This is an automated email from the ASF dual-hosted git repository.
iwasakims pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bigtop.git
The following commit(s) were added to refs/heads/master by this push:
new df0dfd085 BIGTOP-3702. Add puppet manifests for Ranger. (#1074)
df0dfd085 is described below
commit df0dfd0857b11f83212872a93a4944460456cf6b
Author: Kengo Seki <[email protected]>
AuthorDate: Fri Feb 3 11:31:13 2023 +0900
BIGTOP-3702. Add puppet manifests for Ranger. (#1074)
---
bigtop-deploy/puppet/hieradata/bigtop/cluster.yaml | 4 +
bigtop-deploy/puppet/manifests/cluster.pp | 4 +
.../puppet/modules/ranger/manifests/init.pp | 85 ++++++
.../templates/ranger-admin/install.properties | 289 +++++++++++++++++++++
4 files changed, 382 insertions(+)
diff --git a/bigtop-deploy/puppet/hieradata/bigtop/cluster.yaml
b/bigtop-deploy/puppet/hieradata/bigtop/cluster.yaml
index dc1ede478..1895eef85 100644
--- a/bigtop-deploy/puppet/hieradata/bigtop/cluster.yaml
+++ b/bigtop-deploy/puppet/hieradata/bigtop/cluster.yaml
@@ -218,4 +218,8 @@ gpdb::common::db_base_dir: "/data_gp"
gpdb::common::master_db_port: "5432"
gpdb::common::segment_db_port_prefix: "4000"
+# Ambari
ambari::agent::server_host: "%{hiera('bigtop::hadoop_head_node')}"
+
+# Ranger
+ranger::admin::admin_password: "Admin01234"
diff --git a/bigtop-deploy/puppet/manifests/cluster.pp
b/bigtop-deploy/puppet/manifests/cluster.pp
index 3ef6a196e..022ef9614 100644
--- a/bigtop-deploy/puppet/manifests/cluster.pp
+++ b/bigtop-deploy/puppet/manifests/cluster.pp
@@ -133,6 +133,9 @@ $roles_map = {
},
phoenix => {
library => ["phoenix-server"],
+ },
+ ranger => {
+ master => ["ranger-server"],
}
}
@@ -199,6 +202,7 @@ class node_with_roles ($roles = hiera("bigtop::roles"))
inherits hadoop_cluster_
"ambari",
"bigtop_utils",
"phoenix",
+ "ranger",
]
node_with_roles::deploy_module { $modules:
diff --git a/bigtop-deploy/puppet/modules/ranger/manifests/init.pp
b/bigtop-deploy/puppet/modules/ranger/manifests/init.pp
new file mode 100644
index 000000000..d686e38fa
--- /dev/null
+++ b/bigtop-deploy/puppet/modules/ranger/manifests/init.pp
@@ -0,0 +1,85 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class ranger {
+
+ class deploy($roles) {
+ if ('ranger-server' in $roles) {
+ include ranger::prerequisites
+ include ranger::admin
+ }
+ }
+
+ class prerequisites {
+ # Before Facter 3.14.17, Rocky Linux 8 is detected as 'RedHat'.
+ # At the time of writing, Facter 3.14.2 is installed on Rocky Linux 8 by
default.
+ #
https://puppet.com/docs/pe/2019.8/osp/release_notes_facter.html#enhancements-3-14-17
+ if ($operatingsystem == 'RedHat' and 0 <=
versioncmp($operatingsystemmajrelease, '8')) {
+ # For some reason, 'python3' doesn't seem to work on Rocky Linux 8.
+ $python = 'python36'
+ } else {
+ $python = 'python3'
+ }
+
+ package { ['postgresql-jdbc', 'postgresql-server', $python]:
+ ensure => latest,
+ }
+
+ exec { 'initdb':
+ command => '/usr/bin/pg_ctl initdb -D /var/lib/pgsql/data',
+ user => 'postgres',
+ require => Package['postgresql-jdbc', 'postgresql-server', $python],
+ }
+
+ service { 'postgresql':
+ ensure => running,
+ require => Exec['initdb'],
+ }
+ }
+
+ class admin($admin_password) {
+ package { 'ranger-admin':
+ ensure => latest,
+ require => Class['ranger::prerequisites'],
+ }
+
+ file { '/usr/lib/ranger-admin/install.properties':
+ content => template('ranger/ranger-admin/install.properties'),
+ require => Package['ranger-admin'],
+ }
+
+ exec { '/usr/lib/ranger-admin/setup.sh':
+ cwd => '/usr/lib/ranger-admin',
+ environment => 'JAVA_HOME=/usr/lib/jvm/java-1.8.0',
+ require => File['/usr/lib/ranger-admin/install.properties'],
+ }
+
+ exec { '/usr/lib/ranger-admin/set_globals.sh':
+ cwd => '/usr/lib/ranger-admin',
+ environment => 'JAVA_HOME=/usr/lib/jvm/java-1.8.0',
+ require => Exec['/usr/lib/ranger-admin/setup.sh'],
+ }
+
+ exec { 'systemctl daemon-reload':
+ path => ["/bin", "/usr/bin"],
+ require => Exec['/usr/lib/ranger-admin/set_globals.sh'],
+ }
+
+ service { 'ranger-admin':
+ ensure => running,
+ require => Exec['systemctl daemon-reload'],
+ }
+ }
+}
diff --git
a/bigtop-deploy/puppet/modules/ranger/templates/ranger-admin/install.properties
b/bigtop-deploy/puppet/modules/ranger/templates/ranger-admin/install.properties
new file mode 100644
index 000000000..3affac499
--- /dev/null
+++
b/bigtop-deploy/puppet/modules/ranger/templates/ranger-admin/install.properties
@@ -0,0 +1,289 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file provides a list of the deployment variables for the Policy Manager
