Repository: ambari Updated Branches: refs/heads/branch-2.4 203930d23 -> 7cf65cbc7
AMBARI-17688: Ranger stack changes in Ambari to support secure Solr (Mugdha Varadkar via jluniya) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7cf65cbc Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7cf65cbc Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7cf65cbc Branch: refs/heads/branch-2.4 Commit: 7cf65cbc7cb94720aec46e2b59cd97ca4d759d76 Parents: 203930d Author: Jayush Luniya <[email protected]> Authored: Fri Jul 15 10:27:24 2016 -0700 Committer: Jayush Luniya <[email protected]> Committed: Fri Jul 15 10:28:09 2016 -0700 ---------------------------------------------------------------------- .../0.96.0.2.0/package/scripts/params_linux.py | 2 +- .../0.12.0.2.0/package/scripts/params_linux.py | 1 + .../RANGER/0.4.0/package/scripts/params.py | 7 +- .../0.4.0/package/scripts/ranger_admin.py | 2 +- .../0.5.0/configuration/ranger-admin-site.xml | 6 + .../0.6.0/configuration/ranger-admin-site.xml | 78 +++++++++++ .../RANGER/0.6.0/themes/theme_version_3.json | 28 ++++ .../0.5.0.2.3/package/scripts/params.py | 2 +- .../1.0.1/configuration/ranger-storm-audit.xml | 136 +++++++++++++++++++ .../stacks/HDP/2.2/services/stack_advisor.py | 10 +- .../stacks/HDP/2.3/services/stack_advisor.py | 11 +- .../ATLAS/configuration/ranger-atlas-audit.xml | 135 ++++++++++++++++++ .../HBASE/configuration/ranger-hbase-audit.xml | 136 +++++++++++++++++++ .../HDFS/configuration/ranger-hdfs-audit.xml | 136 +++++++++++++++++++ .../HIVE/configuration/ranger-hive-audit.xml | 136 +++++++++++++++++++ .../KAFKA/configuration/ranger-kafka-audit.xml | 136 +++++++++++++++++++ .../KNOX/configuration/ranger-knox-audit.xml | 136 +++++++++++++++++++ .../configuration/ranger-kms-audit.xml | 136 +++++++++++++++++++ .../YARN/configuration/ranger-yarn-audit.xml | 136 +++++++++++++++++++ .../stacks/HDP/2.5/services/stack_advisor.py | 53 +++++++- .../stacks/2.2/common/test_stack_advisor.py | 33 ++++- .../stacks/2.3/common/test_stack_advisor.py | 20 ++- .../2.5/configs/ranger-admin-default.json | 2 +- .../2.5/configs/ranger-admin-secured.json | 2 +- ambari-web/app/data/HDP2/site_properties.js | 43 ++++++ ambari-web/app/models/stack_service.js | 3 +- 26 files changed, 1499 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index f5e0301..bf61493 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -188,12 +188,12 @@ user_group = config['configurations']['cluster-env']["user_group"] if security_enabled: _hostname_lowercase = config['hostname'].lower() master_jaas_princ = config['configurations']['hbase-site']['hbase.master.kerberos.principal'].replace('_HOST',_hostname_lowercase) + master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab.file'] regionserver_jaas_princ = config['configurations']['hbase-site']['hbase.regionserver.kerberos.principal'].replace('_HOST',_hostname_lowercase) _queryserver_jaas_princ = config['configurations']['hbase-site']['phoenix.queryserver.kerberos.principal'] if not is_empty(_queryserver_jaas_princ): queryserver_jaas_princ =_queryserver_jaas_princ.replace('_HOST',_hostname_lowercase) -master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab.file'] regionserver_keytab_path = config['configurations']['hbase-site']['hbase.regionserver.keytab.file'] queryserver_keytab_path = config['configurations']['hbase-site']['phoenix.queryserver.keytab.file'] smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab'] http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py index 6bb2cbc..c5f8fc3 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py @@ -634,6 +634,7 @@ policy_user = config['configurations']['ranger-hive-plugin-properties']['policy_ if security_enabled: hive_principal = hive_server_principal.replace('_HOST',hostname.lower()) + hive_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab'] #For curl command in ranger plugin to get db connector if has_ranger_admin: http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index fad4b9b..84e90e0 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -262,6 +262,7 @@ ugsync_policymgr_alias = config["configurations"]["ranger-ugsync-site"]["ranger. ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.keystore"] # ranger solr +audit_solr_enabled = default('/configurations/ranger-env/xasecure.audit.destination.solr', False) ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set'] ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name'] ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards'] @@ -298,12 +299,14 @@ solr_jaas_file = None if security_enabled: if has_ranger_tagsync: ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal'] - tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower()) + if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '': + tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower()) tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab'] if stack_supports_ranger_kerberos: ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal'] - ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower()) + if not is_empty(ranger_admin_principal) and ranger_admin_principal != '': + ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower()) ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab'] if not is_empty(ranger_admin_principal) and ranger_admin_principal != '': http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py index 529ac8c..c0534f3 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py @@ -86,7 +86,7 @@ class RangerAdmin(Script): env.set_params(params) self.configure(env, upgrade_type=upgrade_type) - if params.stack_supports_logsearch_client and params.is_solrCloud_enabled: + if params.stack_supports_logsearch_client and params.audit_solr_enabled and params.is_solrCloud_enabled: solr_cloud_util.setup_solr_client(params.config, user = params.solr_user, custom_log4j = params.custom_log4j) setup_ranger_audit_solr() http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml index 1b2b5e0..c41c90c 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml @@ -503,6 +503,12 @@ <value-attributes> <empty-value-valid>true</empty-value-valid> </value-attributes> + <depends-on> + <property> + <type>gateway-site</type> + <name>gateway.port</name> + </property> + </depends-on> <on-ambari-upgrade add="true"/> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml index 341cff7..477df7a 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml @@ -322,4 +322,82 @@ </depends-on> <on-ambari-upgrade add="true"/> </property> + + <property> + <name>ranger.is.solr.kerberised</name> + <display-name>Kerberos Solr</display-name> + <value>false</value> + <description/> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>ON</label> + </entry> + <entry> + <value>false</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{ranger_admin_jaas_principal}}</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{ranger_admin_keytab}}</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value>com.sun.security.auth.module.Krb5LoginModule</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value>required</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>true</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value>solr</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json index 3f50774..e65c9b2 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json +++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json @@ -308,6 +308,28 @@ } } ] + }, + { + "config": "ranger-admin-site/ranger.is.solr.kerberised", + "subsection-name": "subsection-ranger-solr-row1-col1", + "depends-on": [ + { + "configs":[ + "ranger-env/xasecure.audit.destination.solr" + ], + "if": "${ranger-env/xasecure.audit.destination.solr}", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] } ] }, @@ -389,6 +411,12 @@ "widget": { "type": "toggle" } + }, + { + "config": "ranger-admin-site/ranger.is.solr.kerberised", + "widget": { + "type": "toggle" + } } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index dfcad32..73cfbff 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -232,12 +232,12 @@ hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None) # kms kerberos from stack 2.5 onward -rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab'] rangerkms_bare_principal = 'rangerkms' if stack_supports_ranger_kerberos: if security_enabled: rangerkms_principal = config['configurations']['dbks-site']['ranger.ks.kerberos.principal'] + rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab'] if not is_empty(rangerkms_principal) and rangerkms_principal != '': rangerkms_bare_principal = get_bare_principal(rangerkms_principal) rangerkms_principal = rangerkms_principal.replace('_HOST', kms_host.lower()) http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml index d3f9143..1c869ed 100644 --- a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml +++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml @@ -54,4 +54,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{storm_jaas_principal}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{storm_keytab_path}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py index e570a5b7..1598d0e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py @@ -1491,6 +1491,8 @@ class HDP22StackAdvisor(HDP21StackAdvisor): validationItems = [] ranger_plugin_properties = getSiteProperties(configurations, "ranger-kafka-plugin-properties") ranger_plugin_enabled = ranger_plugin_properties['ranger-kafka-plugin-enabled'] if