http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py index f108622..0014b7c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py @@ -507,14 +507,6 @@ class HDP22StackAdvisor(HDP21StackAdvisor): if webhcat_queue is not None: putWebhcatSiteProperty("templeton.hadoop.queue.name", webhcat_queue) - - # Recommend Ranger Hive authorization as per Ranger Hive plugin property - if "ranger-env" in services["configurations"] and "hive-env" in services["configurations"] and \ - "ranger-hive-plugin-enabled" in services["configurations"]["ranger-env"]["properties"]: - rangerEnvHivePluginProperty = services["configurations"]["ranger-env"]["properties"]["ranger-hive-plugin-enabled"] - if (rangerEnvHivePluginProperty.lower() == "yes"): - putHiveEnvProperty("hive_security_authorization", "RANGER") - # Security if ("configurations" not in services) or ("hive-env" not in services["configurations"]) or \ ("properties" not in services["configurations"]["hive-env"]) or \ @@ -1233,9 +1225,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor): def validateHDFSRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): validationItems = [] + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] ranger_plugin_properties = getSiteProperties(configurations, "ranger-hdfs-plugin-properties") ranger_plugin_enabled = ranger_plugin_properties['ranger-hdfs-plugin-enabled'] if ranger_plugin_properties else 'No' - if (ranger_plugin_enabled.lower() == 'yes'): + if 'RANGER' in servicesList and (ranger_plugin_enabled.lower() == 'yes'): # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') if not ranger_env or not 'ranger-hdfs-plugin-enabled' in ranger_env or \ @@ -1465,6 +1458,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): validationItems = [] hive_env = properties hive_site = getSiteProperties(configurations, "hive-site") + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] if "hive_security_authorization" in hive_env and \ str(hive_env["hive_security_authorization"]).lower() == "none" \ and str(hive_site["hive.security.authorization.enabled"]).lower() == "true": @@ -1474,12 +1468,13 @@ class HDP22StackAdvisor(HDP21StackAdvisor): if "hive_security_authorization" in hive_env and \ str(hive_env["hive_security_authorization"]).lower() == "ranger": # ranger-hive-plugin must be enabled in ranger-env - ranger_env = getServicesSiteProperties(services, 'ranger-env') - if not ranger_env or not 'ranger-hive-plugin-enabled' in ranger_env or \ - ranger_env['ranger-hive-plugin-enabled'].lower() != 'yes': - validationItems.append({"config-name": 'hive_security_authorization', - "item": self.getWarnItem( - "ranger-env/ranger-hive-plugin-enabled must be enabled when hive_security_authorization is set to Ranger")}) + if 'RANGER' in servicesList: + ranger_env = getServicesSiteProperties(services, 'ranger-env') + if not ranger_env or not 'ranger-hive-plugin-enabled' in ranger_env or \ + ranger_env['ranger-hive-plugin-enabled'].lower() != 'yes': + validationItems.append({"config-name": 'hive_security_authorization', + "item": self.getWarnItem( + "ranger-env/ranger-hive-plugin-enabled must be enabled when hive_security_authorization is set to Ranger")}) return self.toConfigurationValidationProblems(validationItems, "hive-env") def validateHiveConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): @@ -1633,9 +1628,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor): def validateHBASERangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): validationItems = [] + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] ranger_plugin_properties = getSiteProperties(configurations, "ranger-hbase-plugin-properties") ranger_plugin_enabled = ranger_plugin_properties['ranger-hbase-plugin-enabled'] if ranger_plugin_properties else 'No' - if ranger_plugin_enabled.lower() == 'yes': + if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') if not ranger_env or not 'ranger-hbase-plugin-enabled' in ranger_env or \ @@ -1647,9 +1643,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor): def validateKnoxRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): validationItems = [] + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] ranger_plugin_properties = getSiteProperties(configurations, "ranger-knox-plugin-properties") ranger_plugin_enabled = ranger_plugin_properties['ranger-knox-plugin-enabled'] if ranger_plugin_properties else 'No' - if ranger_plugin_enabled.lower() == 'yes': + if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') if not ranger_env or not 'ranger-knox-plugin-enabled' in ranger_env or \ @@ -1665,7 +1662,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): ranger_plugin_enabled = ranger_plugin_properties['ranger-kafka-plugin-enabled'] if ranger_plugin_properties else 'No' servicesList = [service["StackServices"]["service_name"] for service in services["services"]] security_enabled = self.isSecurityEnabled(services) - if ranger_plugin_enabled.lower() == 'yes': + if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') if not ranger_env or not 'ranger-kafka-plugin-enabled' in ranger_env or \ @@ -1686,7 +1683,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): ranger_plugin_enabled = ranger_plugin_properties['ranger-storm-plugin-enabled'] if ranger_plugin_properties else 'No' servicesList = [service["StackServices"]["service_name"] for service in services["services"]] security_enabled = self.isSecurityEnabled(services) - if ranger_plugin_enabled.lower() == 'yes': + if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') if not ranger_env or not 'ranger-storm-plugin-enabled' in ranger_env or \ @@ -1719,9 +1716,10 @@ class HDP22StackAdvisor(HDP21StackAdvisor): def validateYARNRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): validationItems = [] + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] ranger_plugin_properties = getSiteProperties(configurations, "ranger-yarn-plugin-properties") ranger_plugin_enabled = ranger_plugin_properties['ranger-yarn-plugin-enabled'] if ranger_plugin_properties else 'No' - if ranger_plugin_enabled.lower() == 'yes': + if 'RANGER' in servicesList and ranger_plugin_enabled.lower() == 'yes': # ranger-hdfs-plugin must be enabled in ranger-env ranger_env = getServicesSiteProperties(services, 'ranger-env') if not ranger_env or not 'ranger-yarn-plugin-enabled' in ranger_env or \
