HAWQ-1298. Updated RPS properties and scripts (closes #1109)
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq/commit/8c9b45a4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq/tree/8c9b45a4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq/diff/8c9b45a4 Branch: refs/heads/2.1.0.0-incubating Commit: 8c9b45a40ec55bd7ad1589de894962aaf1540f3a Parents: 23c45c7 Author: Alexander Denissov <[email protected]> Authored: Tue Jan 31 14:31:06 2017 -0800 Committer: Alexander Denissov <[email protected]> Committed: Thu Feb 9 11:13:54 2017 -0800 ---------------------------------------------------------------------- ranger-plugin/conf/catalina.properties | 83 +++ ranger-plugin/conf/log4j.properties | 58 +++ ranger-plugin/conf/ranger-hawq-audit.xml | 47 ++ ranger-plugin/conf/ranger-hawq-security.xml | 85 ++++ ranger-plugin/conf/rps.properties | 32 ++ ranger-plugin/conf/server.xml | 38 ++ ranger-plugin/conf/tomcat-server.xml | 60 --- .../service/tests/common/ServiceTestBase.java | 5 +- ranger-plugin/pom.xml | 67 ++- ranger-plugin/scripts/catalina.sh | 507 +++++++++++++++++++ ranger-plugin/scripts/enable-ranger-plugin.sh | 225 ++++++++ ranger-plugin/scripts/register_hawq.sh | 217 -------- ranger-plugin/scripts/rps.sh | 82 ++- ranger-plugin/scripts/rps_env.sh | 30 -- ranger-plugin/scripts/setenv.sh | 23 + ranger-plugin/service/pom.xml | 42 +- .../authorization/RangerHawqAuthorizer.java | 6 +- .../apache/hawq/ranger/authorization/Utils.java | 17 +- .../service/src/main/resources/log4j.properties | 42 -- .../src/main/resources/ranger-hawq-security.xml | 92 ---- .../service/src/main/resources/rps.properties | 17 - .../service/src/main/webapp/WEB-INF/web.xml | 20 +- .../hawq/ranger/authorization/UtilsTest.java | 20 +- .../src/test/resources/ranger-hawq-security.xml | 85 ++++ .../service/src/test/resources/rps.properties | 4 +- 25 files changed, 1363 insertions(+), 541 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/catalina.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/catalina.properties b/ranger-plugin/conf/catalina.properties new file mode 100644 index 0000000..7e10ef5 --- /dev/null +++ b/ranger-plugin/conf/catalina.properties @@ -0,0 +1,83 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# List of comma-separated packages that start with or equal this string +# will cause a security exception to be thrown when +# passed to checkPackageAccess unless the +# corresponding RuntimePermission ("accessClassInPackage."+package) has +# been granted. +package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.jasper.,\ +org.apache.naming.resources.,org.apache.tomcat.,sun.beans. +# +# List of comma-separated packages that start with or equal this string +# will cause a security exception to be thrown when +# passed to checkPackageDefinition unless the +# corresponding RuntimePermission ("defineClassInPackage."+package) has +# been granted. +# +# by default, no packages are restricted for definition, and none of +# the class loaders supplied with the JDK call checkPackageDefinition. +# +package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,\ +org.apache.jasper.,org.apache.naming.,org.apache.tomcat. + +# +# +# List of comma-separated paths defining the contents of the "common" +# classloader. Prefixes should be used to define what is the repository type. +# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. +# If left as blank,the JVM system loader will be used as Catalina's "common" +# loader. +# Examples: +# "foo": Add this folder as a class repository +# "foo/*.jar": Add all the JARs of the specified folder as class +# repositories +# "foo/bar.jar": Add bar.jar as a class repository +common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar + +# +# List of comma-separated paths defining the contents of the "server" +# classloader. Prefixes should be used to define what is the repository type. +# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute. +# If left as blank, the "common" loader will be used as Catalina's "server" +# loader. +# Examples: +# "foo": Add this folder as a class repository +# "foo/*.jar": Add all the JARs of the specified folder as class +# repositories +# "foo/bar.jar": Add bar.jar as a class repository +server.loader= + +# +# List of comma-separated paths defining the contents of the "shared" +# classloader. Prefixes should be used to define what is the repository type. +# Path may be relative to the CATALINA_BASE path or absolute. If left as blank, +# the "common" loader will be used as Catalina's "shared" loader. +# Examples: +# "foo": Add this folder as a class repository +# "foo/*.jar": Add all the JARs of the specified folder as class +# repositories +# "foo/bar.jar": Add bar.jar as a class repository +# Please note that for single jars, e.g. bar.jar, you need the URL form +# starting with file:. +shared.loader= + +# +# String cache configuration. +tomcat.util.buf.StringCache.byte.enabled=true +#tomcat.util.buf.StringCache.char.enabled=true +#tomcat.util.buf.StringCache.trainThreshold=500000 +#tomcat.util.buf.StringCache.cacheSize=5000 http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/log4j.