http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/PIG/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/PIG/package/scripts/service_check.py b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/PIG/package/scripts/service_check.py deleted file mode 100644 index cee4ef7..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/PIG/package/scripts/service_check.py +++ /dev/null @@ -1,123 +0,0 @@ -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -Ambari Agent - -""" - -import os - -from resource_management.core.resources.system import Execute, File -from resource_management.core.source import InlineTemplate, StaticFile -from resource_management.libraries.functions.copy_tarball import copy_to_hdfs -from resource_management.libraries.functions.format import format -from resource_management.libraries.functions.version import compare_versions -from resource_management.libraries.resources.execute_hadoop import ExecuteHadoop -from resource_management.libraries.resources.hdfs_resource import HdfsResource -from resource_management.libraries.script.script import Script - -from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl - -class PigServiceCheck(Script): - pass - -@OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT) -class PigServiceCheckLinux(PigServiceCheck): - def service_check(self, env): - import params - env.set_params(params) - - input_file = format('/user/{smokeuser}/passwd') - output_dir = format('/user/{smokeuser}/pigsmoke.out') - - # cleanup output - params.HdfsResource(output_dir, - type="directory", - action="delete_on_execute", - owner=params.smokeuser, - ) - # re-create input. Be able to delete it if it already exists - params.HdfsResource(input_file, - type="file", - source="/etc/passwd", - action="create_on_execute", - owner=params.smokeuser, - ) - params.HdfsResource(None, action="execute") - - - - File( format("{tmp_dir}/pigSmoke.sh"), - content = StaticFile("pigSmoke.sh"), - mode = 0755 - ) - - # check for Pig-on-M/R - Execute( format("pig {tmp_dir}/pigSmoke.sh"), - tries = 3, - try_sleep = 5, - path = format('{pig_bin_dir}:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'), - user = params.smokeuser, - logoutput = True - ) - - test_cmd = format("fs -test -e {output_dir}") - ExecuteHadoop( test_cmd, - user = params.smokeuser, - conf_dir = params.hadoop_conf_dir, - bin_dir = params.hadoop_bin_dir - ) - - if params.iop_stack_version != "" and compare_versions(params.iop_stack_version, '4.0') >= 0: - # cleanup results from previous test - # cleanup output - params.HdfsResource(output_dir, - type="directory", - action="delete_on_execute", - owner=params.smokeuser, - ) - # re-create input. Be able to delete it firstly if it already exists - params.HdfsResource(input_file, - type="file", - source="/etc/passwd", - action="create_on_execute", - owner=params.smokeuser, - ) - params.HdfsResource(None, action="execute") - - if params.security_enabled: - kinit_cmd = format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal};") - Execute(kinit_cmd, - user=params.smokeuser - ) - - Execute(format("pig {tmp_dir}/pigSmoke.sh"), - tries = 3, - try_sleep = 5, - path = format('{pig_bin_dir}:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'), - user = params.smokeuser, - logoutput = True - ) - - ExecuteHadoop(test_cmd, - user = params.smokeuser, - conf_dir = params.hadoop_conf_dir, - bin_dir = params.hadoop_bin_dir - ) - -if __name__ == "__main__": - PigServiceCheck().execute() \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/alerts.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/alerts.json b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/alerts.json deleted file mode 100644 index b42d275..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/alerts.json +++ /dev/null @@ -1,74 +0,0 @@ -{ - "RANGER": { - "service": [], - "RANGER_ADMIN": [ - { - "name": "ranger_admin_process", - "label": "Ranger Admin Process", - "description": "This host-level alert is triggered if the Ranger Admin Web UI is unreachable.", - "interval": 1, - "scope": "ANY", - "source": { - "type": "WEB", - "uri": { - "http": "{{admin-properties/policymgr_external_url}}", - "https": "{{admin-properties/policymgr_external_url}}", - "https_property": "{{ranger-site/http.enabled}}", - "https_property_value": "false", - "connection_timeout": 5.0 - }, - "reporting": { - "ok": { - "text": "HTTP {0} response in {2:.3f}s" - }, - "warning": { - "text": "HTTP {0} response from {1} in {2:.3f}s ({3})" - }, - "critical": { - "text": "Connection failed to {1} ({3})" - } - } - } - }, - { - "name": "ranger_admin_password_check", - "label": "Ranger Admin password check", - "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.", - "interval": 30, - "scope": "ANY", - "source": { - "type": "SCRIPT", - "path": "RANGER/0.5.0.4.2/package/alerts/alert_ranger_admin_passwd_check.py", - "parameters": [] - } - } - ], - "RANGER_USERSYNC": [ - { - "name": "ranger_usersync_process", - "label": "Ranger Usersync Process", - "description": "This host-level alert is triggered if the Ranger Usersync cannot be determined to be up.", - "interval": 1, - "scope": "HOST", - "source": { - "type": "PORT", - "uri": "{{admin-properties/authServicePort}}", - "default_port": 5151, - "reporting": { - "ok": { - "text": "TCP OK - {0:.3f}s response on port {1}" - }, - "warning": { - "text": "TCP OK - {0:.3f}s response on port {1}", - "value": 1.5 - }, - "critical": { - "text": "Connection failed: {0} to {1}:{2}", - "value": 5.0 - } - } - } - } - ] - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/admin-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/admin-properties.xml deleted file mode 100644 index 552f64b..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/admin-properties.xml +++ /dev/null @@ -1,262 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_final="false"> - - <property> - <name>DB_FLAVOR</name> - <value>MYSQL</value> - <display-name>DB FLAVOR</display-name> - <description>The database type to be used (mysql/oracle)</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>MYSQL</value> - <label>MYSQL</label> - </entry> - <entry> - <value>ORACLE</value> - <label>ORACLE</label> - </entry> - <entry> - <value>POSTGRES</value> - <label>POSTGRES</label> - </entry> - <entry> - <value>MSSQL</value> - <label>MSSQL</label> - </entry> - <entry> - <value>SQLA</value> - <label>SQL Anywhere</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <!-- - <property> - <name>SQL_COMMAND_INVOKER</name> - <deleted>true</deleted> - </property> - --> - - <property> - <name>SQL_CONNECTOR_JAR</name> - <display-name>Location of Sql Connector Jar</display-name> - <value>/usr/share/java/mysql-connector-java.jar</value> - <description>Location of DB client library (please check the location of the jar file)</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>db_root_user</name> - <value>root</value> - <display-name>Database Administrator (DBA) username</display-name> - <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property require-input="true"> - <name>db_root_password</name> - <display-name>Database Administrator (DBA) password</display-name> - <value></value> - <property-type>PASSWORD</property-type> - <description>Database password for the database admin user-id</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>db_host</name> - <display-name>Ranger DB host</display-name> - <value></value> - <description>Database host</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>db_name</name> - <display-name>Ranger DB name</display-name> - <value>ranger</value> - <description>Database name</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>db_user</name> - <display-name>Ranger DB username</display-name> - <value>rangeradmin</value> - <description>Database username used for the Ranger schema</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property require-input="true"> - <name>db_password</name> - <display-name>Ranger DB password</display-name> - <value></value> - <property-type>PASSWORD</property-type> - <description>Database password for the Ranger schema</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>audit_db_name</name> - <value>ranger_audit</value> - <description>Audit database name</description> - <display-name>Ranger Audit DB name</display-name> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>audit_db_user</name> - <display-name>Ranger Audit DB username</display-name> - <value>rangerlogger</value> - <description>Database user-id for storing auditlog information</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property require-input="true"> - <name>audit_db_password</name> - <display-name>Ranger Audit DB password</display-name> - <value></value> - <property-type>PASSWORD</property-type> - <description>Database password for storing auditlog information</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>policymgr_external_url</name> - <display-name>External URL</display-name> - <value></value> - <description>Policy Manager external url eg: http://RANGER_HOST:6080</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>ranger-admin-site</type> - <name>ranger.service.http.enabled</name> - </property> - <property> - <type>ranger-admin-site</type> - <name>ranger.service.http.port</name> - </property> - <property> - <type>ranger-admin-site</type> - <name>ranger.service.https.port</name> - </property> - </depends-on> - </property> - - <!-- Commenting the following properties, as these are excluded properties in - HDP 2.3 --> - <!-- - <property> - <name>policymgr_http_enabled</name> - <display-name>HTTP enabled</display-name> - <value>true</value> - <description>HTTP Enabled</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <deleted>true</deleted> - </property> - - <property> - <name>authentication_method</name> - <deleted>true</deleted> - </property> - - <property> - <name>remoteLoginEnabled</name> - <deleted>true</deleted> - </property> - - <property> - <name>authServiceHostName</name> - <deleted>true</deleted> - </property> - - <property> - <name>authServicePort</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_url</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_userDNpattern</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_groupSearchBase</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_groupSearchFilter</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_groupRoleAttribute</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_ad_domain</name> - <deleted>true</deleted> - </property> - - <property> - <name>xa_ldap_ad_url</name> - <deleted>true</deleted> - </property> - --> - -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml deleted file mode 100644 index 0ac957f..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml +++ /dev/null @@ -1,517 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - -<configuration supports_final="true"> - - <property> - <name>ranger.service.host</name> - <value>{{ranger_host}}</value> - <description>Host where ranger service to be installed</description> - </property> - - <property> - <name>ranger.service.http.enabled</name> - <display-name>HTTP enabled</display-name> - <value>true</value> - <description>Enable HTTP</description> - <value-attributes> - <overridable>false</overridable> - <type>boolean</type> - </value-attributes> - </property> - - <property> - <name>ranger.service.http.port</name> - <value>6080</value> - <description>HTTP port</description> - </property> - - <property> - <name>ranger.service.https.port</name> - <value>6182</value> - <description>HTTPS port (if SSL is enabled)</description> - </property> - - <property> - <name>ranger.service.https.attrib.ssl.enabled</name> - <value>false</value> - <description>true/false, set to true if using SSL</description> - </property> - - <property> - <name>ranger.service.https.attrib.clientAuth</name> - <value>want</value> - <description>Needs to be set to want for two way SSL</description> - </property> - - <property> - <name>ranger.service.https.attrib.keystore.keyalias</name> - <value>rangeradmin</value> - <description>Alias for Ranger Admin key in keystore</description> - </property> - - <property> - <name>ranger.service.https.attrib.keystore.pass</name> - <value>xasecure</value> - <property-type>PASSWORD</property-type> - <description>Password for keystore</description> - </property> - - <property> - <name>ranger.https.attrib.keystore.file</name> - <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> - <description>Ranger admin keystore (specify full path)</description> - </property> - - <property> - <name>ranger.externalurl</name> - <value>{{ranger_external_url}}</value> - <description>URL to be used by clients to access ranger admin</description> - <display-name>External URL</display-name> - <value-attributes> - <visible>false</visible> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.jpa.jdbc.driver</name> - <value>com.mysql.jdbc.Driver</value> - <description>JDBC driver class name. Example: For Mysql: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description> - <display-name>Driver class name for a JDBC Ranger database</display-name> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - </depends-on> - </property> - - <property> - <name>ranger.jpa.jdbc.url</name> - <display-name>JDBC connect