http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/hbase-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/hbase-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/hbase-site.xml new file mode 100755 index 0000000..047d3f6 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/hbase-site.xml @@ -0,0 +1,388 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>hbase.bulkload.staging.dir</name> + <value>/apps/hbase/staging</value> + <description>A staging directory in default file system (HDFS) + for bulk loading. + </description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hstore.flush.retries.number</name> + <value>120</value> + <description> + The number of times the region flush operation will be retried. + </description> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>hbase.hregion.majorcompaction</name> + <value>604800000</value> + <description>Time between major compactions, expressed in milliseconds. Set to 0 to disable + time-based automatic major compactions. User-requested and size-based major compactions will + still run. This value is multiplied by hbase.hregion.majorcompaction.jitter to cause + compaction to start at a somewhat-random time during a given window of time. The default value + is 7 days, expressed in milliseconds. If major compactions are causing disruption in your + environment, you can configure them to run at off-peak times for your deployment, or disable + time-based major compactions by setting this parameter to 0, and run major compactions in a + cron job or by another external mechanism.</description> + <value-attributes> + <type>int</type> + <minimum>0</minimum> + <maximum>2592000000</maximum> + <unit>milliseconds</unit> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hregion.majorcompaction.jitter</name> + <value>0.50</value> + <description>A multiplier applied to hbase.hregion.majorcompaction to cause compaction to occur + a given amount of time either side of hbase.hregion.majorcompaction. The smaller the number, + the closer the compactions will happen to the hbase.hregion.majorcompaction + interval.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hregion.memstore.block.multiplier</name> + <value>4</value> + <description> + Block updates if memstore has hbase.hregion.memstore.block.multiplier + times hbase.hregion.memstore.flush.size bytes. Useful preventing + runaway memstore during spikes in update traffic. Without an + upper-bound, memstore fills such that when it flushes the + resultant flush files take a long time to compact or split, or + worse, we OOME. + </description> + <display-name>HBase Region Block Multiplier</display-name> + <value-attributes> + <type>value-list</type> + <entries> + <entry> + <value>2</value> + </entry> + <entry> + <value>4</value> + </entry> + <entry> + <value>8</value> + </entry> + </entries> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.bucketcache.ioengine</name> + <value/> + <description>Where to store the contents of the bucketcache. One of: onheap, + offheap, or file. If a file, set it to file:PATH_TO_FILE.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.bucketcache.size</name> + <value/> + <description>The size of the buckets for the bucketcache if you only use a single size.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.bucketcache.percentage.in.combinedcache</name> + <value/> + <description>Value to be set between 0.0 and 1.0</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.wal.codec</name> + <display-name>RegionServer WAL Codec</display-name> + <value>org.apache.hadoop.hbase.regionserver.wal.WALCellCodec</value> + <depends-on> + <property> + <type>hbase-env</type> + <name>phoenix_sql_enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.region.server.rpc.scheduler.factory.class</name> + <value/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-env</type> + <name>phoenix_sql_enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.rpc.controllerfactory.class</name> + <value/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-env</type> + <name>phoenix_sql_enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>phoenix.functions.allowUserDefinedFunctions</name> + <value> </value> + <depends-on> + <property> + <type>hbase-env</type> + <name>phoenix_sql_enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.coprocessor.regionserver.classes</name> + <value/> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-site</type> + <name>hbase.security.authorization</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.hstore.compaction.max</name> + <value>10</value> + <description>The maximum number of StoreFiles which will be selected for a single minor + compaction, regardless of the number of eligible StoreFiles. Effectively, the value of + hbase.hstore.compaction.max controls the length of time it takes a single compaction to + complete. Setting it larger means that more StoreFiles are included in a compaction. For most + cases, the default value is