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/log4j.properties b/ranger-plugin/conf/log4j.properties new file mode 100644 index 0000000..ca7cfcd --- /dev/null +++ b/ranger-plugin/conf/log4j.properties @@ -0,0 +1,58 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# log only messages at INFO level and higher +root.logger=INFO,rps +audit.logger=INFO,audit + +# +# Loggers +# + +log4j.rootLogger=${root.logger} + +log4j.logger.ranger_audit_logger=${audit.logger} +log4j.additivity.ranger_audit_logger=false + +# fine tune verbosity of Hadoop and Ranger libraries logging, if needed +#log4j.logger.org.apache.ranger=WARN +#log4j.logger.org.apache.hadoop=WARN +#log4j.logger.org.apache.hawq.ranger=DEBUG + +# +# Appenders +# + +# console +log4j.appender.console=org.apache.log4j.ConsoleAppender +log4j.appender.console.target=System.err +log4j.appender.console.layout=org.apache.log4j.PatternLayout +log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n + +# RPS log file +log4j.appender.rps=org.apache.log4j.DailyRollingFileAppender +log4j.appender.rps.file=/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs/rps.log +log4j.appender.rps.datePattern='.'yyyy-MM-dd +log4j.appender.rps.append=true +log4j.appender.rps.layout=org.apache.log4j.PatternLayout +log4j.appender.rps.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %C{6}: %m%n + +# Ranger Audit log file +log4j.appender.audit=org.apache.log4j.DailyRollingFileAppender +log4j.appender.audit.file=/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs/audit.log +log4j.appender.audit.datePattern='.'yyyy-MM-dd +log4j.appender.audit.append=true +log4j.appender.audit.layout=org.apache.log4j.PatternLayout +log4j.appender.audit.layout.ConversionPattern=%m%n \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/ranger-hawq-audit.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/ranger-hawq-audit.xml b/ranger-plugin/conf/ranger-hawq-audit.xml new file mode 100644 index 0000000..01fe5ab --- /dev/null +++ b/ranger-plugin/conf/ranger-hawq-audit.xml @@ -0,0 +1,47 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> + <!-- HDFS audit provider configuration --> + <property> + <name>xasecure.audit.destination.hdfs</name> + <value>false</value> + </property> + + <property> + <name>xasecure.audit.destination.hdfs.dir</name> + <value>hdfs://localhost:8020/ranger/audit</value> + </property> + + <property> + <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> + <value>/tmp/audit/hdfs/spool</value> + </property> + + + <!-- Log4j audit provider configuration --> + <property> + <name>xasecure.audit.destination.log4j</name> + <value>true</value> + </property> + + <property> + <name>xasecure.audit.destination.log4j.logger</name> + <value>ranger_audit_logger</value> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/ranger-hawq-security.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/ranger-hawq-security.xml b/ranger-plugin/conf/ranger-hawq-security.xml new file mode 100644 index 0000000..0cdc160 --- /dev/null +++ b/ranger-plugin/conf/ranger-hawq-security.xml @@ -0,0 +1,85 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> + <property> + <name>ranger.plugin.hawq.service.name</name> + <value>hawq</value> + <description> + Name of the Ranger service containing policies for this HAWQ instance + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description> + Class to retrieve policies from the source + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.rest.url</name> + <value>${policy.manager.url}</value> + <description> + URL to Ranger Admin + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.rest.ssl.config.file</name> + <value>ranger-policymgr-ssl.xml</value> + <description> + Path to the file containing SSL details to contact Ranger Admin + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.pollIntervalMs</name> + <value>30000</value> + <description> + How often to poll for changes in policies? + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.cache.dir</name> + <value>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work/policycache</value> + <description> + Directory where Ranger policies are cached after successful retrieval from the source + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.rest.client.connection.timeoutMs</name> + <value>120000</value> + <description> + RangerRESTClient Connection Timeout in Milliseconds + </description> + </property> + + <property> + <name>ranger.plugin.hawq.policy.rest.client.read.timeoutMs</name> + <value>30000</value> + <description> + RangerRESTClient read Timeout in Milliseconds + </description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/rps.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/rps.properties b/ranger-plugin/conf/rps.properties new file mode 100644 index 0000000..60545c1 --- /dev/null +++ b/ranger-plugin/conf/rps.properties @@ -0,0 +1,32 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# URL for Ranger Admin policy manager, e.g. http://host:port +POLICY_MGR_URL= + +# port where Ranger Plugin Service should listen for HTTP requests +RPS_HTTP_PORT=8432 + +# port where Ranger Plugin Service should listen for HTTPS requests +RPS_HTTPS_PORT=8333 + +# port where Ranger Plugin Service should listen for shutdown requests +RPS_SHUTDOWN_PORT=8405 + +# name of the instance of HAWQ service in Ranger Policy Manager +RANGER_HAWQ_INSTANCE=hawq + +# version of the software +RPS_VERSION=${project.version} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/server.