AMBARI-20985. HDP 3.0 TP - create service definition for Ranger with configs, kerberos, widgets, etc.(vbrodetskyi)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/260ee2ef Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/260ee2ef Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/260ee2ef Branch: refs/heads/branch-feature-AMBARI-20859 Commit: 260ee2efc131c8dd0d5e4d9aa960eafb6b3d62ce Parents: 4e6babd Author: Vitaly Brodetskyi <[email protected]> Authored: Fri May 12 13:47:33 2017 +0300 Committer: Vitaly Brodetskyi <[email protected]> Committed: Fri May 12 13:47:33 2017 +0300 ---------------------------------------------------------------------- .../RANGER/0.7.0.3.0/alerts.json | 76 + .../0.7.0.3.0/configuration/admin-log4j.xml | 132 ++ .../configuration/admin-properties.xml | 163 ++ .../configuration/atlas-tagsync-ssl.xml | 72 + .../configuration/ranger-admin-site.xml | 785 ++++++++ .../0.7.0.3.0/configuration/ranger-env.xml | 513 +++++ .../0.7.0.3.0/configuration/ranger-site.xml | 30 + .../configuration/ranger-solr-configuration.xml | 59 + .../ranger-tagsync-policymgr-ssl.xml | 72 + .../configuration/ranger-tagsync-site.xml | 206 ++ .../configuration/ranger-ugsync-site.xml | 574 ++++++ .../tagsync-application-properties.xml | 62 + .../0.7.0.3.0/configuration/tagsync-log4j.xml | 90 + .../0.7.0.3.0/configuration/usersync-log4j.xml | 89 + .../configuration/usersync-properties.xml | 32 + .../RANGER/0.7.0.3.0/kerberos.json | 153 ++ .../RANGER/0.7.0.3.0/metainfo.xml | 189 ++ .../alerts/alert_ranger_admin_passwd_check.py | 195 ++ .../RANGER/0.7.0.3.0/package/scripts/params.py | 448 +++++ .../0.7.0.3.0/package/scripts/ranger_admin.py | 217 ++ .../0.7.0.3.0/package/scripts/ranger_service.py | 69 + .../0.7.0.3.0/package/scripts/ranger_tagsync.py | 139 ++ .../package/scripts/ranger_usersync.py | 124 ++ .../0.7.0.3.0/package/scripts/service_check.py | 49 + .../0.7.0.3.0/package/scripts/setup_ranger.py | 153 ++ .../package/scripts/setup_ranger_xml.py | 853 ++++++++ .../0.7.0.3.0/package/scripts/status_params.py | 39 + .../RANGER/0.7.0.3.0/package/scripts/upgrade.py | 31 + .../templates/input.config-ranger.json.j2 | 79 + .../package/templates/ranger_admin_pam.j2 | 22 + .../package/templates/ranger_remote_pam.j2 | 22 + .../package/templates/ranger_solr_jaas_conf.j2 | 26 + .../properties/ranger-solrconfig.xml.j2 | 1874 ++++++++++++++++++ .../RANGER/0.7.0.3.0/quicklinks/quicklinks.json | 41 + .../RANGER/0.7.0.3.0/role_command_order.json | 9 + .../0.7.0.3.0/themes/theme_version_1.json | 722 +++++++ .../0.7.0.3.0/themes/theme_version_2.json | 1470 ++++++++++++++ .../0.7.0.3.0/themes/theme_version_3.json | 692 +++++++ .../0.7.0.3.0/themes/theme_version_5.json | 48 + .../stacks/HDP/3.0/services/RANGER/metainfo.xml | 27 + 40 files changed, 10646 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json new file mode 100644 index 0000000..ab473a8 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json @@ -0,0 +1,76 @@ +{ + "RANGER": { + "service": [], + "RANGER_ADMIN": [ + { + "name": "ranger_admin_process", + "label": "Ranger Admin Process", + "description": "This host-level alert is triggered if the Ranger Admin Web UI is unreachable.", + "interval": 1, + "scope": "ANY", + "source": { + "type": "WEB", + "uri": { + "http": "{{admin-properties/policymgr_external_url}}/login.jsp", + "https": "{{admin-properties/policymgr_external_url}}/login.jsp", + "kerberos_keytab": "{{cluster-env/smokeuser_keytab}}", + "kerberos_principal": "{{cluster-env/smokeuser_principal_name}}", + "https_property": "{{ranger-admin-site/ranger.service.https.attrib.ssl.enabled}}", + "https_property_value": "true", + "connection_timeout": 5.0 + }, + "reporting": { + "ok": { + "text": "HTTP {0} response in {2:.3f}s" + }, + "warning": { + "text": "HTTP {0} response from {1} in {2:.3f}s ({3})" + }, + "critical": { + "text": "Connection failed to {1} ({3})" + } + } + } + }, + { + "name": "ranger_admin_password_check", + "label": "Ranger Admin password check", + "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.", + "interval": 30, + "scope": "ANY", + "source": { + "type": "SCRIPT", + "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py", + "parameters": [] + } + } + ], + "RANGER_USERSYNC": [ + { + "name": "ranger_usersync_process", + "label": "Ranger Usersync Process", + "description": "This host-level alert is triggered if the Ranger Usersync cannot be determined to be up.", + "interval": 1, + "scope": "HOST", + "source": { + "type": "PORT", + "uri": "{{ranger-ugsync-site/ranger.usersync.port}}", + "default_port": 5151, + "reporting": { + "ok": { + "text": "TCP OK - {0:.3f}s response on port {1}" + }, + "warning": { + "text": "TCP OK - {0:.3f}s response on port {1}", + "value": 1.5 + }, + "critical": { + "text": "Connection failed: {0} to {1}:{2}", + "value": 5.0 + } + } + } + } + ] + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml new file mode 100644 index 0000000..fbbfac7 