appropriate. + </description> + <display-name>Maximum Files for Compaction</display-name> + <value-attributes> + <type>int</type> + <entries> + <entry> + <value>8</value> + </entry> + <entry> + <value>9</value> + </entry> + <entry> + <value>10</value> + </entry> + <entry> + <value>11</value> + </entry> + <entry> + <value>12</value> + </entry> + <entry> + <value>13</value> + </entry> + <entry> + <value>14</value> + </entry> + <entry> + <value>15</value> + </entry> + </entries> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.global.memstore.size</name> + <value>0.4</value> + <description>Percentage of RegionServer memory to allocate to write buffers. + Each column family within each region is allocated a smaller pool (the memstore) within this shared write pool. + If this buffer is full, updates are blocked and data is flushed from memstores until a global low watermark + (hbase.regionserver.global.memstore.size.lower.limit) is reached. + </description> + <display-name>% of RegionServer Allocated to Write Buffers</display-name> + <value-attributes> + <type>float</type> + <minimum>0</minimum> + <maximum>0.8</maximum> + <increment-step>0.01</increment-step> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.coprocessor.master.classes</name> + <value/> + <description>A comma-separated list of + org.apache.hadoop.hbase.coprocessor.MasterObserver coprocessors that are + loaded by default on the active HMaster process. For any implemented + coprocessor methods, the listed classes will be called in order. After + implementing your own MasterObserver, just put it in HBase's classpath + and add the fully qualified class name here. + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-site</type> + <name>hbase.security.authorization</name> + </property> + <property> + <type>ranger-hbase-plugin-properties</type> + <name>ranger-hbase-plugin-enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + + <property> + <name>hbase.table.sanity.checks</name> + <value>true</value> + </property> + + <property> + <name>hbase.coprocessor.region.classes</name> + <value>org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint</value> + <description>A comma-separated list of Coprocessors that are loaded by + default on all tables. For any override coprocessor method, these classes + will be called in order. After implementing your own Coprocessor, just put + it in HBase's classpath and add the fully qualified class name here. + A coprocessor can also be loaded on demand by setting HTableDescriptor. + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>hbase-site</type> + <name>hbase.security.authorization</name> + </property> + <property> + <type>hbase-site</type> + <name>hbase.security.authentication</name> + </property> + <property> + <type>ranger-hbase-plugin-properties</type> + <name>ranger-hbase-plugin-enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.security.authorization</name> + <value>false</value> + <description> Set Authorization Method.</description> + <display-name>Enable Authorization</display-name> + <value-attributes> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>Native</label> + </entry> + <entry> + <value>false</value> + <label>Off</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + <depends-on> + <property> + <type>ranger-hbase-plugin-properties</type> + <name>ranger-hbase-plugin-enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.master.port</name> + <value>16000</value> + <display-name>HBase Master Port</display-name> + <description>The port the HBase Master should bind to.</description> + <value-attributes> + <overridable>false</overridable> + <type>int</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.master.info.port</name> + <value>16010</value> + <description>The port for the HBase Master web UI.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.port</name> + <value>16020</value> + <description>The port the HBase RegionServer binds to.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.info.port</name> + <value>16030</value> + <description>The port for the HBase RegionServer web UI.</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.regionserver.global.memstore.upperLimit</name> + <value>0.4</value> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>hbase.regionserver.global.memstore.lowerLimit</name> + <value>0.38</value> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>hbase.master.ui.readonly</name> + <value>false</value> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>hbase.rest.authentication.type</name> + <value>simple</value> + </property> + <property> + <name>hbase.rest.port</name> + <value>8091</value> + </property> + +</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-audit.xml new file mode 100755 index 0000000..53d222a --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-audit.xml @@ -0,0 +1,121 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description>Is Audit enabled?