string</display-name> - <value>jdbc:mysql://localhost</value> - <description>JDBC connect string - auto populated based on other values</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - <property> - <type>admin-properties</type> - <name>db_host</name> - </property> - <property> - <type>admin-properties</type> - <name>db_name</name> - </property> - </depends-on> - </property> - - <property> - <name>ranger.jpa.jdbc.user</name> - <value>{{ranger_db_user}}</value> - <description>JDBC user</description> - </property> - - <property> - <name>ranger.jpa.jdbc.password</name> - <value>_</value> - <property-type>PASSWORD</property-type> - <description>JDBC password</description> - </property> - - <property> - <name>ranger.jpa.jdbc.credential.alias</name> - <value>rangeradmin</value> - <description>Alias name for storing JDBC password</description> - </property> - - <property> - <name>ranger.credential.provider.path</name> - <value>/etc/ranger/admin/rangeradmin.jceks</value> - <description>File for credential store, provide full file path</description> - </property> - - <property> - <name>ranger.audit.source.type</name> - <value>db</value> - <description>db or solr, based on the audit destination used</description> - </property> - - <!-- As currently not going to support Solr auditing, so commenting these properties. - <property> - <name>ranger.audit.solr.urls</name> - <value></value> - <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description> - </property> - --> - - <property> - <name>ranger.authentication.method</name> - <value>UNIX</value> - <description>Ranger admin Authentication - UNIX/LDAP/AD/NONE</description> - <display-name>Authentication method</display-name> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>ranger-ugsync-site</type> - <name>ranger.usersync.source.impl.class</name> - </property> - </depends-on> - </property> - - <property> - <name>ranger.ldap.url</name> - <display-name>âLDAP URL</display-name> - <value>{{ranger_ug_ldap_url}}</value> - <description>LDAP Server URL, only used if Authentication method is LDAP</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.user.dnpattern</name> - <value>uid={0},ou=users,dc=xasecure,dc=net</value> - <description>LDAP user DN, only used if Authentication method is LDAP</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.group.searchbase</name> - <display-name>Group Search Base</display-name> - <value>{{ranger_ug_ldap_group_searchbase}}</value> - <description>LDAP group searchbase, only used if Authentication method is LDAP</description> - </property> - - <property> - <name>ranger.ldap.group.searchfilter</name> - <display-name>Group Search Filter</display-name> - <value>{{ranger_ug_ldap_group_searchfilter}}</value> - <description>LDAP group search filter, only used if Authentication method is LDAP</description> - </property> - - <property> - <name>ranger.ldap.user.searchfilter</name> - <display-name>User Search Filter</display-name> - <value>{{ranger_ug_ldap_user_searchfilter}}</value> - <description>Search filter used for Bind Authentication</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.group.roleattribute</name> - <value>cn</value> - <description>LDAP group role attribute, only used if Authentication method is LDAP</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.base.dn</name> - <value>dc=example,dc=com</value> - <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.bind.dn</name> - <display-name>Bind User</display-name> - <value>{{ranger_ug_ldap_bind_dn}}</value> - <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.bind.password</name> - <display-name>âBind User Password</display-name> - <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> - <property-type>PASSWORD</property-type> - <description>Password for the account that can search for users</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.referral</name> - <value>ignore</value> - <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.domain</name> - <value>localhost</value> - <display-name>Domain Name (Only for AD)</display-name> - <description>AD domain, only used if Authentication method is AD</description> - <description></description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.url</name> - <value>{{ranger_ug_ldap_url}}</value> - <description>AD URL, only used if Authentication method is AD</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.base.dn</name> - <value>dc=example,dc=com</value> - <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.bind.dn</name> - <value>{{ranger_ug_ldap_bind_dn}}</value> - <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.bind.password</name> - <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> - <property-type>PASSWORD</property-type> - <description>Password for the account that can search for users</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.user.searchfilter</name> - <value>{{ranger_ug_ldap_user_searchfilter}}</value> - <description>Search filter used for Bind Authentication</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.ldap.ad.referral</name> - <value>ignore</value> - <description>"Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed"</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.jpa.audit.jdbc.driver</name> - <value>{{ranger_jdbc_driver}}</value> - <description>JDBC driver class name - for audit DB</description> - </property> - - <property> - <name>ranger.jpa.audit.jdbc.url</name> - <value>{{audit_jdbc_url}}</value> - <description>JDBC connect string - auto populated based on other values</description> - </property> - - <property> - <name>ranger.jpa.audit.jdbc.user</name> - <value>{{ranger_audit_db_user}}</value> - <description>JDBC user - audit</description> - </property> - - <property> - <name>ranger.jpa.audit.jdbc.password</name> - <value>_</value> - <property-type>PASSWORD</property-type> - <description>JDBC password - audit</description> - </property> - - <property> - <name>ranger.jpa.audit.jdbc.credential.alias</name> - <value>rangeraudit</value> - <description>Alias name for storing JDBC password - for audit user</description> - </property> - - <property> - <name>ranger.unixauth.remote.login.enabled</name> - <value>true</value> - <description>Remote login enabled? - only used if Authentication method is UNIX</description> - <display-name>Allow remote Login</display-name> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger.unixauth.service.hostname</name> - <value>{{ugsync_host}}</value> - <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.unixauth.service.port</name> - <value>5151</value> - <description>Port for unix authentication service - only used if Authentication method is UNIX</description> - <value-attributes> - <type>int</type> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger.jpa.jdbc.dialect</name> - <value>{{jdbc_dialect}}</value> - <description>JDBC dialect used for policy DB</description> - </property> - - <property> - <name>ranger.jpa.audit.jdbc.dialect</name> - <value>{{jdbc_dialect}}</value> - <description>JDBC dialect used for audit DB</description> - </property> - <!