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml @@ -0,0 +1,132 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_adding_forbidden="false"> + <property> + <name>ranger_xa_log_maxfilesize</name> + <value>256</value> + <description>The maximum size of backup file before the log is rotated</description> + <display-name>Ranger Log: backup file size</display-name> + <value-attributes> + <unit>MB</unit> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_xa_log_maxbackupindex</name> + <value>20</value> + <description>The number of backup files</description> + <display-name>Ranger Log: # of backup files</display-name> + <value-attributes> + <type>int</type> + <minimum>0</minimum> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>content</name> + <display-name>admin-log4j template</display-name> + <description>admin-log4j.properties</description> + <value> +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +log4j.rootLogger = warn,xa_log_appender + + +# xa_logger +log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.xa_log_appender.file=${logdir}/xa_portal.log +log4j.appender.xa_log_appender.datePattern='.'yyyy-MM-dd +log4j.appender.xa_log_appender.append=true +log4j.appender.xa_log_appender.layout=org.apache.log4j.PatternLayout +log4j.appender.xa_log_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n +log4j.appender.xa_log_appender.MaxFileSize={{ranger_xa_log_maxfilesize}}MB +log4j.appender.xa_log_appender.MaxBackupIndex={{ranger_xa_log_maxbackupindex}} + +# xa_log_appender : category and additivity +log4j.category.org.springframework=warn,xa_log_appender +log4j.additivity.org.springframework=false + +log4j.category.org.apache.ranger=info,xa_log_appender +log4j.additivity.org.apache.ranger=false + +log4j.category.xa=info,xa_log_appender +log4j.additivity.xa=false + +# perf_logger +log4j.appender.perf_appender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.perf_appender.file=${logdir}/ranger_admin_perf.log +log4j.appender.perf_appender.datePattern='.'yyyy-MM-dd +log4j.appender.perf_appender.append=true +log4j.appender.perf_appender.layout=org.apache.log4j.PatternLayout +log4j.appender.perf_appender.layout.ConversionPattern=%d [%t] %m%n + + +# sql_appender +log4j.appender.sql_appender=org.apache.log4j.DailyRollingFileAppender +log4j.appender.sql_appender.file=${logdir}/xa_portal_sql.log +log4j.appender.sql_appender.datePattern='.'yyyy-MM-dd +log4j.appender.sql_appender.append=true +log4j.appender.sql_appender.layout=org.apache.log4j.PatternLayout +log4j.appender.sql_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n + +# sql_appender : category and additivity +log4j.category.org.hibernate.SQL=warn,sql_appender +log4j.additivity.org.hibernate.SQL=false + +log4j.category.jdbc.sqlonly=fatal,sql_appender +log4j.additivity.jdbc.sqlonly=false + +log4j.category.jdbc.sqltiming=warn,sql_appender +log4j.additivity.jdbc.sqltiming=false + +log4j.category.jdbc.audit=fatal,sql_appender +log4j.additivity.jdbc.audit=false + +log4j.category.jdbc.resultset=fatal,sql_appender +log4j.additivity.jdbc.resultset=false + +log4j.category.jdbc.connection=fatal,sql_appender +log4j.additivity.jdbc.connection=false + </value> + <value-attributes> + <type>content</type> + <show-property-name>false</show-property-name> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml new file mode 100644 index 0000000..1d73087 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml @@ -0,0 +1,163 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false"> + + + <property> + <name>SQL_CONNECTOR_JAR</name> + <value>{{driver_curl_target}}</value> + <display-name>Location of Sql Connector Jar</display-name> + <description>Location of DB client library (please check the location of the jar file)</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>admin-properties</type> + <name>DB_FLAVOR</name> + </property> + </depends-on> + <on-ambari-upgrade add="false" update="false"/> + </property> + <property> + <name>db_root_user</name> + <value>root</value> + <display-name>Database Administrator (DBA) username</display-name> + <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property require-input="true"> + <name>db_root_password</name> + <value/> + <property-type>PASSWORD</property-type> + <display-name>Database Administrator (DBA) password</display-name> + <description>Database password for the database admin username</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>db_host</name> + <value/> + <display-name>Ranger DB host</display-name> + <description>Database host</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>db_name</name> + <value>ranger</value> + <display-name>Ranger DB name</display-name> + <description>Database name</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>db_user</name> + <value>rangeradmin</value> + <display-name>Ranger DB username</display-name> + <description>Database username used for the Ranger schema</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property