + </property> + </depends-on> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml index d412cd4..a7c1b65 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml @@ -91,12 +91,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <depends-on> - <property> - <type>core-site</type> - <name>fs.defaultFS</name> - </property> - </depends-on> <on-ambari-upgrade add="false" change="true" delete="true"/> <on-stack-upgrade add="true" change="true" delete="false"/> </property> @@ -106,6 +100,12 @@ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> <on-ambari-upgrade add="false" change="true" delete="true"/> <on-stack-upgrade add="true" change="true" delete="false"/> + <depends-on> + <property> + <type>core-site</type> + <name>fs.defaultFS</name> + </property> + </depends-on> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 0093c1a..36fe066 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -586,6 +586,15 @@ class HDP23StackAdvisor(HDP22StackAdvisor): ranger_audit_source_type = 'db' putRangerAdminProperty('ranger.audit.source.type',ranger_audit_source_type) + knox_host = 'localhost' + knox_port = '8443' + if 'KNOX' in servicesList: + knox_hosts = self.getComponentHostNames(services, "KNOX", "KNOX_GATEWAY") + knox_host = knox_hosts[0] + if 'gateway-site' in services['configurations'] and 'gateway.port' in services['configurations']["gateway-site"]["properties"]: + knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port'] + putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port)) + def recommendYARNConfigurations(self, configurations, clusterData, services, hosts): super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts) http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml index 1130d9a..c72070b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml @@ -262,6 +262,12 @@ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.credential.alias" /> <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.dialect" /> </definition> + + <definition xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"> + <type>ranger-admin-site</type> + <transfer operation="delete" delete-key="ranger.sso.cookiename" /> + <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" /> + </definition> </changes> </component> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml index c7d8b30..0a1bb40 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml @@ -370,6 +370,10 @@ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site"/> </execute-stage> + <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin"> + <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/> + </execute-stage> + <!-- RANGER KMS --> <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS Server"> <task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_kms_audit_db"/> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml index e39f413..a3a3c7d 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml @@ -445,6 +445,7 @@ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_flag" /> <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties" /> <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site" /> + <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property" /> <task xsi:type="execute" hosts="any" sequential="true" summary="Upgrading Ranger database schema"> <script>scripts/ranger_admin.py</script> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml index 39fb9a6..60cac05 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml @@ -120,6 +120,12 @@ <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.credential.alias" /> <transfer operation="delete" delete-key="ranger.jpa.audit.jdbc.dialect" /> </definition> + + <definition xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"> + <type>ranger-admin-site</type> + <transfer operation="delete" delete-key="ranger.sso.cookiename" /> + <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" /> + </definition> </changes> </component> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml index 47e849c..0f3bff4 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml @@ -309,6 +309,10 @@ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site"/> </execute-stage> + <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin"> + <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/> + </execute-stage> + <!-- HDFS --> <execute-stage service="HDFS" component="NAMENODE" title="Apply config changes for Hdfs Namenode"> <task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_hdfs_audit_db"/> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml index 644ca87..cadb3c7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml @@ -440,6 +440,7 @@ <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_flag" /> <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties" /> <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site" /> + <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property" /> <task xsi:type="execute" hosts="any" sequential="true" summary="Upgrading Ranger database schema"> <script>scripts/ranger_admin.py</script> http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py index 613004d..413a2f7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py @@ -1218,7 +1218,7 @@ class HDP25StackAdvisor(HDP24StackAdvisor): {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'}, {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'}, {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'}, - {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-site'} + {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-audit'} ] for item in range(len(ranger_services)): @@ -1239,6 +1239,18 @@ class HDP25StackAdvisor(HDP24StackAdvisor): rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']] putRangerAuditProperty(item['target_configname'], rangerAuditProperty) + if "HDFS" in servicesList: + hdfs_user = None + if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]: + hdfs_user = services["configurations"]["hadoop-env"]["properties"]["hdfs_user"] + putRangerAdminProperty('ranger.kms.service.user.hdfs', hdfs_user) + + if "HIVE" in servicesList: + hive_user = None + if "hive-env" in services["configurations"] and "hive_user" in services["configurations"]["hive-env"]["properties"]: + hive_user = services["configurations"]["hive-env"]["properties"]["hive_user"] + putRangerAdminProperty('ranger.kms.service.user.hive', hive_user) + def validateRangerTagsyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): ranger_tagsync_properties = getSiteProperties(configurations, "ranger-tagsync-site") validationItems = [] http://git-wip-us.apache.org/repos/asf/ambari/blob/116d47df/ambari-web/app/data/HDP2.3/site_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js index e04d060..9ae68df 100644 --- a/ambari-web/app/data/HDP2.3/site_properties.js +++ b/ambari-web/app/data/HDP2.3/site_properties.js @@ -194,13 +194,15 @@ hdp23properties.push({ "name": "ranger.sso.providerurl", "serviceName": "RANGER", "filename": "ranger-admin-site.xml", - "category": "KnoxSSOSettings" + "category": "KnoxSSOSettings", + "index": 2 }, { "name": "ranger.sso.publicKey", "serviceName": "RANGER", "filename": "ranger-admin-site.xml", - "category": "KnoxSSOSettings" + "category": "KnoxSSOSettings", + "index": 3 }, { "name": "ranger.sso.cookiename", @@ -212,7 +214,8 @@ hdp23properties.push({ "name": "ranger.sso.enabled", "serviceName": "RANGER", "filename": "ranger-admin-site.xml", - "category": "KnoxSSOSettings" + "category": "KnoxSSOSettings", + "index": 1 }, { "name": "ranger.sso.query.param.originalurl",