-- As currently not going to support Solr auditing, so commenting these properties. - <property> - <name>ranger.audit.solr.zookeepers</name> - <value>NONE</value> - <description>Solr Zookeeper string</description> - <depends-on> - <property> - <type>zoo.cfg</type> - <name>clientPort</name> - </property> - <property> - <type>ranger-env</type> - <name>is_solrCloud_enabled</name> - </property> - </depends-on> - </property> - - <property> - <name>ranger.audit.solr.username</name> - <value>ranger_solr</value> - <description>Solr username</description> - </property> - - <property> - <name>ranger.audit.solr.password</name> - <value>NONE</value> - <property-type>PASSWORD</property-type> - <description>Solr password</description> - </property> - --> - - <property> - <name>ranger.sso.providerurl</name> - <value></value> - <display-name>SSO provider url</display-name> - <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.sso.publicKey</name> - <value></value> - <display-name>SSO public key</display-name> - <description>Public key for SSO cookie verification</description> - <value-attributes> - <type>multiLine</type> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.sso.cookiename</name> - <value>hadoop-jwt</value> - <display-name>SSO cookiename</display-name> - <description>Parameter name for SSO cookie</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.sso.enabled</name> - <value>false</value> - <display-name>Enable Ranger SSO</display-name> - <description></description> - </property> - - <property> - <name>ranger.sso.query.param.originalurl</name> - <value>originalUrl</value> - <display-name>SSO query param originalurl</display-name> - <description>Query name for appending original url in SSO url</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.sso.browser.useragent</name> - <value>Mozilla,chrome</value> - <display-name>SSO browser useragent</display-name> - <description>Comma seperated browser agent</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml deleted file mode 100644 index d81fac9..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml +++ /dev/null @@ -1,438 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_final="true"> - - <property> - <name>ranger_user</name> - <display-name>Ranger User</display-name> - <value>ranger</value> - <property-type>USER</property-type> - <description>Ranger username</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger_group</name> - <display-name>Ranger Group</display-name> - <value>ranger</value> - <property-type>GROUP</property-type> - <description>Ranger group</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>ranger_admin_log_dir</name> - <value>/var/log/ranger/admin</value> - <description></description> - </property> - - <property> - <name>ranger_usersync_log_dir</name> - <value>/var/log/ranger/usersync</value> - <description></description> - </property> - - <property> - <name>ranger_admin_username</name> - <value>amb_ranger_admin</value> - <property-type>TEXT</property-type> - <display-name>Ranger Admin username for Ambari</display-name> - <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description> - </property> - - <property> - <name>ranger_admin_password</name> - <display-name>Ranger Admin user's password for Ambari</display-name> - <value></value> - <property-type>PASSWORD</property-type> - <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - </property> - - <property> - <name>admin_username</name> - <value>admin</value> - <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description> - </property> - - <property> - <name>admin_password</name> - <value>admin</value> - <property-type>PASSWORD</property-type> - <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description> - </property> - - <property> - <name>ranger_pid_dir</name> - <value>/var/run/ranger</value> - <description></description> - </property> - - <property> - <name>ranger-hdfs-plugin-enabled</name> - <value>No</value> - <display-name>HDFS Ranger Plugin</display-name> - <description>Enable HDFS Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger-yarn-plugin-enabled</name> - <value>No</value> - <display-name>YARN Ranger Plugin</display-name> - <description>Enable YARN Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger-hive-plugin-enabled</name> - <value>No</value> - <display-name>Hive Ranger Plugin</display-name> - <description>Enable Hive Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger-hbase-plugin-enabled</name> - <value>No</value> - <display-name>Hbase Ranger Plugin</display-name> - <description>Enable HBase Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger-knox-plugin-enabled</name> - <value>No</value> - <display-name>Knox Ranger Plugin</display-name> - <description>Enable Knox Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <!-- commented the Kafka and Storm plugins as they are not supported - <property> - <name>ranger-storm-plugin-enabled</name> - <value>No</value> - <display-name>Storm Ranger Plugin</display-name> - <description>Enable Storm Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger-kafka-plugin-enabled</name> - <value>No</value> - <display-name>Kafka Ranger Plugin</display-name> - <description>Enable Kafka Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - --> - - <property> - <name>bind_anonymous</name> - <display-name>Bind Anonymous</display-name> - <value>false</value> - <value-attributes> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>xasecure.audit.destination.hdfs</name> - <value>true</value> - <display-name>Audit to HDFS</display-name> - <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>xasecure.audit.destination.hdfs.dir</name> - <value>hdfs://localhost:8020</value> - <display-name>Destination HDFS Directory</display-name> - <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description> - <depends-on> - <property> - <type>core-site</type> - <name>fs.defaultFS</name> - </property> - </depends-on> - </property> - - <property> - <name>xasecure.audit.destination.db</name> - <value>true</value> - <display-name>Audit to DB</display-name> - <description>Enable Audit to DB for all ranger supported services. This property is overridable at service level</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <!-- Removing auditing to Solr - <property> - <name>xasecure.audit.destination.solr</name> - <value>true</value> - <display-name>Audit to Solr</display-name> - <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>is_solrCloud_enabled</name> - <display-name>SolrCloud</display-name> - <description>SolrCloud uses zookeeper for distributed search and indexing</description> - <value>false</value> - <value-attributes> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - --> - - <!-- - <property> - <name>oracle_home</name> - <deleted>true</deleted> - </property> - --> - - <property> - <name>xml_configurations_supported</name> - <value>true</value> - <description></description> - </property> - - <property> - <name>ranger_pid_dir</name> - <value>/var/run/ranger</value> - <description></description> - </property> - - <property> - <name>create_db_dbuser</name> - <display-name>Setup Database and Database User</display-name> - <value>true</value> - <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description> - <value-attributes> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger_privelege_user_jdbc_url</name> - <display-name>JDBC connect string for root user</display-name> - <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description> - <value>jdbc:mysql://localhost</value> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - <property> - <type>admin-properties</type> - <name>db_host</name> - </property> - </depends-on> - </property> - -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml deleted file mode 100644 index f9e7331..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml +++ /dev/null @@ -1,69 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<!-- All the properties under this file deleted in HDP 2.3 and new file ranger-admin-site - - is created. So this file can be deleted. However keeping this file just to be - - consistent with HDP. - - For some reason the deleted property does not work and the properties - show up on ambari ranger configuration UI. - Work around is commenting out the properties for now. ---> -<configuration supports_final="false" supports_do_not_extend="true"> - - <!-- - <property> - <name>http.service.port</name> - <deleted>true</deleted> - </property> - - <property> - <name>https.service.port</name> - <deleted>true</deleted> - </property> - - <property> - <name>https.attrib.keystoreFile</name> - <deleted>true</deleted> - </property> - - <property> - <name>https.attrib.keystorePass</name> - <deleted>true</deleted> - </property> - - <property> - <name>https.attrib.keyAlias</name> - <deleted>true</deleted> - </property> - - <property> - <name>https.attrib.clientAuth</name> - <deleted>true</deleted> - </property> - - <property> - <name>http.enabled</name> - <deleted>true</deleted> - </property> - --> - -</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml deleted file mode 100644 index fe38e4b..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml +++ /dev/null @@ -1,450 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - -<configuration supports_final="true"> - - <property> - <name>ranger.usersync.port</name> - <value>5151</value> - <description>Port for unix authentication service, run within usersync</description> - </property> - - <property> - <name>ranger.usersync.ssl</name> - <value>true</value> - <description>SSL enabled? (ranger admin -> usersync communication)</description> - </property> - - <property> - <name>ranger.usersync.keystore.file</name> - <value>/usr/iop/current/ranger-usersync/conf/unixauthservice.jks</value> - <description>Keystore file used for usersync</description> - </property> - - <property> - <name>ranger.usersync.keystore.password</name> - <value>UnIx529p</value> - <property-type>PASSWORD</property-type> - <description>Keystore password</description> - </property> - - <property> - <name>ranger.usersync.truststore.file</name> - <value>/usr/iop/current/ranger-usersync/conf/mytruststore.jks</value> - <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description> - </property> - - <property> - <name>ranger.usersync.truststore.password</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <description>Truststore password</description> - </property> - - <property> - <name>ranger.usersync.passwordvalidator.path</name> - <value>./native/credValidator.uexe</value> - <description>Native program for password validation</description> - </property> - - <property> - <name>ranger.usersync.enabled</name> - <display-name>Enable User Sync</display-name> - <value>true</value> - <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.sink.impl.class</name> - <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value> - <description>Class to be used as sink (to sync users into ranger admin)</description> - </property> - - <property> - <name>ranger.usersync.policymanager.baseURL</name> - <value>{{ranger_external_url}}</value> - <description>URL to be used by clients to access ranger admin, use FQDN</description> - </property> - - <property> - <name>ranger.usersync.policymanager.maxrecordsperapicall</name> - <value>1000</value> - <description>How many records to be returned per API call</description> - </property> - - <property> - <name>ranger.usersync.policymanager.mockrun</name> - <value>false</value> - <description>Is user sync doing mock run?</description> - </property> - - <property> - <name>ranger.usersync.unix.minUserId</name> - <display-name>Minimum User ID</display-name> - <value>500</value> - <description>Only sync users above this user id (applicable for UNIX)</description> - </property> - - <property> - <name>ranger.usersync.unix.group.file</name> - <display-name>Group File</display-name> - <value>/etc/group</value> - <description>Location of the groups file on the linux server</description> - </property> - - <property> - <name>ranger.usersync.unix.password.file</name> - <display-name>Password File</display-name> - <value>/etc/passwd</value> - <description>Location of the password file on the linux server</description> - </property> - - <property> - <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name> - <value>60000</value> - <description>Sleeptime interval in milliseconds, if < 1000 then default to 30 sec</description> - </property> - - <property> - <name>ranger.usersync.source.impl.class</name> - <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value> - <display-name>Sync Source</display-name> - <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description> - <value-attributes> - <type>value-list</type> - <empty-value-valid>true</empty-value-valid> - <overridable>false</overridable> - <entries> - <entry> - <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value> - <label>UNIX</label> - </entry> - <entry> - <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value> - <label>FILE</label> - </entry> - <entry> - <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value> - <label>LDAP/AD</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.filesource.file</name> - <display-name>File