require-input="true"> + <name>db_password</name> + <value/> + <property-type>PASSWORD</property-type> + <display-name>Ranger DB password</display-name> + <description>Database password for the Ranger schema</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>DB_FLAVOR</name> + <value>MYSQL</value> + <display-name>DB FLAVOR</display-name> + <description>The database type to be used (mysql/oracle)</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>MYSQL</value> + <label>MYSQL</label> + </entry> + <entry> + <value>ORACLE</value> + <label>ORACLE</label> + </entry> + <entry> + <value>POSTGRES</value> + <label>POSTGRES</label> + </entry> + <entry> + <value>MSSQL</value> + <label>MSSQL</label> + </entry> + <entry> + <value>SQLA</value> + <label>SQL Anywhere</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>policymgr_external_url</name> + <value/> + <display-name>External URL</display-name> + <description>Policy Manager external url eg: http://RANGER_HOST:6080</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.service.http.enabled</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.service.http.port</name> + </property> + <property> + <type>ranger-admin-site</type> + <name>ranger.service.https.port</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml new file mode 100644 index 0000000..d43c010 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value> + <description>Java Keystore files</description> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <description>password for keystore</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value> + <description>java truststore file</description> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <description>java truststore password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file{{atlas_tagsync_credential_file}}</value> + <description>java keystore credential file</description> + <on-ambari-upgrade add="false" /> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file{{atlas_tagsync_credential_file}}</value> + <description>java truststore credential file</description> + <on-ambari-upgrade add="false" /> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml new file mode 100644 index 0000000..a9153f8 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml @@ -0,0 +1,785 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration supports_final="true"> + <property> + <name>ranger.service.host</name> + <value>{{ranger_host}}</value> + <description>Host where ranger service to be installed</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.http.enabled</name> + <value>true</value> + <display-name>HTTP enabled</display-name> + <description>Enable HTTP</description> + <value-attributes> + <overridable>false</overridable> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.http.port</name> + <value>6080</value> + <description>HTTP port</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.https.port</name> + <value>6182</value> + <description>HTTPS port (if SSL is enabled)</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.https.attrib.ssl.enabled</name> + <value>false</value> + <description>true/false, set to true if using SSL</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.https.attrib.clientAuth</name> + <value>want</value> + <description>Needs to be set to want for two way SSL</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.https.attrib.keystore.keyalias</name> + <value>rangeradmin</value> + <description>Alias for Ranger Admin key in keystore</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.https.attrib.keystore.pass</name> + <value>xasecure</value> + <property-type>PASSWORD</property-type> + <description>Password for keystore</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.https.attrib.keystore.file</name> + <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> + <description>Ranger admin keystore (specify full path)</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.externalurl</name> + <value>{{ranger_external_url}}</value> + <display-name>External URL</display-name> + <description>URL to be used by clients to access ranger admin</description> + <value-attributes> + <visible>false</visible> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.jpa.