ranger_plugin_properties else 'No' + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] + security_enabled = self.isSecurityEnabled(services) if ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') @@ -1499,6 +1501,11 @@ class HDP22StackAdvisor(HDP21StackAdvisor): validationItems.append({"config-name": 'ranger-kafka-plugin-enabled', "item": self.getWarnItem( "ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled must correspond ranger-env/ranger-kafka-plugin-enabled")}) + + if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'yes') and not security_enabled: + validationItems.append({"config-name": "ranger-kafka-plugin-enabled", + "item": self.getWarnItem( + "Ranger Kafka plugin should not be enabled in non-kerberos environment.")}) return self.toConfigurationValidationProblems(validationItems, "ranger-kafka-plugin-properties") def validateStormRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): @@ -1506,6 +1513,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): ranger_plugin_properties = getSiteProperties(configurations, "ranger-storm-plugin-properties") ranger_plugin_enabled = ranger_plugin_properties['ranger-storm-plugin-enabled'] if ranger_plugin_properties else 'No' servicesList = [service["StackServices"]["service_name"] for service in services["services"]] + security_enabled = self.isSecurityEnabled(services) if ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') @@ -1514,7 +1522,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): validationItems.append({"config-name": 'ranger-storm-plugin-enabled', "item": self.getWarnItem( "ranger-storm-plugin-properties/ranger-storm-plugin-enabled must correspond ranger-env/ranger-storm-plugin-enabled")}) - if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()) and not 'KERBEROS' in servicesList: + if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()) and not security_enabled: validationItems.append({"config-name": "ranger-storm-plugin-enabled", "item": self.getWarnItem( "Ranger Storm plugin should not be enabled in non-kerberos environment.")}) http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 2a2a3a3..373553c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -942,11 +942,6 @@ class HDP23StackAdvisor(HDP22StackAdvisor): "If Ranger Kafka Plugin is enabled."\ "{0} needs to be set to {1}".format(prop_name,prop_val))}) - if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()) and not 'KERBEROS' in servicesList: - validationItems.append({"config-name": "ranger-kafka-plugin-enabled", - "item": self.getWarnItem( - "Ranger Kafka plugin should not be enabled in non-kerberos environment.")}) - return self.toConfigurationValidationProblems(validationItems, "kafka-broker") def validateYARNConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): @@ -981,11 +976,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor): parentValidationProblems = super(HDP23StackAdvisor, self).validateRangerConfigurationsEnv(properties, recommendedDefaults, configurations, services, hosts) ranger_env_properties = properties validationItems = [] - security_enabled = False - - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - if 'KERBEROS' in servicesList: - security_enabled = True + security_enabled = self.isSecurityEnabled(services) if "ranger-kafka-plugin-enabled" in ranger_env_properties and ranger_env_properties["ranger-kafka-plugin-enabled"].lower() == 'yes' and not security_enabled: validationItems.append({"config-name": "ranger-kafka-plugin-enabled", http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml index efeea5f..ac22729 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml @@ -128,4 +128,139 @@ <on-ambari-upgrade add="true"/> </property> + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{atlas_jaas_principal}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{atlas_keytab_path}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml index d3f9143..cc9f0d2 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml @@ -54,4 +54,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{master_jaas_princ}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{master_keytab_path}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml index 019602a..0a04953 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -55,4 +55,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{nn_principal_name}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{nn_keytab}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml index d3f9143..671c08e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml @@ -54,4 +54,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{hive_principal}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{hive_keytab}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml index d3f9143..6aca7e7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml @@ -54,4 +54,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{kafka_jaas_principal}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{kafka_keytab_path}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml index d3f9143..bdd1994 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml @@ -54,4 +54,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{knox_principal_name}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{knox_keytab_path}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml index 02b7565..8c8278a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml @@ -81,4 +81,140 @@ </depends-on> <on-ambari-upgrade add="true"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{rangerkms_principal}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{rangerkms_keytab}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml index d3f9143..da24576 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml @@ -54,4 +54,140 @@ <deleted>true</deleted> <on-ambari-upgrade add="false"/> </property> + + <property> + <name>xasecure.audit.jaas.Client.option.principal</name> + <value>{{rm_principal_name}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.keyTab</name> + <value>{{rm_keytab}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.useKeyTab</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.storeKey</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + <value></value> + <description/> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>xasecure.audit.jaas.Client.option.serviceName</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + </property> + + <property> + <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.is.solr.kerberised</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py index 5fccb2a..66d2ef7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py @@ -57,7 +57,8 @@ class HDP25StackAdvisor(HDP24StackAdvisor): "HIVE": {"hive-interactive-env": self.validateHiveInteractiveEnvConfigurations, "hive-interactive-site": self.validateHiveInteractiveSiteConfigurations}, "YARN": {"yarn-site": self.validateYarnConfigurations}, - "RANGER": {"ranger-tagsync-site": self.validateRangerTagsyncConfigurations} + "RANGER": {"ranger-tagsync-site": self.validateRangerTagsyncConfigurations, + "ranger-admin-site": self.validateRangerAdminConfigurations} } self.mergeValidators(parentValidators, childValidators) return parentValidators @@ -1526,6 +1527,11 @@ class HDP25StackAdvisor(HDP24StackAdvisor): else: putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE') + if 'ranger-admin-site' in services['configurations'] and 'ranger.is.solr.kerberised' in services['configurations']['ranger-admin-site']['properties']: + is_solr_kerberised = services['configurations']['ranger-admin-site']['properties']['ranger.is.solr.kerberised'] == 'true' + else: + is_solr_kerberised = False + ranger_services = [ {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'}, {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'}, @@ -1556,6 +1562,37 @@ class HDP25StackAdvisor(HDP24StackAdvisor): rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']] putRangerAuditProperty(item['target_configname'], rangerAuditProperty) + if is_solr_kerberised: + ranger_solr_kerberised = [ + {'configname': 'xasecure.audit.jaas.Client.loginModuleName'}, + {'configname': 'xasecure.audit.jaas.Client.loginModuleControlFlag'}, + {'configname': 'xasecure.audit.jaas.Client.option.useKeyTab'}, + {'configname': 'xasecure.audit.jaas.Client.option.storeKey'}, + {'configname': 'xasecure.audit.jaas.Client.option.serviceName'} + ] + + for item in ranger_solr_kerberised: + if 'ranger-admin-site' in services['configurations'] and item['configname'] in services["configurations"]['ranger-admin-site']["properties"]: + if 'ranger-admin-site' in configurations and item['configname'] in configurations['ranger-admin-site']["properties"]: + solrKerberisedProperty = configurations['ranger-admin-site']["properties"][item['configname']] + else: + solrKerberisedProperty = services['configurations']['ranger-admin-site']['properties'][item['configname']] + putRangerAuditProperty(item['configname'], solrKerberisedProperty) + + putRangerAuditProperty('xasecure.audit.destination.solr.force.use.inmemory.jaas.config', 'true') + else: + set_solr_kerberised_default = [ + {'configname': 'xasecure.audit.jaas.Client.loginModuleName', 'default_value': ''}, + {'configname': 'xasecure.audit.jaas.Client.loginModuleControlFlag', 'default_value': ''}, + {'configname': 'xasecure.audit.jaas.Client.option.useKeyTab', 'default_value': 'false'}, + {'configname': 'xasecure.audit.jaas.Client.option.storeKey', 