Name</display-name> - <value>/tmp/usergroup.txt</value> - <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description> - </property> - - <property> - <name>ranger.usersync.filesource.text.delimiter</name> - <display-name>Delimiter</display-name> - <value>,</value> - <description>Delimiter used in file, if File based user sync is used</description> - </property> - - <property> - <name>ranger.usersync.ldap.url</name> - <display-name>LDAP/AD URL</display-name> - <value>ldap://localhost:389</value> - <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description> - </property> - - <property> - <name>ranger.usersync.ldap.binddn</name> - <display-name>âBind User</display-name> - <value>cn=admin,dc=xasecure,dc=net</value> - <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description> - </property> - - <property> - <name>ranger.usersync.ldap.ldapbindpassword</name> - <display-name>Bind User Password</display-name> - <value></value> - <property-type>PASSWORD</property-type> - <description>Password for the LDAP bind user used for searching users.</description> - </property> - - <property> - <name>ranger.usersync.ldap.bindalias</name> - <value>testldapalias</value> - <description>Set as ranger.usersync.ldap.bindalias (string as is)</description> - </property> - - <property> - <name>ranger.usersync.ldap.bindkeystore</name> - <value></value> - <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.ldap.searchBase</name> - <value>dc=hadoop,dc=apache,dc=org</value> - <description>"# search base for users and groups -# sample value would be dc=hadoop,dc=apache,dc=org" - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.ldap.user.searchbase</name> - <display-name>User Search Base</display-name> - <value>ou=users,dc=xasecure,dc=net</value> - <description>"# search base for users -# sample value would be ou=users,dc=hadoop,dc=apache,dc=org -# overrides value specified in ranger.usersync.ldap.searchBase" - </description> - </property> - - <property> - <name>ranger.usersync.ldap.user.searchscope</name> - <display-name>User Search Scope</display-name> - <value>sub</value> - <description>"# search scope for the users, only base, one and sub are supported values -# please customize the value to suit your deployment -# default value: sub" - </description> - </property> - - <property> - <name>ranger.usersync.ldap.user.objectclass</name> - <display-name>User Object Classâ</display-name> - <value>person</value> - <description>LDAP User Object Class. Example: person or user</description> - </property> - - <property> - <name>ranger.usersync.ldap.user.searchfilter</name> - <display-name>âUser Search Filter</display-name> - <value></value> - <description>"optional additional filter constraining the users selected for syncing -# a sample value would be (dept=eng) -# please customize the value to suit your deployment -# default value is empty" - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.ldap.user.nameattribute</name> - <display-name>Username Attribute</display-name> - <value></value> - <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description> - </property> - - <property> - <name>ranger.usersync.ldap.referral</name> - <value>ignore</value> - <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.ldap.user.groupnameattribute</name> - <display-name>User Group Name Attribute</display-name> - <value>memberof, ismemberof</value> - <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description> - </property> - - <property> - <name>ranger.usersync.ldap.username.caseconversion</name> - <value>lower</value> - <description>User name case conversion</description> - </property> - - <property> - <name>ranger.usersync.ldap.groupname.caseconversion</name> - <value>lower</value> - <description>Group name case conversion</description> - </property> - - <property> - <name>ranger.usersync.logdir</name> - <value>/var/log/ranger/usersync</value> - <description>User sync log directory</description> - </property> - - <property> - <name>ranger.usersync.group.searchenabled</name> - <display-name>Enable Group Sync</display-name> - <value>false</value> - <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes -# valid values: true, false -# any value other than true would be treated as false -# default value: false" - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.group.usermapsyncenabled</name> - <value>true</value> - <display-name>Group User Map Sync</display-name> - <description>Sync specific groups for users?</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.group.searchbase</name> - <display-name>Group Search Base</display-name> - <value> </value> - <description>"# search base for groups -# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org -# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase -# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase -# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase" - </description> - </property> - - <property> - <name>ranger.usersync.group.searchscope</name> - <value> </value> - <description>"# search scope for the groups, only base, one and sub are supported values -# please customize the value to suit your deployment -# default value: sub" - </description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.group.objectclass</name> - <display-name>Group Object Class</display-name> - <value> </value> - <description>LDAP Group object class. Example: group</description> - </property> - - <property> - <name>ranger.usersync.group.searchfilter</name> - <value> </value> - <display-name>Group Search Filter</display-name> - <description>"# optional additional filter constraining the groups selected for syncing -# a sample value would be (dept=eng) -# please customize the value to suit your deployment -# default value is empty" - </description> - </property> - - <property> - <name>ranger.usersync.group.nameattribute</name> - <display-name>Group Name Attribute</display-name> - <value> </value> - <description>LDAP group name attribute. Example: cn</description> - </property> - - <property> - <name>ranger.usersync.group.memberattributename</name> - <display-name>Group Member Attribute</display-name> - <value> </value> - <description>LDAP group member attribute name. Example: member</description> - </property> - - <property> - <name>ranger.usersync.pagedresultsenabled</name> - <value>true</value> - <description>Results can be paged?