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <display-name>Driver class name for a JDBC Ranger database</display-name> + <description>JDBC driver class name. Example: For MySQL / MariaDB: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>admin-properties</type> + <name>DB_FLAVOR</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.jpa.jdbc.url</name> + <value>jdbc:mysql://localhost</value> + <display-name>JDBC connect string for a Ranger database</display-name> + <description>JDBC connect string</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>admin-properties</type> + <name>DB_FLAVOR</name> + </property> + <property> + <type>admin-properties</type> + <name>db_host</name> + </property> + <property> + <type>admin-properties</type> + <name>db_name</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.jpa.jdbc.user</name> + <value>{{ranger_db_user}}</value> + <description>JDBC user</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.jpa.jdbc.password</name> + <value>_</value> + <property-type>PASSWORD</property-type> + <description>JDBC password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.jpa.jdbc.credential.alias</name> + <value>rangeradmin</value> + <description>Alias name for storing JDBC password</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.credential.provider.path</name> + <value>/etc/ranger/admin/rangeradmin.jceks</value> + <description>File for credential store, provide full file path</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.audit.source.type</name> + <value>solr</value> + <description>db or solr, based on the audit destination used</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.db</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.audit.solr.urls</name> + <value/> + <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.authentication.method</name> + <value>UNIX</value> + <display-name>Authentication method</display-name> + <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>ranger-ugsync-site</type> + <name>ranger.usersync.source.impl.class</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.url</name> + <display-name>âLDAP URL</display-name> + <value>{{ranger_ug_ldap_url}}</value> + <description>LDAP Server URL, only used if Authentication method is LDAP</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.user.dnpattern</name> + <value>uid={0},ou=users,dc=xasecure,dc=net</value> + <description>LDAP user DN, only used if Authentication method is LDAP</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.group.searchbase</name> + <display-name>Group Search Base</display-name> + <value>{{ranger_ug_ldap_group_searchbase}}</value> + <description>LDAP group searchbase, only used if Authentication method is LDAP</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.group.searchfilter</name> + <display-name>Group Search Filter</display-name> + <value>{{ranger_ug_ldap_group_searchfilter}}</value> + <description>LDAP group search filter, only used if Authentication method is LDAP</description> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.ldap.group.roleattribute</name> + <value>cn</value> + <description>LDAP group role attribute, only used if Authentication method is LDAP</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.base.dn</name> + <value>dc=example,dc=com</value> + <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.bind.dn</name> + <display-name>Bind User</display-name> + <value>{{ranger_ug_ldap_bind_dn}}</value> + <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.bind.password</name> + <display-name>âBind User Password</display-name> + <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> + <property-type>PASSWORD</property-type> + <description>Password for the account that can search for users</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.referral</name> + <value>ignore</value> + <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.ad.domain</name> + <display-name>Domain Name (Only for AD)</display-name> + <value/> + <description>AD domain, only used if Authentication method is AD</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.ad.url</name> + <value>{{ranger_ug_ldap_url}}</value> + <description>AD URL, only used if Authentication method is AD</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.ad.base.dn</name> + <value>dc=example,dc=com</value> + <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.ad.bind.dn</name> + <value>{{ranger_ug_ldap_bind_dn}}</value> + <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.ad.bind.password</name> + <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> + <property-type>PASSWORD</property-type> + <description>Password for the account that can search for users</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.ldap.ad.referral</name> + <value>ignore</value> + <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + + + + + <property> + <name>ranger.unixauth.remote.login.enabled</name> + <value>true</value> + <display-name>Allow remote Login</display-name> + <description>Remote login enabled? - only used if Authentication method is UNIX</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.unixauth.service.hostname</name> + <value>{{ugsync_host}}</value> + <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.unixauth.service.port</name> + <value>5151</value> + <description>Port for unix authentication service - only used if Authentication method is UNIX</description> + <value-attributes> + <type>int</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.jpa.jdbc.dialect</name> + <value>{{jdbc_dialect}}</value> + <description>JDBC dialect used for policy DB</description> + <on-ambari-upgrade