'default_value': 'false'}, + {'configname': 'xasecure.audit.jaas.Client.option.serviceName', 'default_value': ''}, + {'configname': 'xasecure.audit.destination.solr.force.use.inmemory.jaas.config', 'default_value': 'false'} + ] + + for item in set_solr_kerberised_default: + putRangerAuditProperty(item['configname'], item['default_value']) + if "HDFS" in servicesList: hdfs_user = None if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]: @@ -1615,7 +1652,7 @@ class HDP25StackAdvisor(HDP24StackAdvisor): putAtlasRangerAuditProperty('xasecure.audit.destination.solr',xasecure_audit_destination_solr) def validateRangerTagsyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): - ranger_tagsync_properties = getSiteProperties(configurations, "ranger-tagsync-site") + ranger_tagsync_properties = properties validationItems = [] servicesList = [service["StackServices"]["service_name"] for service in services["services"]] @@ -1631,6 +1668,18 @@ class HDP25StackAdvisor(HDP24StackAdvisor): return self.toConfigurationValidationProblems(validationItems, "ranger-tagsync-site") + def validateRangerAdminConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): + ranger_admin_properties = properties + validationItems = [] + security_enabled = self.isSecurityEnabled(services) + + if 'ranger.is.solr.kerberised' in ranger_admin_properties and ranger_admin_properties['ranger.is.solr.kerberised'].lower() == 'true'\ + and not security_enabled: + validationItems.append({"config-name": "ranger.is.solr.kerberised", + "item": self.getWarnItem("Kerberos Solr (ranger.is.solr.kerberised) should not be enabled in non-kerberos environment.")}) + + return self.toConfigurationValidationProblems(validationItems, "ranger-admin-site") + """ Returns the host(s) on which a requested service's component is hosted. Parameters : http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py index 86bf14d..cf5918a 100644 --- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py @@ -3894,13 +3894,25 @@ class TestHDP22StackAdvisor(TestCase): "properties":{ "ranger-kafka-plugin-enabled":"Yes", } + }, + "cluster-env": { + "properties": { + "security_enabled" : "true" + } } } services = { + "services": + [ + { + "StackServices": { + "service_name" : "RANGER" + } + } + ], "configurations": configurations } res_expected = [] - res = self.stackAdvisor.validateKafkaRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {}) self.assertEquals(res, res_expected) @@ -3912,6 +3924,12 @@ class TestHDP22StackAdvisor(TestCase): 'config-name': 'ranger-kafka-plugin-enabled', 'level': 'WARN'}] + # Test to check security_enabled is false + services['configurations']['cluster-env']['properties']['security_enabled'] = "false" + res_expected.append({'config-type': 'ranger-kafka-plugin-properties', 'message': 'Ranger Kafka plugin should not be enabled in non-kerberos environment.', 'type': 'configuration', 'config-name': 'ranger-kafka-plugin-enabled', 'level': 'WARN'}) + res = self.stackAdvisor.validateKafkaRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {}) + self.assertEquals(res, res_expected) + res = self.stackAdvisor.validateKafkaRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {}) self.assertEquals(res, res_expected) @@ -3930,6 +3948,11 @@ class TestHDP22StackAdvisor(TestCase): "properties":{ "ranger-storm-plugin-enabled":"Yes", } + }, + "cluster-env": { + "properties": { + "security_enabled" : "true" + } } } services = { @@ -3937,14 +3960,13 @@ class TestHDP22StackAdvisor(TestCase): [ { "StackServices": { - "service_name" : "STORM" + "service_name" : "RANGER" } } ], "configurations": configurations } res_expected = [] - res = self.stackAdvisor.validateStormRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {}) self.assertEquals(res, res_expected) @@ -3959,6 +3981,11 @@ class TestHDP22StackAdvisor(TestCase): res = self.stackAdvisor.validateStormRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {}) self.assertEquals(res, res_expected) + # Test to check security_enabled is false + services['configurations']['cluster-env']['properties']['security_enabled'] = "false" + res_expected.append({'config-type': 'ranger-storm-plugin-properties', 'message': 'Ranger Storm plugin should not be enabled in non-kerberos environment.', 'type': 'configuration', 'config-name': 'ranger-storm-plugin-enabled', 'level': 'WARN'}) + res = self.stackAdvisor.validateStormRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {}) + self.assertEquals(res, res_expected) def test_recommendRangerConfigurations(self): clusterData = {} http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py index a6baeea..a30d5fc 100644 --- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py @@ -2146,14 +2146,28 @@ class