</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs</name> + <value>true</value> + <display-name>Audit to HDFS</display-name> + <description>Is Audit to HDFS enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.dir</name> + <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.hdfs.dir</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> + <value>/var/log/hbase/audit/hdfs/spool</value> + <description>/var/log/hbase/audit/hdfs/spool</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.solr</name> + <value>false</value> + <display-name>Audit to SOLR</display-name> + <description>Is Solr audit enabled?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>xasecure.audit.destination.solr</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.solr.urls</name> + <value/> + <description>Solr URL</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.urls</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.solr.zookeepers</name> + <value>NONE</value> + <description>Solr Zookeeper string</description> + <depends-on> + <property> + <type>ranger-admin-site</type> + <name>ranger.audit.solr.zookeepers</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.destination.solr.batch.filespool.dir</name> + <value>/var/log/hbase/audit/solr/spool</value> + <description>/var/log/hbase/audit/solr/spool</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.audit.provider.summary.enabled</name> + <value>true</value> + <display-name>Audit provider summary enabled</display-name> + <description>Enable Summary audit?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml new file mode 100755 index 0000000..e8664ae --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-plugin-properties.xml @@ -0,0 +1,83 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true"> + <property> + <name>common.name.for.certificate</name> + <value/> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>policy_user</name> + <value>ambari-qa</value> + <display-name>Policy user for HBASE</display-name> + <description>This user must be system user and also present at Ranger admin portal</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger-hbase-plugin-enabled</name> + <value>No</value> + <display-name>Enable Ranger for HBASE</display-name> + <description>Enable ranger hbase plugin ?</description> + <value-attributes> + <type>boolean</type> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>ranger-env</type> + <name>ranger-hbase-plugin-enabled</name> + </property> + </depends-on> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>REPOSITORY_CONFIG_USERNAME</name> + <value>hbase</value> + <display-name>Ranger repository config user</display-name> + <description>Used for repository creation on ranger admin</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>REPOSITORY_CONFIG_PASSWORD</name> + <value>hbase</value> + <display-name>Ranger repository config password</display-name> + <property-type>PASSWORD</property-type> + <description>Used for repository creation on ranger admin</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <description/> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml new file mode 100755 index 0000000..932591f --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml @@ -0,0 +1,66 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/usr/iop/current/hbase-client/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <description>password for keystore</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/usr/iop/current/hbase-client/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <description>java truststore password</description> + <value-attributes> + <type>password</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java keystore credential file</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java truststore credential file</description> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-security.xml new file mode 100755 index 0000000..7ef63d8 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/configuration/ranger-hbase-security.xml @@ -0,0 +1,68 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>ranger.plugin.hbase.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing HBase policies</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.rest.ssl.config.file</name> + <value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>ranger.plugin.hbase.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + <on-ambari-upgrade add="true"/> + </property> + <property> + <name>xasecure.hbase.update.xapolicies.on.grant.revoke</name> + <value>true</value> + <display-name>Should HBase GRANT/REVOKE update XA policies</display-name> + <description>Should HBase plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description> + <value-attributes> + <type>boolean</type> + </value-attributes> + <on-ambari-upgrade add="true"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/kerberos.json new file mode 100755 index 0000000..c71e8fa --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/kerberos.json @@ -0,0 +1,212 @@ +{ + "services": [ + { + "name": "HBASE", + "identities": [ + { + "name": "/spnego" + }, + { + "name": "hbase", + "principal": { + "value": "${hbase-env/hbase_user}-${cluster_name|toLower()}@${realm}", + "type" : "user", + "configuration": "hbase-env/hbase_principal_name", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.headless.