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/server.xml b/ranger-plugin/conf/server.xml new file mode 100644 index 0000000..7a2ae69 --- /dev/null +++ b/ranger-plugin/conf/server.xml @@ -0,0 +1,38 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<Server port="${rps.shutdown.port}" shutdown="7d558327-ef81-48fa-bed2-fc1aaa5bb634"> + + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + + <Service name="Catalina"> + <Connector port="${rps.http.port}" redirectPort="${rps.https.port}" protocol="HTTP/1.1" + maxHttpHeaderSize="8192" enableLookups="false" + acceptCount="100" maxThreads="50" minSpareThreads="5" + connectionTimeout="20000" server="Apache Tomcat" xpoweredBy="false" /> + <!-- + <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" + maxThreads="150" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" /> + --> + <Engine name="Catalina" defaultHost="localhost"> + <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false" + deployOnStartup="true" xmlValidation="false" xmlNamespaceAware="false" /> + </Engine> + </Service> +</Server> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/conf/tomcat-server.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/conf/tomcat-server.xml b/ranger-plugin/conf/tomcat-server.xml deleted file mode 100644 index 09f9088..0000000 --- a/ranger-plugin/conf/tomcat-server.xml +++ /dev/null @@ -1,60 +0,0 @@ -<?xml version='1.0' encoding='utf-8'?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<!-- Note: A "Server" is not itself a "Container", so you may not - define subcomponents such as "Valves" at this level. - Documentation at /docs/config/server.html - --> -<Server port="8005" shutdown="SHUTDOWN"> - - <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> - <Listener className="org.apache.catalina.core.JasperListener" /> - <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> - <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> - <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> - - <GlobalNamingResources> - <Resource name="UserDatabase" auth="Container" - type="org.apache.catalina.UserDatabase" - description="User database that can be updated and saved" - factory="org.apache.catalina.users.MemoryUserDatabaseFactory" - pathname="conf/tomcat-users.xml" /> - </GlobalNamingResources> - - <Service name="Catalina"> - - <Connector port="${http.port}" protocol="HTTP/1.1" - connectionTimeout="20000" - redirectPort="8443" /> - - <Engine name="Catalina" defaultHost="localhost"> - - <Realm className="org.apache.catalina.realm.UserDatabaseRealm" - resourceName="UserDatabase"/> - - <Host name="${http.host}" appBase="webapps" - unpackWARs="true" autoDeploy="true" - xmlValidation="false" xmlNamespaceAware="false"> - - <Context path="/rps" - docBase="/usr/local/hawq/ranger/plugin-service/webapps/rps" - reloadable="false" debug="0" cookies="false"></Context> - - </Host> - </Engine> - </Service> -</Server> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java index 0b3be56..21c654c 100644 --- a/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java +++ b/ranger-plugin/integration/service/src/test/java/org/apache/hawq/ranger/integration/service/tests/common/ServiceTestBase.java @@ -67,7 +67,8 @@ public abstract class ServiceTestBase { private static final String RANGER_URL = String.format("http://%s:%s/service/public/v2/api";, RANGER_HOST, RANGER_PORT); private static final String RANGER_POLICY_URL = RANGER_URL + "/policy"; - private static final int POLICY_REFRESH_INTERVAL = 6000; + private static final String POLICY_WAIT_INTERVAL_PROP_NAME = "policy.wait.interval.ms"; + private static final int POLICY_WAIT_INTERVAL = Integer.parseInt(System.getProperty(POLICY_WAIT_INTERVAL_PROP_NAME, "6000")); private static final TypeReference<HashMap<String,Object>> typeMSO = new TypeReference<HashMap<String,Object>>() {}; private RESTClient rest = new RESTClient(); @@ -132,7 +133,7 @@ public abstract class ServiceTestBase { private void waitForPolicyRefresh() { try { - Thread.sleep(POLICY_REFRESH_INTERVAL); + Thread.sleep(POLICY_WAIT_INTERVAL); } catch (InterruptedException e) { LOG.error(e); http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/pom.xml b/ranger-plugin/pom.xml index 20d3112..d8ab6b0 100644 --- a/ranger-plugin/pom.xml +++ b/ranger-plugin/pom.xml @@ -81,10 +81,37 @@ <mappings> <mapping> <directory>/usr/local/hawq_${hawq.name.version}/ranger/bin</directory> - <filemode>755</filemode> + <filemode>750</filemode> <sources> <source> - <location>scripts</location> + <location>scripts/enable-ranger-plugin.sh</location> + </source> + <source> + <location>scripts/rps.sh</location> + </source> + <source> + <location>scripts/catalina.sh</location> + </source> + </sources> + </mapping> + <mapping> + <directory>/usr/local/hawq_${hawq.name.version}/ranger/etc</directory> + <sources> + <source> + <location>conf/ranger-servicedef-hawq.json</location> + </source> + <!