http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml index 85c16c8..f670d7e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml @@ -23,7 +23,7 @@ <name>xasecure.audit.is.enabled</name> <value>true</value> <description>Is Audit enabled?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db</name> @@ -39,19 +39,19 @@ <name>xasecure.audit.destination.db</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> <description>Audit DB JDBC URL</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> <description>Audit DB JDBC User</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.password</name> @@ -61,25 +61,25 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> <description>Audit DB JDBC Driver</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> <description>Credential file store</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hbase/audit/db/spool</value> <description>/var/log/hbase/audit/db/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs</name> @@ -95,7 +95,7 @@ <name>xasecure.audit.destination.hdfs</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> @@ -107,13 +107,13 @@ <name>xasecure.audit.destination.hdfs.dir</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hbase/audit/hdfs/spool</value> <description>/var/log/hbase/audit/hdfs/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr</name> @@ -129,7 +129,7 @@ <name>xasecure.audit.destination.solr</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.urls</name> @@ -144,7 +144,7 @@ <name>ranger.audit.solr.urls</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> @@ -156,13 +156,13 @@ <name>ranger.audit.solr.zookeepers</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hbase/audit/solr/spool</value> <description>/var/log/hbase/audit/solr/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> @@ -172,6 +172,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml index c761b26..79370bc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml @@ -23,7 +23,7 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.password</name> @@ -33,13 +33,13 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/hbase-client/conf/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.password</name> @@ -49,18 +49,18 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml index 1deb9e5..0ad5e60 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml @@ -23,37 +23,43 @@ <name>ranger.plugin.hbase.service.name</name> <value>{{repo_name}}</value> <description>Name of the Ranger service containing HBase policies</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hbase.policy.source.impl</name> <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hbase.policy.rest.url</name> <value>{{policymgr_mgr_url}}</value> <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + <depends-on> + <property> + <type>admin-properties</type> + <name>policymgr_external_url</name> + </property> + </depends-on> </property> <property> <name>ranger.plugin.hbase.policy.rest.ssl.config.file</name> <value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hbase.policy.pollIntervalMs</name> <value>30000</value> <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hbase.policy.cache.dir</name> <value>/etc/ranger/{{repo_name}}/policycache</value> <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.hbase.update.xapolicies.on.grant.revoke</name> @@ -63,6 +69,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml index 71ba3a6..e14a9e8 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml @@ -23,7 +23,7 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.password</name> @@ -33,13 +33,13 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/hadoop-client/conf/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.password</name> @@ -49,18 +49,18 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml index cfd8a4f..b2b8edb 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml @@ -23,42 +23,48 @@ <name>ranger.plugin.hdfs.service.name</name> <value>{{repo_name}}</value> <description>Name of the Ranger service containing Hdfs policies</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hdfs.policy.source.impl</name> <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hdfs.policy.rest.url</name> <value>{{policymgr_mgr_url}}</value> <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + <depends-on> + <property> + <type>admin-properties</type> + <name>policymgr_external_url</name> + </property> + </depends-on> </property> <property> <name>ranger.plugin.hdfs.policy.rest.ssl.config.file</name> <value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hdfs.policy.pollIntervalMs</name> <value>30000</value> <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hdfs.policy.cache.dir</name> <value>/etc/ranger/{{repo_name}}/policycache</value> <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.add-hadoop-authorization</name> <value>true</value> <description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml index b210fca..874d0d5 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml @@ -23,7 +23,7 @@ <name>xasecure.audit.is.enabled</name> <value>true</value> <description>Is Audit enabled?