</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - </property> - - <property> - <name>ranger.usersync.pagedresultssize</name> - <value>500</value> - <description>Page size</description> - </property> - - <property> - <name>ranger.usersync.credstore.filename</name> - <value>/usr/iop/current/ranger-usersync/conf/ugsync.jceks</value> - <description>Credential store file name for user sync, specify full path</description> - </property> - -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml deleted file mode 100644 index 5aa0698..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml +++ /dev/null @@ -1,109 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<!-- All the properties under this file deleted in HDP 2.3 and new file ranger-admin-site - - is created. So this file can be deleted. However keeping this file just to be - - consistant with HDP. - - For some reason the deleted property does not work and the properties - show up on ambari ranger configuration UI. - Work around is commenting out the properties for now. ---> - -<configuration supports_final="false" supports_do_not_extend="true"> -<!-- - <property> - <name>SYNC_SOURCE</name> - <deleted>true</deleted> - </property> - <property> - <name>MIN_UNIX_USER_ID_TO_SYNC</name> - <deleted>true</deleted> - </property> - <property> - <name>POLICY_MGR_URL</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_INTERVAL</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_URL</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_BIND_DN</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_BIND_PASSWORD</name> - <deleted>true</deleted> - </property> - <property> - <name>CRED_KEYSTORE_FILENAME</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USER_SEARCH_BASE</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USER_SEARCH_SCOPE</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USER_OBJECT_CLASS</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USER_SEARCH_FILTER</name> - <display-name>âUser Search Filter</display-name> - <value></value> - <description>default value is empty</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USER_NAME_ATTRIBUTE</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_USERNAME_CASE_CONVERSION</name> - <deleted>true</deleted> - </property> - <property> - <name>SYNC_LDAP_GROUPNAME_CASE_CONVERSION</name> - <deleted>true</deleted> - </property> - <property> - <name>logdir</name> - <deleted>true</deleted> - </property> ---> - -</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml deleted file mode 100644 index 23669b6..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml +++ /dev/null @@ -1,107 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<metainfo> - <schemaVersion>2.0</schemaVersion> - <services> - <service> - <name>RANGER</name> - <displayName>Ranger</displayName> - <comment>Comprehensive security for Hadoop</comment> - <version>0.5.2</version> - <components> - - <component> - <name>RANGER_ADMIN</name> - <displayName>Ranger Admin</displayName> - <category>MASTER</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/ranger_admin.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - </component> - - <component> - <name>RANGER_USERSYNC</name> - <displayName>Ranger Usersync</displayName> - <category>MASTER</category> - <cardinality>1</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/ranger_usersync.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - </component> - - </components> - - <osSpecifics> - <osSpecific> - <osFamily>redhat7,redhat6,suse11</osFamily> - <packages> - <package> - <name>ranger_4_2_*-admin*</name> - </package> - <package> - <name>ranger_4_2_*-usersync*</name> - </package> - </packages> - </osSpecific> - <osSpecific> - <osFamily>debian7,ubuntu12,ubuntu14</osFamily> - <packages> - <package> - <name>ranger_4_2_*-admin*</name> - </package> - <package> - <name>ranger_4_2_*-usersync*</name> - </package> - </packages> - </osSpecific> - </osSpecifics> - - <configuration-dependencies> - <config-type>admin-properties</config-type> - <config-type>ranger-site</config-type> - <config-type>usersync-properties</config-type> - <config-type>ranger-admin-site</config-type> - <config-type>ranger-ugsync-site</config-type> - </configuration-dependencies> - - <commandScript> - <script>scripts/service_check.py</script> - <scriptType>PYTHON</scriptType> - <timeout>300</timeout> - </commandScript> - - <themes> - <theme> - <fileName>theme.json</fileName> - <default>true</default> - </theme> - </themes> - - </service> - </services> -</metainfo> http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml~ ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml~ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml~ deleted file mode 100644 index 5845ce8..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/metainfo.xml~ +++ /dev/null @@ -1,100 +0,0 @@ -<?xml version="1.0"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<metainfo> - <schemaVersion>2.0</schemaVersion> - <services> - <service> - <name>RANGER</name> - <displayName>Ranger</displayName> - <comment>Comprehensive security for Hadoop</comment> - <version>0.5.2.4.2</version> - <components> - - <component> - <name>RANGER_ADMIN</name> - <displayName>Ranger Admin</displayName> - <category>MASTER</category> - <cardinality>1+</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/ranger_admin.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - </component> - - <component> - <name>RANGER_USERSYNC</name> - <displayName>Ranger Usersync</displayName> - <category>MASTER</category> - <cardinality>1</cardinality> - <versionAdvertised>true</versionAdvertised> - <commandScript> - <script>scripts/ranger_usersync.py</script> - <scriptType>PYTHON</scriptType> - <timeout>600</timeout> - </commandScript> - </component> - - </components> - - <osSpecifics> - <osSpecific> - <osFamily>redhat7,redhat6,suse11</osFamily> - <packages> - <package> - <name>ranger_4_2_*-admin*</name> - </package> - <package> - <name>ranger_4_2_*-usersync*</name> - </package> - </packages> - </osSpecific> - <osSpecific> - <osFamily>debian7,ubuntu12,ubuntu14</osFamily> - <packages> - <package> - <name>ranger_4_2_*-admin*</name> - </package> - <package> - <name>ranger_4_2_*-usersync*</name> - </package> - </packages> - </osSpecific> - </osSpecifics> - - <configuration-dependencies> - <config-type>admin-properties</config-type> - <config-type>ranger-site</config-type> - <config-type>usersync-properties</config-type> - <config-type>ranger-admin-site</config-type> - <config-type>ranger-ugsync-site</config-type> - </configuration-dependencies> - - <commandScript> - <script>scripts/service_check.py</script> - <scriptType>PYTHON</scriptType> - <timeout>300</timeout> - </commandScript> - - </service> - </services> -</metainfo> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/44e21f8e/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/alerts/alert_ranger_admin_passwd_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/alerts/alert_ranger_admin_passwd_check.py