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-env/hbase_user_keytab" + } + }, + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "hbase-site": { + "hbase.security.authentication": "kerberos", + "hbase.rest.authentication.type": "kerberos", + "hbase.security.authorization": "true", + "zookeeper.znode.parent": "/hbase-secure", + "hbase.coprocessor.master.classes": "{{hbase_coprocessor_master_classes}}", + "hbase.coprocessor.region.classes": "{{hbase_coprocessor_region_classes}}", + "hbase.coprocessor.regionserver.classes": "{{hbase_coprocessor_regionserver_classes}}", + "hbase.bulkload.staging.dir": "/apps/hbase/staging", + "hbase.master.ui.readonly": "true" + } + }, + { + "core-site": { + "hadoop.proxyuser.hbase.groups": "${hadoop-env/proxyuser_group}", + "hadoop.proxyuser.hbase.hosts": "*" + } + }, + { + "ranger-hbase-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "components": [ + { + "name": "HBASE_MASTER", + "identities": [ + { + "name": "/HDFS/NAMENODE/hdfs" + }, + { + "name": "hbase_master_hbase", + "principal": { + "value": "hbase/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/hbase.master.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/hbase.master.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal" + }, + "keytab": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab" + } + }, + { + "name": "/HBASE/HBASE_MASTER/hbase_master_hbase", + "principal": { + "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab" + } + } + ] + }, + { + "name": "HBASE_REGIONSERVER", + "identities": [ + { + "name": "hbase_regionserver_hbase", + "principal": { + "value": "hbase/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/hbase.regionserver.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/hbase.regionserver.keytab.file" + } + }, + { + "name": "/spnego", + "principal": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal" + }, + "keytab": { + "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab" + } + } + ] + }, + { + "name": "HBASE_REST_SERVER", + "identities": [ + { + "name": "hbase_rest_server_hbase", + "principal": { + "value": "hbase/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/hbase.rest.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/hbase.rest.keytab.file" + } + }, + { + "name": "hbase_rest_server_spnego", + "principal": { + "value": "HTTP/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/hbase.rest.authentication.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/hbase.rest.authentication.kerberos.keytab" + } + } + ] + }, + { + "name": "PHOENIX_QUERY_SERVER", + "identities": [ + { + "name": "/spnego", + "principal": { + "configuration": "hbase-site/phoenix.queryserver.kerberos.principal" + }, + "keytab": { + "configuration": "hbase-site/phoenix.queryserver.keytab.file" + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1863c3b9/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/metainfo.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/metainfo.xml new file mode 100755 index 0000000..99ba689 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2.5/services/HBASE/metainfo.xml @@ -0,0 +1,88 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<metainfo> + <schemaVersion>2.0</schemaVersion> + <services> + <service> + <name>HBASE</name> + <extends>common-services/HBASE/0.96.0.2.0</extends> + <version>1.2.4</version> + + <components> + <component> + <name>PHOENIX_QUERY_SERVER</name> + <displayName>Phoenix Query Server</displayName> + <category>SLAVE</category> + <cardinality>0+</cardinality> + <versionAdvertised>true</versionAdvertised> + <commandScript> + <script>scripts/phoenix_queryserver.py</script> + <scriptType>PYTHON</scriptType> + </commandScript> + <logs> + <log> + <logId>hbase_phoenix_server</logId> + <primary>true</primary> + </log> + </logs> + </component> + + <component> + <name>HBASE_REST_SERVER</name> + <displayName>HBaseRestServer</displayName> + <category>SLAVE</category> + <cardinality>0+</cardinality> + <versionAdvertised>true</versionAdvertised> + <commandScript> + <script>scripts/hbase_restgatewayserver.py</script> + <scriptType>PYTHON</scriptType> + </commandScript> + </component> + </components> + + <themes> + <theme> + <fileName>theme.json</fileName> + <default>true</default> + </theme> + </themes> + + <quickLinksConfigurations> + <quickLinksConfiguration> + <fileName>quicklinks.json</fileName> + <default>true</default> + </quickLinksConfiguration> + </quickLinksConfigurations> + + <osSpecifics> + <osSpecific> + <osFamily>any</osFamily> + <packages> + <package> + <name>hbase_4_2_5_*</name> + </package> + <package> + <name>phoenix_4_2_5_*</name> + </package> + </packages> + </osSpecific> + </osSpecifics> + + </service> + </services> +</metainfo>