-- filtered resources include version number and come from target/conf directory --> + <source> + <location>service/target/conf/ranger-hawq-security.xml</location> + </source> + <source> + <location>service/target/conf/ranger-hawq-audit.xml</location> + </source> + <source> + <location>service/target/conf/rps.properties</location> + </source> + <source> + <location>service/target/conf/log4j.properties</location> </source> </sources> </mapping> @@ -100,18 +127,34 @@ </sources> </mapping> <mapping> - <directory>/usr/local/hawq_${hawq.name.version}/ranger/etc</directory> + <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service</directory> + </mapping> + <mapping> + <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/bin</directory> <sources> <source> - <location>conf/ranger-servicedef-hawq.json</location> + <location>scripts/setenv.sh</location> </source> </sources> </mapping> <mapping> - <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service</directory> + <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/conf</directory> + <sources> + <source> + <location>conf/server.xml</location> + </source> + <source> + <location>conf/catalina.properties</location> + </source> + </sources> </mapping> <mapping> - <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/bin</directory> + <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/lib</directory> + <sources> + <source> + <location>service/target/ranger-plugin-service-${project.version}/WEB-INF/lib</location> + </source> + </sources> </mapping> <mapping> <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/logs</directory> @@ -123,6 +166,9 @@ <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work</directory> </mapping> <mapping> + <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/work/policycache</directory> + </mapping> + <mapping> <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/webapps</directory> <sources> <source> @@ -131,14 +177,7 @@ </source> </sources> </mapping> - <mapping> - <directory>/usr/local/hawq_${hawq.name.version}/ranger/plugin-service/conf</directory> - <sources> - <source> - <location>conf/tomcat-server.xml</location> - </source> - </sources> - </mapping> + </mappings> </configuration> </plugin> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/catalina.sh ---------------------------------------------------------------------- diff --git a/ranger-plugin/scripts/catalina.sh b/ranger-plugin/scripts/catalina.sh new file mode 100755 index 0000000..26f7601 --- /dev/null +++ b/ranger-plugin/scripts/catalina.sh @@ -0,0 +1,507 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ----------------------------------------------------------------------------- +# Start/Stop Script for the CATALINA Server +# +# Environment Variable Prerequisites +# +# CATALINA_HOME May point at your Catalina "build" directory. +# +# CATALINA_BASE (Optional) Base directory for resolving dynamic portions +# of a Catalina installation. If not present, resolves to +# the same directory that CATALINA_HOME points to. +# +# CATALINA_OUT (Optional) Full path to a file where stdout and stderr +# will be redirected. +# Default is $CATALINA_BASE/logs/catalina.out +# +# CATALINA_OPTS (Optional) Java runtime options used when the "start", +# or "run" command is executed. +# +# CATALINA_TMPDIR (Optional) Directory path location of temporary directory +# the JVM should use (java.io.tmpdir). Defaults to +# $CATALINA_BASE/temp. +# +# JAVA_HOME Must point at your Java Development Kit installation. +# Required to run the with the "debug" argument. +# +# JRE_HOME Must point at your Java Development Kit installation. +# Defaults to JAVA_HOME if empty. +# +# JAVA_OPTS (Optional) Java runtime options used when the "start", +# "stop", or "run" command is executed. +# +# JAVA_ENDORSED_DIRS (Optional) Lists of of colon separated directories +# containing some jars in order to allow replacement of APIs +# created outside of the JCP (i.e. DOM and SAX from W3C). +# It can also be used to update the XML parser implementation. +# Defaults to $CATALINA_HOME/endorsed. +# +# JPDA_TRANSPORT (Optional) JPDA transport used when the "jpda start" +# command is executed. The default is "dt_socket". +# +# JPDA_ADDRESS (Optional) Java runtime options used when the "jpda start" +# command is executed. The default is 8000. +# +# JPDA_SUSPEND (Optional) Java runtime options used when the "jpda start" +# command is executed. Specifies whether JVM should suspend +# execution immediately after startup. Default is "n". +# +# JPDA_OPTS (Optional) Java runtime options used when the "jpda start" +# command is executed. If used, JPDA_TRANSPORT, JPDA_ADDRESS, +# and JPDA_SUSPEND are ignored. Thus, all required jpda +# options MUST be specified. The default is: +# +# -agentlib:jdwp=transport=$JPDA_TRANSPORT, +# address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND +# +# CATALINA_PID (Optional) Path of the file which should contains the pid +# of catalina startup java process, when start (fork) is used +# +# LOGGING_CONFIG (Optional) Override Tomcat's logging config file +# Example (all one line) +# LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties" +# +# LOGGING_MANAGER (Optional) Override Tomcat's logging manager +# Example (all one line) +# LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" +# ----------------------------------------------------------------------------- + +# OS specific support. $var _must_ be set to either true or false. +cygwin=false +os400=false +darwin=false +case "`uname`" in +CYGWIN*) cygwin=true;; +OS400*) os400=true;; +Darwin*) darwin=true;; +esac + +# resolve links - $0 may be a softlink +PRG="$0" + +while [ -h "$PRG" ]; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`/"$link" + fi +done + +# Get standard environment variables +PRGDIR=`dirname "$PRG"` + +# Only set CATALINA_HOME if not already set +[ -z "$CATALINA_HOME" ] && CATALINA_HOME=`cd "$PRGDIR/.." >/dev/null; pwd` + +# Copy CATALINA_BASE from CATALINA_HOME if not already set +[ -z "$CATALINA_BASE" ] && CATALINA_BASE="$CATALINA_HOME" + +# Ensure that any user defined CLASSPATH variables are not used on startup, +# but allow them to be specified in setenv.sh, in rare case when it is needed. +CLASSPATH= + +if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then + . "$CATALINA_BASE/bin/setenv.sh" +elif [ -r "$CATALINA_HOME/bin/setenv.sh" ]; then + . "$CATALINA_HOME/bin/setenv.sh" +fi + +# For Cygwin, ensure paths are in UNIX format before anything is touched +if $cygwin; then + [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$JRE_HOME" ] && JRE_HOME=`cygpath --unix "$JRE_HOME"` + [ -n "$CATALINA_HOME" ] && CATALINA_HOME=`cygpath --unix "$CATALINA_HOME"` + [ -n "$CATALINA_BASE" ] && CATALINA_BASE=`cygpath --unix "$CATALINA_BASE"` + [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +# For OS400 +if $os400; then + # Set job priority to standard for interactive (interactive - 6) by using + # the interactive priority - 6, the helper threads that respond to requests + # will be running at the same priority as interactive jobs. + COMMAND='chgjob job('$JOBNAME') runpty(6)' + system $COMMAND + + # Enable multi threading + export QIBM_MULTI_THREADED=Y +fi + +# Get standard Java environment variables +if $os400; then + # -r will Only work on the os400 if the files are: + # 1. owned by the user + # 2. owned by the PRIMARY group of the user + # this will not work if the user belongs in secondary groups + BASEDIR="$CATALINA_HOME" + . "$CATALINA_HOME"/bin/setclasspath.sh +else + if [ -r "$CATALINA_HOME"/bin/setclasspath.sh ]; then + BASEDIR="$CATALINA_HOME" + . "$CATALINA_HOME"/bin/setclasspath.sh + else + echo "Cannot find $CATALINA_HOME/bin/setclasspath.sh" + echo "This file is needed to run this program" + exit 1 + fi +fi + +if [ -z "$CATALINA_BASE" ] ; then + CATALINA_BASE="$CATALINA_HOME" +fi + +# Add tomcat-juli.jar and bootstrap.jar to classpath +# tomcat-juli.jar can be over-ridden per instance +if [ ! -z "$CLASSPATH" ] ; then + CLASSPATH="$CLASSPATH": +fi +if [ "$CATALINA_BASE" != "$CATALINA_HOME" ] && [ -r "$CATALINA_BASE/bin/tomcat-juli.jar" ] ; then + CLASSPATH="$CLASSPATH""$CATALINA_BASE"/bin/tomcat-juli.jar:"$CATALINA_HOME"/bin/bootstrap.jar +else + CLASSPATH="$CLASSPATH""$CATALINA_HOME"/bin/bootstrap.jar +fi + +if [ -z "$CATALINA_OUT" ] ; then + CATALINA_OUT="$CATALINA_BASE"/logs/catalina.out +fi + +if [ -z "$CATALINA_TMPDIR" ] ; then + # Define the java.io.tmpdir to use for Catalina + CATALINA_TMPDIR="$CATALINA_BASE"/temp +fi + +# Bugzilla 37848: When no TTY is available, don't output to console +have_tty=0 +if [ "`tty`" != "not a tty" ]; then + have_tty=1 +fi + +# For Cygwin, switch paths to Windows format before running java +if $cygwin; then + JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"` + JRE_HOME=`cygpath --absolute --windows "$JRE_HOME"` + CATALINA_HOME=`cygpath --absolute --windows "$CATALINA_HOME"` + CATALINA_BASE=`cygpath --absolute --windows "$CATALINA_BASE"` + CATALINA_TMPDIR=`cygpath --absolute --windows "$CATALINA_TMPDIR"` + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"` +fi + +# Set juli LogManager config file if it is present and an override has not been issued +if [ -z "$LOGGING_CONFIG" ]; then + if [ -r "$CATALINA_BASE"/conf/logging.properties ]; then + LOGGING_CONFIG="-Djava.util.logging.config.file=$CATALINA_BASE/conf/logging.properties" + else + # Bugzilla 45585 + LOGGING_CONFIG="-Dnop" + fi +fi + +if [ -z "$LOGGING_MANAGER" ]; then + LOGGING_MANAGER="-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager" +fi + +# ----- Execute The Requested Command ----------------------------------------- + +# Bugzilla 37848: only output this if we have a TTY +if [ $have_tty -eq 1 ]; then + echo "Using CATALINA_BASE: $CATALINA_BASE" + echo "Using CATALINA_HOME: $CATALINA_HOME" + echo "Using CATALINA_TMPDIR: $CATALINA_TMPDIR" + if [ "$1" = "debug" ] ; then + echo "Using JAVA_HOME: $JAVA_HOME" + else + echo "Using JRE_HOME: $JRE_HOME" + fi + echo "Using CLASSPATH: $CLASSPATH" + if [ ! -z "$CATALINA_PID" ]; then + echo "Using CATALINA_PID: $CATALINA_PID" + fi +fi + +if [ "$1" = "jpda" ] ; then + if [ -z "$JPDA_TRANSPORT" ]; then + JPDA_TRANSPORT="dt_socket" + fi + if [ -z "$JPDA_ADDRESS" ]; then + JPDA_ADDRESS="8000" + fi + if [ -z "$JPDA_SUSPEND" ]; then + JPDA_SUSPEND="n" + fi + if [ -z "$JPDA_OPTS" ]; then + JPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND" + fi + CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS" + shift +fi + +if [ "$1" = "debug" ] ; then + if $os400; then + echo "Debug command not available on OS400" + exit 1 + else + shift + if [ "$1" = "-security" ] ; then + if [ $have_tty -eq 1 ]; then + echo "Using Security Manager" + fi + shift + exec "$_RUNJDB" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -sourcepath "$CATALINA_HOME"/../../java \ + -Djava.security.manager \ + -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" start + else + exec "$_RUNJDB" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -sourcepath "$CATALINA_HOME"/../../java \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" start + fi + fi + +elif [ "$1" = "run" ]; then + + shift + if [ "$1" = "-security" ] ; then + if [ $have_tty -eq 1 ]; then + echo "Using Security Manager" + fi + shift + exec "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -Djava.security.manager \ + -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" start + else + exec "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" start + fi + +elif [ "$1" = "start" ] ; then + + if [ ! -z "$CATALINA_PID" ]; then + if [ -f "$CATALINA_PID" ]; then + if [ -s "$CATALINA_PID" ]; then + echo "Existing PID file found during start." + if [ -r "$CATALINA_PID" ]; then + PID=`cat "$CATALINA_PID"` + ps -p $PID >/dev/null 2>&1 + if [ $? -eq 0 ] ; then + echo "Tomcat appears to still be running with PID $PID. Start aborted." + echo "If the following process is not a Tomcat process, remove the PID file and try again:" + ps -f -p $PID + # RPS treats repeated start as non-error condition, assuming running process is RPS; originally was: exit 1 + exit 0 + else + echo "Removing/clearing stale PID file." + rm -f "$CATALINA_PID" >/dev/null 2>&1 + if [ $? != 0 ]; then + if [ -w "$CATALINA_PID" ]; then + cat /dev/null > "$CATALINA_PID" + else + echo "Unable to remove or clear stale PID file. Start aborted." + exit 1 + fi + fi + fi + else + echo "Unable to read PID file. Start aborted." + exit 1 + fi + else + rm -f "$CATALINA_PID" >/dev/null 2>&1 + if [ $? != 0 ]; then + if [ ! -w "$CATALINA_PID" ]; then + echo "Unable to remove or write to empty PID file. Start aborted." + exit 1 + fi + fi + fi + fi + fi + + shift + touch "$CATALINA_OUT" + if [ "$1" = "-security" ] ; then + if [ $have_tty -eq 1 ]; then + echo "Using Security Manager" + fi + shift + "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -Djava.security.manager \ + -Djava.security.policy=="$CATALINA_BASE"/conf/catalina.policy \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" start \ + >> "$CATALINA_OUT" 2>&1 & + + else + "$_RUNJAVA" "$LOGGING_CONFIG" $LOGGING_MANAGER $JAVA_OPTS $CATALINA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" start \ + >> "$CATALINA_OUT" 2>&1 & + + fi + + if [ ! -z "$CATALINA_PID" ]; then + echo $! > "$CATALINA_PID" + fi + +elif [ "$1" = "stop" ] ; then + + shift + + SLEEP=5 + if [ ! -z "$1" ]; then + echo $1 | grep "[^0-9]" >/dev/null 2>&1 + if [ $? -gt 0 ]; then + SLEEP=$1 + shift + fi + fi + + FORCE=0 + if [ "$1" = "-force" ]; then + shift + FORCE=1 + fi + + if [ ! -z "$CATALINA_PID" ]; then + if [ -f "$CATALINA_PID" ]; then + if [ -s "$CATALINA_PID" ]; then + kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1 + if [ $? -gt 0 ]; then + echo "PID file found but no matching process was found. Stop aborted." + # RPS treats stop of non-running process as non-error condition, PID file will be cleaned on start; originally was: exit 1 + exit 0 + fi + else + echo "PID file is empty and has been ignored." + fi + else + echo "\$CATALINA_PID was set but the specified file does not exist. Is Tomcat running? Stop aborted." + # RPS treats stop when PID file is missing as non-error condition, assuming RPS has already been stopped; originally was: exit 1 + exit 0 + fi + fi + + "$_RUNJAVA" $LOGGING_MANAGER $JAVA_OPTS \ + -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" -classpath "$CLASSPATH" \ + -Dcatalina.base="$CATALINA_BASE" \ + -Dcatalina.home="$CATALINA_HOME" \ + -Djava.io.tmpdir="$CATALINA_TMPDIR" \ + org.apache.catalina.startup.Bootstrap "$@" stop + + if [ ! -z "$CATALINA_PID" ]; then + if [ -f "$CATALINA_PID" ]; then + while [ $SLEEP -ge 0 ]; do + kill -0 `cat "$CATALINA_PID"` >/dev/null 2>&1 + if [ $? -gt 0 ]; then + rm -f "$CATALINA_PID" >/dev/null 2>&1 + if [ $? != 0 ]; then + if [ -w "$CATALINA_PID" ]; then + cat /dev/null > "$CATALINA_PID" + else + echo "Tomcat stopped but the PID file could not be removed or cleared." + fi + fi + break + fi + if [ $SLEEP -gt 0 ]; then + sleep 1 + fi + if [ $SLEEP -eq 0 ]; then + if [ $FORCE -eq 0 ]; then + echo "Tomcat did not stop in time. PID file was not removed." + fi + fi + SLEEP=`expr $SLEEP - 1 ` + done + fi + fi + + if [ $FORCE -eq 1 ]; then + if [ -z "$CATALINA_PID" ]; then + echo "Kill failed: \$CATALINA_PID not set" + else + if [ -f "$CATALINA_PID" ]; then + PID=`cat "$CATALINA_PID"` + echo "Killing Tomcat with the PID: $PID" + kill -9 $PID + rm -f "$CATALINA_PID" >/dev/null 2>&1 + if [ $? != 0 ]; then + echo "Tomcat was killed but the PID file could not be removed." + fi + fi + fi + fi + +elif [ "$1" = "version" ] ; then + + "$_RUNJAVA" \ + -classpath "$CATALINA_HOME/lib/catalina.jar" \ + org.apache.catalina.util.ServerInfo + +else + + echo "Usage: catalina.sh ( commands ... )" + echo "commands:" + if $os400; then + echo " debug Start Catalina in a debugger (not available on OS400)" + echo " debug -security Debug Catalina with a security manager (not available on OS400)" + else + echo " debug Start Catalina in a debugger" + echo " debug -security Debug Catalina with a security manager" + fi + echo " jpda start Start Catalina under JPDA debugger" + echo " run Start Catalina in the current window" + echo " run -security Start in the current window with security manager" + echo " start Start Catalina in a separate window" + echo " start -security Start in a separate window with security manager" + echo " stop Stop Catalina, waiting up to 5 seconds for the process to end" + echo " stop n Stop Catalina, waiting up to n seconds for the process to end" + echo " stop -force Stop Catalina, wait up to 5 seconds and then use kill -KILL if still running" + echo " stop n -force Stop Catalina, wait up to n seconds and then use kill -KILL if still running" + echo " version What version of tomcat are you running?" + echo "Note: Waiting for the process to end and use of the -force option require that \$CATALINA_PID is defined" + exit 1 + +fi http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/enable-ranger-plugin.sh ---------------------------------------------------------------------- diff --git a/ranger-plugin/scripts/enable-ranger-plugin.sh b/ranger-plugin/scripts/enable-ranger-plugin.sh new file mode 100755 index 0000000..05a0b1d --- /dev/null +++ b/ranger-plugin/scripts/enable-ranger-plugin.sh @@ -0,0 +1,225 @@ +#!/usr/bin/env bash + +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +function usage() { + echo "USAGE: enable-ranger-plugin.sh -r ranger_host:ranger_port -u ranger_user -p ranger_password -h hawq_host:hawq_port -w hawq_user -q hawq_password" + exit 1 +} + +function fail() { + echo "ERROR: $1" + exit 1 +} + +function mask() { + printf -v stars '%*s' ${#1} '' + echo "[${stars// /*}]" +} + +function read_value() { + local input + read -p "Enter value for $1 : " input + echo $input +} + +function read_password() { + local input + read -s -p "Enter value for $1 : " input + echo $input +} + +function get_ranger_url() { + while [[ -z "$RANGER_URL" ]] + do + RANGER_URL=$(read_value "Ranger Admin host and port (e.g. abc.com:6080)") + done + local prefix="http://"; + RANGER_URL=${RANGER_URL#$prefix} +} + +function get_ranger_user() { + while [[ -z "$RANGER_USER" ]] + do + RANGER_USER=$(read_value "Ranger Admin user name") + done +} + +function get_ranger_password() { + while [[ -z "$RANGER_PASSWORD" ]] + do + RANGER_PASSWORD=$(read_password "Ranger Admin password") + echo + done +} + +function get_hawq_url() { + #todo read hawq-site.xml ? + local default=`hostname -f` + default="${default}:5432" + while [[ -z "$HAWQ_URL" ]] + do + HAWQ_URL=$(read_value "HAWQ Master host and port [${default}]") + done + local prefix="http://"; + HAWQ_URL=${HAWQ_URL#$prefix} + local parts=(${HAWQ_URL//:/ }) + if [ ${#parts[@]} != 2 ]; then + fail "Incorrect value for HAWQ Master host and port." + fi + HAWQ_HOST=${parts[0]} + HAWQ_PORT=${parts[1]} +} + +function get_hawq_user() { + local default="gpadmin" + while [[ -z "$HAWQ_USER" ]] + do + HAWQ_USER=$(read_value "HAWQ user name [${default}]") + done +} + +function get_hawq_password() { + while [[ -z "$HAWQ_PASSWORD" ]] + do + HAWQ_PASSWORD=$(read_password "HAWQ password") + echo + done +} + +function parse_params() { + while [[ $# -gt 0 ]] + do + key="$1" + case $key in + -r) + RANGER_URL="$2" + shift + ;; + -u) + RANGER_USER="$2" + shift + ;; + -p) + RANGER_PASSWORD="$2" + shift + ;; + -h) + HAWQ_URL="$2" + shift + ;; + -w) + HAWQ_USER="$2" + shift + ;; + -q) + HAWQ_PASSWORD="$2" + shift + ;; + *) + usage + ;; + esac + shift + done +} + +function validate_params() { + get_ranger_url + get_ranger_user + get_ranger_password + get_hawq_url + get_hawq_user + get_hawq_password + echo "RANGER URL = ${RANGER_URL}" + echo "RANGER User = ${RANGER_USER}" + echo "RANGER Password = $(mask ${RANGER_PASSWORD})" + echo "HAWQ HOST = ${HAWQ_HOST}" + echo "HAWQ PORT = ${HAWQ_PORT}" + echo "HAWQ User = ${HAWQ_USER}" + echo "HAWQ Password = $(mask ${HAWQ_PASSWORD})" +} + +function check_hawq_service_definition() { + echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/servicedef/name/hawq | grep hawq | wc -l) +} + +function create_hawq_service_definition() { + if [ $(check_hawq_service_definition) == 0 ]; then + local json_file="$(dirname ${SCRIPT_DIR})/etc/ranger-servicedef-hawq.json" + if [ ! -f ${json_file} ]; then + fail "File ${json_file} not found." + fi + echo "HAWQ service definition was not found in Ranger Admin, creating it by uploading ${json_file}" + local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/plugins/definitions -d @${json_file}) + local created=$(echo ${output} | grep created | wc -l) + if [ ${created} == 0 ] || [ $(check_hawq_service_definition) == 0 ]; then + fail "Creation of HAWQ service definition from ${json_file} in Ranger Admin at ${RANGER_URL} failed. ${output}" + fi + else + echo "HAWQ service definition already exists in Ranger Admin, nothing to do." + fi +} + +function check_hawq_service_instance() { + echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/service/name/hawq | grep hawq | wc -l) +} + +function create_hawq_service_instance() { + if [ $(check_hawq_service_instance) == 0 ]; then + local payload="{\"name\":\"hawq\", + \"type\":\"hawq\", + \"description\":\"HAWQ Master\", + \"isEnabled\":true, + \"configs\":{\"username\":\"${HAWQ_USER}\", + \"password\":\"${HAWQ_PASSWORD}\", + \"hostname\":\"${HAWQ_HOST}\", + \"port\":\"${HAWQ_PORT}\"}}" + + echo "HAWQ service instance was not found in Ranger Admin, creating it." + local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/public/v2/api/service -d "${payload}") + local created=$(echo ${output} | grep created | wc -l) + if [ ${created} == 0 ] || [ $(check_hawq_service_instance) == 0 ]; then + fail "Creation of HAWQ service instance in Ranger Admin at ${RANGER_URL} failed. ${output}" + fi + else + echo "HAWQ service instance already exists in Ranger Admin, nothing to do." + fi +} + +function update_ranger_url() { + local policy_mgr_url="http://${RANGER_URL}"; + local prop_file=$(dirname ${SCRIPT_DIR})/etc/rps.properties + sed -i -e "s|^POLICY_MGR_URL=.