b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/alerts/alert_ranger_admin_passwd_check.py deleted file mode 100644 index ad95980..0000000 --- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/alerts/alert_ranger_admin_passwd_check.py +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/env python - -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -""" - -import base64 -import urllib2 -import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set. -import logging -from resource_management.core.environment import Environment - -logger = logging.getLogger() -RANGER_ADMIN_URL = '{{admin-properties/policymgr_external_url}}' -ADMIN_USERNAME = '{{ranger-env/admin_username}}' -ADMIN_PASSWORD = '{{ranger-env/admin_password}}' -RANGER_ADMIN_USERNAME = '{{ranger-env/ranger_admin_username}}' -RANGER_ADMIN_PASSWORD = '{{ranger-env/ranger_admin_password}}' - -def get_tokens(): - """ - Returns a tuple of tokens in the format {{site/property}} that will be used - to build the dictionary passed into execute - - :return tuple - """ - return (RANGER_ADMIN_URL, ADMIN_USERNAME, ADMIN_PASSWORD, RANGER_ADMIN_USERNAME, RANGER_ADMIN_PASSWORD) - - -def execute(configurations={}, parameters={}, host_name=None): - """ - Returns a tuple containing the result code and a pre-formatted result label - - Keyword arguments: - configurations (dictionary): a mapping of configuration key to value - parameters (dictionary): a mapping of script parameter key to value - host_name (string): the name of this host where the alert is running - """ - - if configurations is None: - return (('UNKNOWN', ['There were no configurations supplied to the script.'])) - - ranger_link = None - ranger_auth_link = None - ranger_get_user = None - admin_username = None - admin_password = None - ranger_admin_username = None - ranger_admin_password = None - - if RANGER_ADMIN_URL in configurations: - ranger_link = configurations[RANGER_ADMIN_URL] - if ranger_link.endswith('/'): - ranger_link = ranger_link[:-1] - ranger_auth_link = '{0}/{1}'.format(ranger_link, 'service/public/api/repository/count') - ranger_get_user = '{0}/{1}'.format(ranger_link, 'service/xusers/users') - - if ADMIN_USERNAME in configurations: - admin_username = configurations[ADMIN_USERNAME] - - if ADMIN_PASSWORD in configurations: - admin_password = configurations[ADMIN_PASSWORD] - - if RANGER_ADMIN_USERNAME in configurations: - ranger_admin_username = configurations[RANGER_ADMIN_USERNAME] - - if RANGER_ADMIN_PASSWORD in configurations: - ranger_admin_password = configurations[RANGER_ADMIN_PASSWORD] - - label = None - result_code = 'OK' - - try: - admin_http_code = check_ranger_login(ranger_auth_link, admin_username, admin_password) - if admin_http_code == 200: - get_user_code = get_ranger_user(ranger_get_user, admin_username, admin_password, ranger_admin_username) - if get_user_code: - user_http_code = check_ranger_login(ranger_auth_link, ranger_admin_username, ranger_admin_password) - if user_http_code == 200: - result_code = 'OK' - label = 'Login Successful for users {0} and {1}'.format(admin_username, ranger_admin_username) - elif user_http_code == 401: - result_code = 'CRITICAL' - label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(ranger_admin_username) - else: - result_code = 'WARNING' - label = 'Ranger Admin service is not reachable, please restart the service' - else: - result_code = 'OK' - label = 'Login Successful for user: {0}. User:{1} user not yet synced with Ranger'.format(admin_username, ranger_admin_username) - elif admin_http_code == 401: - result_code = 'CRITICAL' - label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(admin_username) - else: - result_code = 'WARNING' - label = 'Ranger Admin service is not reachable, please restart the service' - - except Exception, e: - label = str(e) - result_code = 'UNKNOWN' - logger.exception(label) - - return ((result_code, [label])) - -def check_ranger_login(ranger_auth_link, username, password): - """ - params ranger_auth_link: ranger login url - params username: user credentials - params password: user credentials - - return response code - """ - try: - usernamepassword = '{0}:{1}'.format(username, password) - base_64_string = base64.encodestring(usernamepassword).replace('\n', '') - request = urllib2.Request(ranger_auth_link) - request.add_header("Content-Type", "application/json") - request.add_header("Accept", "application/json") - request.add_header("Authorization", "Basic {0}".format(base_64_string)) - result = urllib2.urlopen(request, timeout=20) - response_code = result.getcode() - if response_code == 200: - response = json.loads(result.read()) - return response_code - except urllib2.HTTPError, e: - logger.exception("Error during Ranger service authentication. Http status code - {0}. {1}".format(e.code, e.read())) - return e.code - except urllib2.URLError, e: - logger.exception("Error during Ranger service authentication. {0}".format(e.reason)) - return None - except Exception, e: - return 401 - -def get_ranger_user(ranger_get_user, username, password, user): - """ - params ranger_get_user: ranger get user url - params username: user credentials - params password: user credentials - params user: user to be search - return Boolean if user exist or not - """ - try: - url = '{0}?name={1}'.format(ranger_get_user, user) - usernamepassword = '{0}:{1}'.format(username, password) - base_64_string = base64.encodestring(usernamepassword).replace('\n', '') - request = urllib2.Request(url) - request.add_header("Content-Type", "application/json") - request.add_header("Accept", "application/json") - request.add_header("Authorization", "Basic {0}".format(base_64_string)) - result = urllib2.urlopen(request, timeout=20) - response_code = result.getcode() - response = json.loads(result.read()) - if response_code == 200 and len(response['vXUsers']) > 0: - for xuser in response['vXUsers']: - if xuser['name'] == user: - return True - else: - return False - except urllib2.HTTPError, e: - logger.exception("Error getting user from Ranger service. Http status code - {0}. {1}".format(e.code, e.read())) - return False - except urllib2.URLError, e: - logger.exception("Error getting user from Ranger service. {0}".format(e.reason)) - return False - except Exception, e: - return False