Web Application
+#
+
+#------------------------- DB CONFIG - BEGIN ----------------------------------
+# Uncomment the below if the DBA steps need to be run separately
+#setup_mode=SeparateDBA
+
+PYTHON_COMMAND_INVOKER=python3
+
+#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA
+DB_FLAVOR=POSTGRES
+#
+
+#
+# Location of DB client library (please check the location of the jar file)
+#
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+SQL_CONNECTOR_JAR=/usr/share/java/postgresql-jdbc.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar
+#SQL_CONNECTOR_JAR=/opt/sqlanywhere17/java/sajdbc4.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+
+#
+# DB password for the DB admin user-id
+# **************************************************************************
+# ** If the password is left empty or not-defined here,
+# ** it will try with blank password during installation process
+# **************************************************************************
+#
+#db_root_user=root|SYS|postgres|sa|dba
+#db_host=host:port # for DB_FLAVOR=MYSQL|POSTGRES|SQLA|MSSQL
#for example: db_host=localhost:3306
+#db_host=host:port:SID # for DB_FLAVOR=ORACLE
#for SID example: db_host=localhost:1521:ORCL
+#db_host=host:port/ServiceName # for DB_FLAVOR=ORACLE
#for Service example: db_host=localhost:1521/XE
+db_root_user=postgres
+db_root_password=
+db_host=localhost
+#SSL config
+db_ssl_enabled=false
+db_ssl_required=false
+db_ssl_verifyServerCertificate=false
+#db_ssl_auth_type=1-way|2-way, where 1-way represents standard one way ssl
authentication and 2-way represents mutual ssl authentication
+db_ssl_auth_type=2-way
+javax_net_ssl_keyStore=
+javax_net_ssl_keyStorePassword=
+javax_net_ssl_trustStore=
+javax_net_ssl_trustStorePassword=
+javax_net_ssl_trustStore_type=jks
+javax_net_ssl_keyStore_type=jks
+
+# For postgresql db
+db_ssl_certificate_file=
+
+#
+# DB UserId used for the Ranger schema
+#
+db_name=ranger
+db_user=rangeradmin
+db_password=<%= @admin_password %>
+
+#For over-riding the jdbc url.
+is_override_db_connection_string=false
+db_override_connection_string=
+
+
+# change password. Password for below mentioned users can be changed only once
using this property.
+#PLEASE NOTE :: Password should be minimum 8 characters with min one alphabet
and one numeric.
+rangerAdmin_password=<%= @admin_password %>
+rangerTagsync_password=<%= @admin_password %>
+rangerUsersync_password=<%= @admin_password %>
+keyadmin_password=<%= @admin_password %>
+
+
+#Source for Audit Store. Currently solr, elasticsearch and cloudwatch logs are
supported.
+# * audit_store is solr
+audit_store=
+
+# * audit_solr_url Elasticsearch Host(s). E.g. 127.0.0.1
+audit_elasticsearch_urls=
+audit_elasticsearch_port=
+audit_elasticsearch_protocol=
+audit_elasticsearch_user=
+audit_elasticsearch_password=
+audit_elasticsearch_index=
+audit_elasticsearch_bootstrap_enabled=true
+
+
+# * audit_solr_url URL to Solr. E.g. http://<solr_host>:6083/solr/ranger_audits
+audit_solr_urls=
+audit_solr_user=
+audit_solr_password=
+audit_solr_zookeepers=
+
+audit_solr_collection_name=ranger_audits
+#solr Properties for cloud mode
+audit_solr_config_name=ranger_audits
+audit_solr_configset_location=
+audit_solr_no_shards=1
+audit_solr_no_replica=1
+audit_solr_max_shards_per_node=1
+audit_solr_acl_user_list_sasl=solr,infra-solr
+audit_solr_bootstrap_enabled=true
+
+# * audit to amazon cloudwatch properties
+audit_cloudwatch_region=
+audit_cloudwatch_log_group=
+audit_cloudwatch_log_stream_prefix=
+
+#------------------------- DB CONFIG - END ----------------------------------
+
+#
+# ------- PolicyManager CONFIG ----------------
+#
+
+policymgr_external_url=http://localhost:6080
+policymgr_http_enabled=true
+policymgr_https_keystore_file=
+policymgr_https_keystore_keyalias=rangeradmin
+policymgr_https_keystore_password=
+
+#Add Supported Components list below separated by semi-colon, default value is
empty string to support all components
+#Example : policymgr_supportedcomponents=hive,hbase,hdfs
+policymgr_supportedcomponents=
+
+#
+# ------- PolicyManager CONFIG - END ---------------
+#
+
+
+#
+# ------- UNIX User CONFIG ----------------
+#
+unix_user=ranger
+unix_user_pwd=ranger
+unix_group=ranger
+
+#
+# ------- UNIX User CONFIG - END ----------------
+#
+#
+
+#
+# UNIX authentication service for Policy Manager
+#
+# PolicyManager can authenticate using UNIX username/password
+# The UNIX server specified here as authServiceHostName needs to be installed
with ranger-unix-ugsync package.