add="false"/> + </property> + + + <property> + <name>ranger.audit.solr.username</name> + <value>ranger_solr</value> + <description>Solr username</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.audit.solr.password</name> + <value>NONE</value> + <property-type>PASSWORD</property-type> + <description>Solr password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.sso.providerurl</name> + <value/> + <display-name>SSO provider url</display-name> + <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>gateway-site</type> + <name>gateway.port</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.sso.publicKey</name> + <value/> + <display-name>SSO public key</display-name> + <description>Public key for SSO cookie verification</description> + <value-attributes> + <type>multiLine</type> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.sso.enabled</name> + <value>false</value> + <display-name>Enable Ranger SSO</display-name> + <description/> + <value-attributes> + <overridable>false</overridable> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.sso.browser.useragent</name> + <value>Mozilla,chrome</value> + <display-name>SSO browser useragent</display-name> + <description>Comma seperated browser agent</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.binddn.credential.alias</name> + <value>ranger.ldap.bind.password</value> + <description></description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.ldap.ad.binddn.credential.alias</name> + <value>ranger.ldap.ad.bind.password</value> + <description></description> + <on-ambari-upgrade add="false"/> + </property> + + + + + + + + + + + + <property> + <name>ranger.admin.kerberos.token.valid.seconds</name> + <value>30</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.admin.kerberos.cookie.domain</name> + <value>{{ranger_host}}</value> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.admin.kerberos.cookie.path</name> + <value>/</value> + <description/> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.spnego.kerberos.principal</name> + <value>*</value> + <description/> + <property-type>KERBEROS_PRINCIPAL</property-type> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.spnego.kerberos.keytab</name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.admin.kerberos.principal</name> + <value/> + <description/> + <property-type>KERBEROS_PRINCIPAL</property-type> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.admin.kerberos.keytab</name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.lookup.kerberos.principal</name> + <value/> + <description/> + <property-type>KERBEROS_PRINCIPAL</property-type> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.lookup.kerberos.keytab</name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.truststore.file</name> + <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> + <display-name>ranger.truststore.file</display-name> + <description>Ranger trust-store file-path</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> + <display-name>ranger.truststore.password</display-name> + <description>Ranger trust-store password</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.audit.solr.zookeepers</name> + <value>NONE</value> + <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>infra-solr-env</type> + <name>infra_solr_znode</name> + </property> + <property> + <type>ranger-env</type> + <name>is_solrCloud_enabled</name> + </property> + <property> + <type>ranger-env</type> + <name>is_external_solrCloud_enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + + + <property> + <name>ranger.ldap.ad.user.searchfilter</name> + <value>(sAMAccountName={0})</value> + <description>Search filter used for Bind Authentication</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.ldap.user.searchfilter</name> + <display-name>User Search Filter</display-name> + <value>(uid={0})</value> + <description>Search filter used for Bind Authentication</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.kms.service.user.hdfs</name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hadoop-env</type> + <name>hdfs_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.kms.service.user.hive</name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hive-env</type> + <name>hive_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.hdfs.serviceuser</name> + <value>hdfs</value> + <depends-on> + <property> + <type>hadoop-env</type> + <name>hdfs_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.hive.serviceuser</name> + <value>hive</value> + <depends-on> + <property> + <type>hive-env</type> + <name>hive_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.hbase.serviceuser</name> + <value>hbase</value> + <depends-on> + <property> + <type>hbase-env</type> + <name>hbase_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.yarn.serviceuser</name> + <value>yarn</value> + <depends-on> + <property> + <type>yarn-env</type> + <name>yarn_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.knox.serviceuser</name> + <value>knox</value> + <depends-on> + <property> + <type>knox-env</type> + <name>knox_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.storm.serviceuser</name> + <value>storm</value> + <depends-on> + <property> + <type>storm-env</type> + <name>storm_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.kafka.serviceuser</name> + <value>kafka</value> + <depends-on> + <property> + <type>kafka-env</type> + <name>kafka_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.atlas.serviceuser</name> + <value>atlas</value> + <depends-on> + <property> + <type>atlas-env</type> + <name>metadata_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.plugins.kms.serviceuser</name> + <value>kms</value> + <depends-on> + <property> + <type>kms-env</type> + <name>kms_user</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>ranger.is.solr.kerberised</name> + <value>{{ranger_is_solr_kerberised}}</value> + <value-attributes> + <visible>false</visible> + </value-attributes> + <description/> + <on-ambari-upgrade add="true"/> + </property> + + + + <property> + <name>ranger.truststore.alias</name> + <value>trustStoreAlias</value> + <description></description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.service.https.attrib.keystore.credential.alias</name> + <value>keyStoreCredentialAlias</value> + <description></description> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml new file mode 100644 index 0000000..3e25470 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml @@ -0,0 +1,513 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true" supports_adding_forbidden="true"> + <property> + <name>ranger_user</name> + <value>ranger</value> + <property-type>USER</property-type> + <display-name>Ranger User</display-name> + <description>Ranger username</description> + <value-attributes> + <type>user</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_group</name> + <value>ranger</value> + <property-type>GROUP</property-type> + <display-name>Ranger Group</display-name> + <description>Ranger group</description> + <value-attributes> + <type>user</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_admin_log_dir</name> + <value>/var/log/ranger/admin</value> + <description/> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + <editable-only-at-install>true</editable-only-at-install> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_usersync_log_dir</name> + <value>/var/log/ranger/usersync</value> + <description/> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + <editable-only-at-install>true</editable-only-at-install> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_admin_username</name> + <value>amb_ranger_admin</value> + <property-type>TEXT</property-type> + <display-name>Ranger Admin username for Ambari</display-name> + <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_admin_password</name> + <value/> + <property-type>PASSWORD</property-type> + <display-name>Ranger Admin user's password for Ambari</display-name> + <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description> + <value-attributes> + <type>password</type> + <overridable>false</overridable> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>admin_username</name> + <value>admin</value> + <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>admin_password</name> + <value>admin</value> + <property-type>PASSWORD</property-type> + <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + + <property> + <name>ranger_pid_dir</name> + <value>/var/run/ranger</value> + <description/> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + <editable-only-at-install>true</editable-only-at-install> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-hdfs-plugin-enabled</name> + <value>No</value> + <display-name>HDFS Ranger Plugin</display-name> + <description>Enable HDFS Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-hive-plugin-enabled</name> + <value>No</value> + <display-name>Hive Ranger Plugin</display-name> + <description>Enable Hive Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-hbase-plugin-enabled</name> + <value>No</value> + <display-name>Hbase Ranger Plugin</display-name> + <description>Enable HBase Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-storm-plugin-enabled</name> + <value>No</value> + <display-name>Storm Ranger Plugin</display-name> + <description>Enable Storm Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-knox-plugin-enabled</name> + <value>No</value> + <display-name>Knox Ranger Plugin</display-name> + <description>Enable Knox Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + + <property> + <name>xml_configurations_supported</name> + <value>true</value> + <description/> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>create_db_dbuser</name> + <value>true</value> + <display-name>Setup Database and Database User</display-name> + <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description> + <value-attributes> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger_privelege_user_jdbc_url</name> + <display-name>JDBC