TestHDP23StackAdvisor(TestCase): [ { "StackServices": { - "service_name" : "KAFKA" + "service_name" : "RANGER" } } - ] + ], + "configurations": { + "cluster-env": { + "properties": { + "security_enabled" : "false" + }, + "property_attributes": {} + } } + } # Test with ranger plugin enabled, validation fails res_expected = [{'config-type': 'ranger-env', 'message': 'Ranger Kafka plugin should not be enabled in non-kerberos environment.', 'type': 'configuration', 'config-name': 'ranger-kafka-plugin-enabled', 'level': 'WARN'}] + res = self.stackAdvisor.validateRangerConfigurationsEnv(properties, recommendedDefaults, configurations, services, {}) + self.assertEquals(res, res_expected) + # Test for security_enabled is true + services['configurations']['cluster-env']['properties']['security_enabled'] = "true" + configurations['cluster-env']['properties']['security_enabled'] = "true" + res_expected = [] res = self.stackAdvisor.validateRangerConfigurationsEnv(properties, recommendedDefaults, configurations, services, {}) - self.assertEquals(res, res_expected) \ No newline at end of file + self.assertEquals(res, res_expected) http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json index 67b00a1..934007b 100644 --- a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json +++ b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json @@ -376,7 +376,7 @@ "ranger-kafka-plugin-enabled": "No", "ranger_privelege_user_jdbc_url": "jdbc:mysql://c6401.ambari.apache.org:3306", "ranger-hive-plugin-enabled": "No", - "xasecure.audit.destination.solr": "false", + "xasecure.audit.destination.solr": "true", "ranger_pid_dir": "/var/run/ranger", "xasecure.audit.destination.hdfs": "true", "admin_username": "admin", http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json index 9911e10..53e26a6 100644 --- a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json +++ b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json @@ -394,7 +394,7 @@ "ranger-kafka-plugin-enabled": "No", "ranger_privelege_user_jdbc_url": "jdbc:mysql://c6401.ambari.apache.org:3306", "ranger-hive-plugin-enabled": "No", - "xasecure.audit.destination.solr": "false", + "xasecure.audit.destination.solr": "true", "ranger_pid_dir": "/var/run/ranger", "xasecure.audit.destination.hdfs": "true", "admin_username": "admin", http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-web/app/data/HDP2/site_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2/site_properties.js b/ambari-web/app/data/HDP2/site_properties.js index 23fbf5e..13b9cde 100644 --- a/ambari-web/app/data/HDP2/site_properties.js +++ b/ambari-web/app/data/HDP2/site_properties.js @@ -1783,6 +1783,49 @@ var hdp2properties = [ "category": "MetricCollector", "index": 3 }, + /*ranger-admin-site*/ + { + "name": "xasecure.audit.jaas.Client.option.principal", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, + { + "name": "xasecure.audit.jaas.Client.option.keyTab", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, + { + "name": "xasecure.audit.jaas.Client.loginModuleName", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, + { + "name": "xasecure.audit.jaas.Client.loginModuleControlFlag", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, + { + "name": "xasecure.audit.jaas.Client.option.useKeyTab", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, + { + "name": "xasecure.audit.jaas.Client.option.storeKey", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, + { + "name": "xasecure.audit.jaas.Client.option.serviceName", + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "SolrKerberosSettings" + }, /************************************************LOGSEARCH******************************************/ /*logfeeder-properties*/ { http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-web/app/models/stack_service.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/models/stack_service.js b/ambari-web/app/models/stack_service.js index c63df3d..4114ec6 100644 --- a/ambari-web/app/models/stack_service.js +++ b/ambari-web/app/models/stack_service.js @@ -355,7 +355,8 @@ App.StackService.configCategories = function () { App.ServiceConfigCategory.create({ name: 'UnixAuthenticationSettings', displayName: 'Unix Authentication Settings'}), App.ServiceConfigCategory.create({ name: 'ADSettings', displayName: 'AD Settings'}), App.ServiceConfigCategory.create({ name: 'LDAPSettings', displayName: 'LDAP Settings'}), - App.ServiceConfigCategory.create({ name: 'KnoxSSOSettings', displayName: 'Knox SSO Settings'}) + App.ServiceConfigCategory.create({ name: 'KnoxSSOSettings', displayName: 'Knox SSO Settings'}), + App.ServiceConfigCategory.create({ name: 'SolrKerberosSettings', displayName: 'Solr Kerberos Settings'}) ]); break; case 'ACCUMULO':