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db</name> @@ -39,19 +39,19 @@ <name>xasecure.audit.destination.db</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> <description>Audit DB JDBC URL</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> <description>Audit DB JDBC User</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.password</name> @@ -61,25 +61,25 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> <description>Audit DB JDBC Driver</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> <description>Credential file store</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hive/audit/db/spool</value> <description>/var/log/hive/audit/db/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs</name> @@ -95,7 +95,7 @@ <name>xasecure.audit.destination.hdfs</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> @@ -107,13 +107,13 @@ <name>xasecure.audit.destination.hdfs.dir</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hive/audit/hdfs/spool</value> <description>/var/log/hive/audit/hdfs/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr</name> @@ -129,7 +129,7 @@ <name>xasecure.audit.destination.solr</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.urls</name> @@ -144,7 +144,7 @@ <name>ranger.audit.solr.urls</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> @@ -156,13 +156,13 @@ <name>ranger.audit.solr.zookeepers</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hive/audit/solr/spool</value> <description>/var/log/hive/audit/solr/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> @@ -172,6 +172,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml index a538843..14e7b16 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml @@ -23,7 +23,7 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/hive-server2/conf/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.password</name> @@ -33,13 +33,13 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/hive-server2/conf/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.password</name> @@ -49,18 +49,18 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml index ce4074a..a07972a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml @@ -23,37 +23,43 @@ <name>ranger.plugin.hive.service.name</name> <value>{{repo_name}}</value> <description>Name of the Ranger service containing policies for this HIVE instance</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hive.policy.source.impl</name> <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hive.policy.rest.url</name> <value>{{policymgr_mgr_url}}</value> <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + <depends-on> + <property> + <type>admin-properties</type> + <name>policymgr_external_url</name> + </property> + </depends-on> </property> <property> <name>ranger.plugin.hive.policy.rest.ssl.config.file</name> <value>/usr/hdp/current/hive-server2/conf/conf.server/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hive.policy.pollIntervalMs</name> <value>30000</value> <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.hive.policy.cache.dir</name> <value>/etc/ranger/{{repo_name}}/policycache</value> <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.hive.update.xapolicies.on.grant.revoke</name> @@ -63,6 +69,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml index 24fd407..2f4c121 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml @@ -23,12 +23,12 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/kafka-broker/config/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/kafka-broker/config/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml index 1f3c1d1..abdf2bd 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml @@ -23,7 +23,7 @@ <name>xasecure.audit.is.enabled</name> <value>true</value> <description>Is Audit enabled?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db</name> @@ -39,19 +39,19 @@ <name>xasecure.audit.destination.db</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> <description>Audit DB JDBC URL</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> <description>Audit DB JDBC User</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.password</name> @@ -61,25 +61,25 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> <description>Audit DB JDBC Driver</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> <description>Credential file store</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/knox/audit/db/spool</value> <description>/var/log/knox/audit/db/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs</name> @@ -95,7 +95,7 @@ <name>xasecure.audit.destination.hdfs</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> @@ -107,13 +107,13 @@ <name>xasecure.audit.destination.hdfs.dir</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/knox/audit/hdfs/spool</value> <description>/var/log/knox/audit/hdfs/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr</name> @@ -129,7 +129,7 @@ <name>xasecure.audit.destination.solr</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.urls</name> @@ -144,7 +144,7 @@ <name>ranger.audit.solr.urls</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> @@ -156,13 +156,13 @@ <name>ranger.audit.solr.zookeepers</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/knox/audit/solr/spool</value> <description>/var/log/knox/audit/solr/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> @@ -172,6 +172,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml index bb0878f..6cc2351 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml @@ -23,7 +23,7 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/knox-server/conf/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.password</name> @@ -33,13 +33,13 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/knox-server/conf/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.password</name> @@ -49,18 +49,18 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml index 9bd1079..0f0d3a7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml @@ -23,36 +23,42 @@ <name>ranger.plugin.knox.service.name</name> <value>{{repo_name}}</value> <description>Name of the Ranger service containing policies for this Knox instance</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.knox.policy.source.impl</name> <value>org.apache.ranger.admin.client.RangerAdminJersey2RESTClient</value> <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.knox.policy.rest.url</name> <value>{{policymgr_mgr_url}}</value> <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + <depends-on> + <property> + <type>admin-properties</type> + <name>policymgr_external_url</name> + </property> + </depends-on> </property> <property> <name>ranger.plugin.knox.policy.rest.ssl.config.file</name> <value>/usr/hdp/current/knox-server/conf/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.knox.policy.pollIntervalMs</name> <value>30000</value> <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.knox.policy.cache.dir</name> <value>/etc/ranger/{{repo_name}}/policycache</value> <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml index 5672f04..21658e7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml @@ -23,12 +23,12 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/storm-client/conf/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/storm-client/conf/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml index f3d7530..8a3dd2e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml @@ -23,6 +23,6 @@ <name>ranger.plugin.storm.policy.rest.ssl.config.file</name> <value>/usr/hdp/current/storm-client/conf/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml index a6b1baa..8237f1c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml @@ -23,7 +23,7 @@ <name>xasecure.audit.is.enabled</name> <value>true</value> <description>Is Audit enabled?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db</name> @@ -39,19 +39,19 @@ <name>xasecure.audit.destination.db</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> <description>Audit DB JDBC URL</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> <description>Audit DB JDBC User</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.password</name> @@ -61,25 +61,25 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> <description>Audit DB JDBC Driver</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> <description>Credential file store</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hadoop/yarn/audit/db/spool</value> <description>/var/log/hadoop/yarn/audit/db/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs</name> @@ -95,7 +95,7 @@ <name>xasecure.audit.destination.hdfs</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> @@ -107,13 +107,13 @@ <name>xasecure.audit.destination.hdfs.dir</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hadoop/yarn/audit/hdfs/spool</value> <description>/var/log/hadoop/yarn/audit/hdfs/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr</name> @@ -129,7 +129,7 @@ <name>xasecure.audit.destination.solr</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.urls</name> @@ -144,7 +144,7 @@ <name>ranger.audit.solr.urls</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> @@ -156,13 +156,13 @@ <name>ranger.audit.solr.zookeepers</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hadoop/yarn/audit/solr/spool</value> <description>/var/log/hadoop/yarn/audit/solr/spool</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> @@ -172,6 +172,6 @@ <value-attributes> <type>boolean</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml index 97867cc..1899d44 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml @@ -24,7 +24,7 @@ <value>ambari-qa</value> <display-name>Policy user for YARN</display-name> <description>This user must be system user and also present at Ranger admin portal</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>hadoop.rpc.protection</name> @@ -33,7 +33,7 @@ <value-attributes> <empty-value-valid>true</empty-value-valid> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>common.name.for.certificate</name> @@ -42,7 +42,7 @@ <value-attributes> <empty-value-valid>true</empty-value-valid> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger-yarn-plugin-enabled</name> @@ -59,14 +59,14 @@ <type>boolean</type> <overridable>false</overridable> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>REPOSITORY_CONFIG_USERNAME</name> <value>yarn</value> <display-name>Ranger repository config user</display-name> <description>Used for repository creation on ranger admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>REPOSITORY_CONFIG_PASSWORD</name> @@ -77,6 +77,6 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml index 5410104..6ad6e62 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml @@ -23,7 +23,7 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.password</name> @@ -33,13 +33,13 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/hadoop-client/conf/ranger-yarn-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.password</name> @@ -49,18 +49,18 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml index 5f69962..3c0b29f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml @@ -23,36 +23,42 @@ <name>ranger.plugin.yarn.service.name</name> <value>{{repo_name}}</value> <description>Name of the Ranger service containing policies for this Yarn instance</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.yarn.policy.source.impl</name> <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.yarn.policy.rest.url</name> <value>{{policymgr_mgr_url}}</value> <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + <depends-on> + <property> + <type>admin-properties</type> + <name>policymgr_external_url</name> + </property> + </depends-on> </property> <property> <name>ranger.plugin.yarn.policy.rest.ssl.config.file</name> <value>/etc/hadoop/conf/ranger-policymgr-ssl-yarn.