connect string for root user</display-name> + <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description> + <value>jdbc:mysql://localhost</value> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>admin-properties</type> + <name>DB_FLAVOR</name> + </property> + <property> + <type>admin-properties</type> + <name>db_host</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-yarn-plugin-enabled</name> + <value>No</value> + <display-name>YARN Ranger Plugin</display-name> + <description>Enable YARN Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-kafka-plugin-enabled</name> + <value>No</value> + <display-name>Kafka Ranger Plugin</display-name> + <description>Enable Kafka Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.solr</name> + <value>true</value> + <display-name>Audit to Solr</display-name> + <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>ON</label> + </entry> + <entry> + <value>false</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>is_solrCloud_enabled</name> + <display-name>SolrCloud</display-name> + <description>SolrCloud uses zookeeper for distributed search and indexing</description> + <value>false</value> + <value-attributes> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>ON</label> + </entry> + <entry> + <value>false</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs</name> + <value>true</value> + <display-name>Audit to HDFS</display-name> + <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>ON</label> + </entry> + <entry> + <value>false</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.dir</name> + <value>hdfs://localhost:8020</value> + <display-name>Destination HDFS Directory</display-name> + <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description> + <depends-on> + <property> + <type>core-site</type> + <name>fs.defaultFS</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_solr_config_set</name> + <value>ranger_audits</value> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_solr_collection_name</name> + <value>ranger_audits</value> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_solr_shards</name> + <value>1</value> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_solr_replication_factor</name> + <value>1</value> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger-atlas-plugin-enabled</name> + <value>No</value> + <display-name>Atlas Ranger Plugin</display-name> + <description>Enable Atlas Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>is_external_solrCloud_enabled</name> + <display-name>External SolrCloud</display-name> + <value>false</value> + <description>Using Externally managed solr cloud ?</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>ON</label> + </entry> + <entry> + <value>false</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>is_external_solrCloud_kerberos</name> + <display-name>External SolrCloud kerberos</display-name> + <value>false</value> + <description>Is Externally managed solr cloud kerberos ?</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>ON</label> + </entry> + <entry> + <value>false</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger-nifi-plugin-enabled</name> + <value>No</value> + <display-name>NIFI Ranger Plugin</display-name> + <description>Enable NIFI Ranger plugin</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>Yes</value> + <label>ON</label> + </entry> + <entry> + <value>No</value> + <label>OFF</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml new file mode 100644 index 0000000..c70e222 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false"> + + + + + + + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml new file mode 100644 index 0000000..550ce0d --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>ranger_audit_max_retention_days</name> + <display-name>Max Retention Days</display-name> + <description>Days to retain audit logs in Solr</description> + <value>90</value> + <value-attributes> + <type>int</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger_audit_logs_merge_factor</name> + <display-name>Merge Factor</display-name> + <description> + The mergeFactor value tells Lucene how many segments of equal size to build before merging them into a + single segment. High value merge factor (e.g. 25) improves indexing speed, but slows down searching. Low value + (e.g. 5) improves searching, but slows down indexing. + </description> + <value>5</value> + <value-attributes> + <type>int</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>content</name> + <display-name>solr-config template</display-name> + <description>the jinja template for solrconfig.xml file used for ranger audit logs</description> + <value/> + <property-type>VALUE_FROM_PROPERTY_FILE</property-type> + <value-attributes> + <property-file-name>ranger-solrconfig.xml.j2</property-file-name> + <property-file-type>xml</property-file-type> + </value-attributes> + <on-ambari-upgrade