+# Once the service is installed on authServiceHostName, the UNIX
username/password from the host <authServiceHostName> can be used to login into
policy manager
+#
+# ** The installation of ranger-unix-ugsync package can be installed after the
policymanager installation is finished.
+#
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=NONE
+remoteLoginEnabled=true
+authServiceHostName=localhost
+authServicePort=5151
+ranger_unixauth_keystore=keystore.jks
+ranger_unixauth_keystore_password=password
+ranger_unixauth_truststore=cacerts
+ranger_unixauth_truststore_password=changeit
+
+####LDAP settings - Required only if have selected LDAP authentication ####
+#
+# Sample Settings
+#
+#xa_ldap_url=ldap://127.0.0.1:389
+#xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net
+#xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net
+#xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net)
+#xa_ldap_groupRoleAttribute=cn
+#xa_ldap_base_dn=dc=xasecure,dc=net
+#xa_ldap_bind_dn=cn=admin,ou=users,dc=xasecure,dc=net
+#xa_ldap_bind_password=
+#xa_ldap_referral=follow|ignore
+#xa_ldap_userSearchFilter=(uid={0})
+
+xa_ldap_url=
+xa_ldap_userDNpattern=
+xa_ldap_groupSearchBase=
+xa_ldap_groupSearchFilter=
+xa_ldap_groupRoleAttribute=
+xa_ldap_base_dn=
+xa_ldap_bind_dn=
+xa_ldap_bind_password=
+xa_ldap_referral=
+xa_ldap_userSearchFilter=
+####ACTIVE_DIRECTORY settings - Required only if have selected AD
authentication ####
+#
+# Sample Settings
+#
+#xa_ldap_ad_domain=xasecure.net
+#xa_ldap_ad_url=ldap://127.0.0.1:389
+#xa_ldap_ad_base_dn=dc=xasecure,dc=net
+#xa_ldap_ad_bind_dn=cn=administrator,ou=users,dc=xasecure,dc=net
+#xa_ldap_ad_bind_password=
+#xa_ldap_ad_referral=follow|ignore
+#xa_ldap_ad_userSearchFilter=(sAMAccountName={0})
+
+xa_ldap_ad_domain=
+xa_ldap_ad_url=
+xa_ldap_ad_base_dn=
+xa_ldap_ad_bind_dn=
+xa_ldap_ad_bind_password=
+xa_ldap_ad_referral=
+xa_ldap_ad_userSearchFilter=
+
+#------------ Kerberos Config -----------------
+spnego_principal=
+spnego_keytab=
+token_valid=30
+cookie_domain=
+cookie_path=/
+admin_principal=
+admin_keytab=
+lookup_principal=
+lookup_keytab=
+hadoop_conf=/etc/hadoop/conf
+#
+#-------- SSO CONFIG - Start ------------------
+#
+sso_enabled=false
+sso_providerurl=https://127.0.0.1:8443/gateway/knoxsso/api/v1/websso
+sso_publickey=
+
+#
+#-------- SSO CONFIG - END ------------------
+
+# Custom log directory path
+RANGER_ADMIN_LOG_DIR=$PWD
+RANGER_ADMIN_LOGBACK_CONF_FILE=
+
+# PID file path
+RANGER_PID_DIR_PATH=/var/run/ranger
+
+# ################# DO NOT MODIFY ANY VARIABLES BELOW
#########################
+#
+# --- These deployment variables are not to be modified unless you understand
the full impact of the changes
+#
+################################################################################
+XAPOLICYMGR_DIR=$PWD
+app_home=$PWD/ews/webapp
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+LOGFILES="$LOGFILE"
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.8'
+JAVA_ORACLE='Java(TM) SE Runtime Environment'
+
+ranger_admin_max_heap_size=1g
+#retry DB and Java patches after the given time in seconds.
+PATCH_RETRY_INTERVAL=120
+STALE_PATCH_ENTRY_HOLD_TIME=10
+
+#mysql_create_user_file=${PWD}/db/mysql/create_dev_user.sql
+mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
+mysql_audit_file=db/mysql/xa_audit_db.sql
+#mysql_asset_file=${PWD}/db/mysql/reset_asset.sql
+
+#oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql
+oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql
+oracle_audit_file=db/oracle/xa_audit_db_oracle.sql
+#oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql
+#
+postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql
+postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
+#
+sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql
+#
+sqlanywhere_core_file=db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql
+cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks