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.yarn.policy.pollIntervalMs</name> <value>30000</value> <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.yarn.policy.cache.dir</name> <value>/etc/ranger/{{repo_name}}/policycache</value> <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index eb7ebc1..1fc8598 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -777,6 +777,40 @@ class HDP23StackAdvisor(HDP22StackAdvisor): knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port'] putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port)) + required_services = [ + {'service_name': 'HDFS', 'config_type': 'ranger-hdfs-security'}, + {'service_name': 'YARN', 'config_type': 'ranger-yarn-security'}, + {'service_name': 'HBASE', 'config_type': 'ranger-hbase-security'}, + {'service_name': 'HIVE', 'config_type': 'ranger-hive-security'}, + {'service_name': 'KNOX', 'config_type': 'ranger-knox-security'}, + {'service_name': 'KAFKA', 'config_type': 'ranger-kafka-security'}, + {'service_name': 'RANGER_KMS','config_type': 'ranger-kms-security'}, + {'service_name': 'STORM', 'config_type': 'ranger-storm-security'} + ] + + # recommendation for ranger url for ranger-supported plugins + self.recommendRangerUrlConfigurations(configurations, services, required_services) + + def recommendRangerUrlConfigurations(self, configurations, services, requiredServices): + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] + + policymgr_external_url = "" + if 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties']: + if 'admin-properties' in configurations and 'policymgr_external_url' in configurations['admin-properties']['properties']: + policymgr_external_url = configurations['admin-properties']['properties']['policymgr_external_url'] + else: + policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url'] + + for index in range(len(requiredServices)): + if requiredServices[index]['service_name'] in servicesList: + component_config_type = requiredServices[index]['config_type'] + component_name = requiredServices[index]['service_name'] + component_config_property = 'ranger.plugin.{0}.policy.rest.url'.format(component_name.lower()) + if requiredServices[index]['service_name'] == 'RANGER_KMS': + component_config_property = 'ranger.plugin.kms.policy.rest.url' + putRangerSecurityProperty = self.putProperty(configurations, component_config_type, services) + if component_config_type in services["configurations"] and component_config_property in services["configurations"][component_config_type]["properties"]: + putRangerSecurityProperty(component_config_property, policymgr_external_url) def recommendYARNConfigurations(self, configurations, clusterData, services, hosts): super(HDP23StackAdvisor, self).recommendYARNConfigurations(configurations, clusterData, services, hosts) http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml index 36677a1..efeea5f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml @@ -78,7 +78,7 @@ <name>xasecure.audit.destination.solr</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -94,7 +94,7 @@ <name>ranger.audit.solr.urls</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -107,7 +107,7 @@ <name>ranger.audit.solr.zookeepers</name> </property> </depends-on> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml index fd623cb..977127c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-plugin-properties.xml @@ -26,7 +26,7 @@ <display-name>Policy user for Atlas</display-name> <description>This user must be system user and also present at Ranger admin portal</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -36,7 +36,7 @@ <value-attributes> <empty-value-valid>true</empty-value-valid> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -54,7 +54,7 @@ <type>boolean</type> <overridable>false</overridable> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -63,7 +63,7 @@ <display-name>Ranger repository config user</display-name> <description>Used for repository creation on ranger admin </description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -76,7 +76,55 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_admin_username</name> + <value></value> + <display-name>External Ranger admin username</display-name> + <description>Add ranger default admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_admin_password</name> + <value></value> + <display-name>External Ranger admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_username</name> + <value></value> + <display-name>External Ranger Ambari admin username</display-name> + <description>Add ranger default ambari admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_password</name> + <value></value> + <display-name>External Ranger Ambari admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default ambari admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml index dcffb63..349c829 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-policymgr-ssl.xml @@ -24,7 +24,7 @@ <name>xasecure.policymgr.clientssl.keystore</name> <value>/usr/hdp/current/atlas-server/conf/ranger-plugin-keystore.jks</value> <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -35,14 +35,14 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore</name> <value>/usr/hdp/current/atlas-server/conf/ranger-plugin-truststore.jks</value> <description>java truststore file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> @@ -53,21 +53,21 @@ <value-attributes> <type>password</type> </value-attributes> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java keystore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> <description>java truststore credential file</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml index ea0a026..c5588d1 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-security.xml @@ -23,49 +23,55 @@ <name>ranger.plugin.atlas.service.name</name> <value>{{repo_name}}</value> <description>Name of the Ranger service containing Atlas policies</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.atlas.policy.source.impl</name> <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> <description>Class to retrieve policies from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.atlas.policy.rest.url</name> <value>{{policymgr_mgr_url}}</value> <description>URL to Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> + <depends-on> + <property> + <type>admin-properties</type> + <name>policymgr_external_url</name> + </property> + </depends-on> </property> <property> <name>ranger.plugin.atlas.policy.rest.ssl.config.file</name> <value>/usr/hdp/current/atlas-server/conf/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.atlas.policy.pollIntervalMs</name> <value>30000</value> <description>How often to poll for changes in policies?</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>ranger.plugin.atlas.policy.cache.dir</name> <value>/etc/ranger/{{repo_name}}/policycache</value> <description>Directory where Ranger policies are cached after successful retrieval from the source</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> <property> <name>xasecure.add-hadoop-authorization</name> <value>true</value> <description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml new file mode 100644 index 0000000..3450970 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>external_admin_username</name> + <value></value> + <display-name>External Ranger admin username</display-name> + <description>Add ranger default admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_admin_password</name> + <value></value> + <display-name>External Ranger admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_username</name> + <value></value> + <display-name>External Ranger Ambari admin username</display-name> + <description>Add ranger default ambari admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_password</name> + <value></value> + <display-name>External Ranger Ambari admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default ambari admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml index 77f7be2..953e42e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml @@ -26,6 +26,54 @@ <value-attributes> <empty-value-valid>true</empty-value-valid> </value-attributes> - <on-ambari-upgrade add="false" /> + <on-ambari-upgrade add="true" /> + </property> + + <property> + <name>external_admin_username</name> + <value></value> + <display-name>External Ranger admin username</display-name> + <description>Add ranger default admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_admin_password</name> + <value></value> + <display-name>External Ranger admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_username</name> + <value></value> + <display-name>External Ranger Ambari admin username</display-name> + <description>Add ranger default ambari admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_password</name> + <value></value> + <display-name>External Ranger Ambari admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default ambari admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml new file mode 100644 index 0000000..3450970 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-plugin-properties.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>external_admin_username</name> + <value></value> + <display-name>External Ranger admin username</display-name> + <description>Add ranger default admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_admin_password</name> + <value></value> + <display-name>External Ranger admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_username</name> + <value></value> + <display-name>External Ranger Ambari admin username</display-name> + <description>Add ranger default ambari admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_password</name> + <value></value> + <display-name>External Ranger Ambari admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default ambari admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml index 5bc8c9c..7f0bb99 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-security.xml @@ -23,6 +23,6 @@ <name>ranger.plugin.hive.policy.rest.ssl.config.file</name> <value>{{stack_root}}/current/{{ranger_hive_component}}/conf/conf.server/ranger-policymgr-ssl.xml</value> <description>Path to the file containing SSL details to contact Ranger Admin</description> - <on-ambari-upgrade add="false"/> + <on-ambari-upgrade add="true"/> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/1524fd77/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml new file mode 100644 index 0000000..3450970 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>external_admin_username</name> + <value></value> + <display-name>External Ranger admin username</display-name> + <description>Add ranger default admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_admin_password</name> + <value></value> + <display-name>External Ranger admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_username</name> + <value></value> + <display-name>External Ranger Ambari admin username</display-name> + <description>Add ranger default ambari admin username if want to communicate to external ranger</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>external_ranger_admin_password</name> + <value></value> + <display-name>External Ranger Ambari admin password</display-name> + <property-type>PASSWORD</property-type> + <description>Add ranger default ambari admin password if want to communicate to external ranger</description> + <value-attributes> + <type>password</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + +</configuration> \ No newline at end of file