add="false" /> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml new file mode 100644 index 0000000..a4c9441 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml @@ -0,0 +1,72 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value> + <description>Java Keystore files</description> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <description>password for keystore</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value> + <description>java truststore file</description> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <description>java truststore password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file{{ranger_tagsync_credential_file}}</value> + <description>java keystore credential file</description> + <on-ambari-upgrade add="false" /> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file{{ranger_tagsync_credential_file}}</value> + <description>java truststore credential file</description> + <on-ambari-upgrade add="false" /> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/260ee2ef/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml new file mode 100644 index 0000000..5e60c06 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml @@ -0,0 +1,206 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true"> + <property> + <name>ranger.tagsync.logdir</name> + <value>/var/log/ranger/tagsync</value> + <description>Ranger Log dir</description> + <value-attributes> + <type>directory</type> + <overridable>false</overridable> + <editable-only-at-install>true</editable-only-at-install> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.dest.ranger.endpoint</name> + <value>{{ranger_external_url}}</value> + <description>Ranger TagAdmin REST URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.atlas</name> + <display-name>Enable Atlas Tag Source</display-name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>application-properties</type> + <name>atlas.server.bind.address</name> + </property> + </depends-on> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.atlasrest</name> + <display-name>Enable AtlasRest Tag Source</display-name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.file</name> + <display-name>Enable File Tag Source</display-name> + <value>false</value> + <description/> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.file.check.interval.millis</name> + <display-name>File Source: File update polling interval</display-name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.atlasrest.download.interval.millis</name> + <display-name>AtlasREST Source: Atlas source download interval</display-name> + <value>60000</value> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.tagsync.source.file.filename</name> + <display-name>File Source: Filename</display-name> + <value/> + <description>File Source Filename</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.tagsync.source.atlasrest.endpoint</name> + <display-name>AtlasREST Source: Atlas endpoint</display-name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + <depends-on> + <property> + <type>application-properties</type> + <name>atlas.server.http.port</name> + </property> + <property> + <type>application-properties</type> + <name>atlas.server.https.port</name> + </property> + <property> + <type>application-properties</type> + <name>atlas.enableTLS</name> + </property> + </depends-on> + </property> + <property> + <name>ranger.tagsync.kerberos.principal</name> + <value/> + <description/> + <property-type>KERBEROS_PRINCIPAL</property-type> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.kerberos.keytab</name> + <value/> + <description/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.dest.ranger.username</name> + <value>rangertagsync</value> + <description/> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.tagsync.source.atlasrest.username</name> + <value>admin</value> + <description/> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.tagsync.atlas.default.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + + <property> + <name>ranger.tagsync.keystore.filename</name> + <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value> + <description>Keystore file</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.atlasrest.keystore.filename</name> + <value>/usr/hdp/current/ranger-tagsync/conf/atlasuser.jceks</value> + <description>Tagsync atlasrest keystore file</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.dest.ranger.ssl.config.filename</name> + <value>{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml</value> + <description>Keystore and truststore information used for tagsync, required if tagsync -> ranger admin communication is SSL enabled</description> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name> + <value>{{stack_root}}/current/ranger-tagsync/conf/atlas-tagsync-ssl.xml</value> + <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description> + <on-ambari-upgrade add="false"/> + </property> +</configuration>
