Repository: ambari Updated Branches: refs/heads/trunk dde658303 -> b4da19ea0
AMBARI-20369 Need hdfs-site for saving ranger audits to hdfs in namenode HA env (mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b4da19ea Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b4da19ea Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b4da19ea Branch: refs/heads/trunk Commit: b4da19ea0b1bf87d5b91ad0520b822f00da26ab8 Parents: dde6583 Author: Mugdha Varadkar <mug...@apache.org> Authored: Thu Mar 9 15:08:05 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Fri Mar 10 10:58:24 2017 +0530 ---------------------------------------------------------------------- .../package/scripts/setup_ranger_knox.py | 18 ++++++++++++++++-- .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 15 +++++++++++++++ .../0.5.0.2.3/package/scripts/params.py | 5 ++++- .../stacks/2.5/RANGER_KMS/test_kms_server.py | 12 ++++++++++++ 4 files changed, 47 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/b4da19ea/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py index 67a1670..c486ef7 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py @@ -19,8 +19,9 @@ limitations under the License. """ from resource_management.core.logger import Logger from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_core_site_for_required_plugins - - +from resource_management.core.resources import File +from resource_management.libraries.resources.xml_config import XmlConfig +from resource_management.libraries.functions.format import format def setup_ranger_knox(upgrade_type=None): import params @@ -56,6 +57,19 @@ def setup_ranger_knox(upgrade_type=None): ) params.HdfsResource(None, action="execute") + if params.namenode_hosts is not None and len(params.namenode_hosts) > 1: + Logger.info('Ranger Knox plugin is enabled in NameNode HA environment along with audit to Hdfs enabled, creating hdfs-site.xml') + XmlConfig("hdfs-site.xml", + conf_dir=params.knox_conf_dir, + configurations=params.config['configurations']['hdfs-site'], + configuration_attributes=params.config['configuration_attributes']['hdfs-site'], + owner=params.knox_user, + group=params.knox_group, + mode=0644 + ) + else: + File(format('{knox_conf_dir}/hdfs-site.xml'), action="delete") + if params.xml_configurations_supported: api_version=None if params.stack_supports_ranger_kerberos: http://git-wip-us.apache.org/repos/asf/ambari/blob/b4da19ea/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index 1afe136..423cdec 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -342,6 +342,8 @@ def kms(upgrade_type=None): group=params.kms_group, mode=0644 ) + else: + File(format('{kms_conf_dir}/core-site.xml'), action="delete") def copy_jdbc_connector(stack_version=None): import params @@ -504,6 +506,19 @@ def enable_kms_plugin(): mode = 0640 ) + if params.xa_audit_hdfs_is_enabled and len(params.namenode_host) > 1: + Logger.info('Audit to Hdfs enabled in NameNode HA environment, creating hdfs-site.xml') + XmlConfig("hdfs-site.xml", + conf_dir=params.kms_conf_dir, + configurations=params.config['configurations']['hdfs-site'], + configuration_attributes=params.config['configuration_attributes']['hdfs-site'], + owner=params.kms_user, + group=params.kms_group, + mode=0644 + ) + else: + File(format('{kms_conf_dir}/hdfs-site.xml'), action="delete") + def setup_kms_jce(): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/b4da19ea/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index dc830d5..db59973 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -285,4 +285,7 @@ ranger_kms_site_password_properties = ['ranger.service.https.attrib.keystore.pas ranger_kms_cred_ssl_path = config['configurations']['ranger-kms-site']['ranger.credential.provider.path'] ranger_kms_ssl_keystore_alias = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.credential.alias'] ranger_kms_ssl_passwd = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.pass'] -ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled'] \ No newline at end of file +ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled'] + +xa_audit_hdfs_is_enabled = default("/configurations/ranger-kms-audit/xasecure.audit.destination.hdfs", False) +namenode_host = default("/clusterHostInfo/namenode_host", []) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/b4da19ea/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py b/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py index 6f41b6d..7082a33 100644 --- a/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py +++ b/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py @@ -151,6 +151,10 @@ class TestRangerKMS(RMFTestCase): mode = 0640 ) + self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/hdfs-site.xml', + action = ['delete'], + ) + self.assertResourceCalled('Directory', '/tmp/jce_dir', create_parents = True, ) @@ -412,6 +416,10 @@ class TestRangerKMS(RMFTestCase): content = InlineTemplate(self.getConfig()['configurations']['kms-log4j']['content']) ) + self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/core-site.xml', + action = ['delete'], + ) + @patch("os.path.isfile") def test_configure_secured(self, isfile_mock): self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kms_server.py", @@ -529,6 +537,10 @@ class TestRangerKMS(RMFTestCase): mode = 0640 ) + self.assertResourceCalled('File', '/usr/hdp/current/ranger-kms/conf/hdfs-site.xml', + action = ['delete'], + ) + self.assertResourceCalled('Directory', '/tmp/jce_dir', create_parents = True, )