*|POLICY_MGR_URL=${policy_mgr_url}|g" ${prop_file} + echo "Updated POLICY_MGR_URL to ${policy_mgr_url} in ${prop_file}" +} + +main() { + if [[ $# -lt 1 ]]; then + usage + fi + SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd -P)" + parse_params "$@" + validate_params + create_hawq_service_definition + create_hawq_service_instance + update_ranger_url +} +main "$@" http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/register_hawq.sh ---------------------------------------------------------------------- diff --git a/ranger-plugin/scripts/register_hawq.sh b/ranger-plugin/scripts/register_hawq.sh deleted file mode 100755 index 11e2df8..0000000 --- a/ranger-plugin/scripts/register_hawq.sh +++ /dev/null @@ -1,217 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -function usage() { - echo "USAGE: register_hawq.sh -r ranger_host:ranger_port -u ranger_user -p ranger_password -h hawq_host:hawq_port -w hawq_user -q hawq_password" - exit 1 -} - -function fail() { - echo "ERROR: $1" - exit 1 -} - -function mask() { - printf -v stars '%*s' ${#1} '' - echo "[${stars// /*}]" -} - -function read_value() { - local input - read -p "Enter value for $1 : " input - echo $input -} - -function read_password() { - local input - read -s -p "Enter value for $1 : " input - echo $input -} - -function get_ranger_url() { - while [[ -z "$RANGER_URL" ]] - do - RANGER_URL=$(read_value "Ranger Admin host and port (e.g. abc.com:6080)") - done - local prefix="http://"; - RANGER_URL=${RANGER_URL#$prefix} -} - -function get_ranger_user() { - while [[ -z "$RANGER_USER" ]] - do - RANGER_USER=$(read_value "Ranger Admin user name") - done -} - -function get_ranger_password() { - while [[ -z "$RANGER_PASSWORD" ]] - do - RANGER_PASSWORD=$(read_password "Ranger Admin password") - echo - done -} - -function get_hawq_url() { - #todo read hawq-site.xml ? - local default=`hostname -f` - default="${default}:5432" - while [[ -z "$HAWQ_URL" ]] - do - HAWQ_URL=$(read_value "HAWQ Master host and port [${default}]") - done - local prefix="http://"; - HAWQ_URL=${HAWQ_URL#$prefix} - local parts=(${HAWQ_URL//:/ }) - if [ ${#parts[@]} != 2 ]; then - fail "Incorrect value for HAWQ Master host and port." - fi - HAWQ_HOST=${parts[0]} - HAWQ_PORT=${parts[1]} -} - -function get_hawq_user() { - local default="gpadmin" - while [[ -z "$HAWQ_USER" ]] - do - HAWQ_USER=$(read_value "HAWQ user name [${default}]") - done -} - -function get_hawq_password() { - while [[ -z "$HAWQ_PASSWORD" ]] - do - HAWQ_PASSWORD=$(read_password "HAWQ password") - echo - done -} - -function parse_params() { - while [[ $# -gt 0 ]] - do - key="$1" - case $key in - -r) - RANGER_URL="$2" - shift - ;; - -u) - RANGER_USER="$2" - shift - ;; - -p) - RANGER_PASSWORD="$2" - shift - ;; - -h) - HAWQ_URL="$2" - shift - ;; - -w) - HAWQ_USER="$2" - shift - ;; - -q) - HAWQ_PASSWORD="$2" - shift - ;; - *) - usage - ;; - esac - shift - done -} - -function validate_params() { - get_ranger_url - get_ranger_user - get_ranger_password - get_hawq_url - get_hawq_user - get_hawq_password - echo "RANGER URL = ${RANGER_URL}" - echo "RANGER User = ${RANGER_USER}" - echo "RANGER Password = $(mask ${RANGER_PASSWORD})" - echo "HAWQ HOST = ${HAWQ_HOST}" - echo "HAWQ PORT = ${HAWQ_PORT}" - echo "HAWQ User = ${HAWQ_USER}" - echo "HAWQ Password = $(mask ${HAWQ_PASSWORD})" -} - -function check_hawq_service_definition() { - echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/servicedef/name/hawq | grep hawq | wc -l) -} - -function create_hawq_service_definition() { - if [ $(check_hawq_service_definition) == 0 ]; then - local json_file="$(dirname ${SCRIPT_DIR})/etc/ranger-servicedef-hawq.json" - if [ ! -f ${json_file} ]; then - fail "File ${json_file} not found." - fi - echo "HAWQ service definition was not found in Ranger Admin, creating it by uploading ${json_file}" - local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/plugins/definitions -d @${json_file}) - local created=$(echo ${output} | grep created | wc -l) - if [ ${created} == 0 ] || [ $(check_hawq_service_definition) == 0 ]; then - fail "Creation of HAWQ service definition from ${json_file} in Ranger Admin at ${RANGER_URL} failed. ${output}" - fi - else - echo "HAWQ service definition already exists in Ranger Admin, nothing to do." - fi -} - -function check_hawq_service_instance() { - echo $(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} http://${RANGER_URL}/service/public/v2/api/service/name/hawq | grep hawq | wc -l) -} - -function create_hawq_service_instance() { - if [ $(check_hawq_service_instance) == 0 ]; then - local payload="{\"name\":\"hawq\", - \"type\":\"hawq\", - \"description\":\"HAWQ Master\", - \"isEnabled\":true, - \"configs\":{\"username\":\"${HAWQ_USER}\", - \"password\":\"${HAWQ_PASSWORD}\", - \"hostname\":\"${HAWQ_HOST}\", - \"port\":\"${HAWQ_PORT}\"}}" - - echo "HAWQ service instance was not found in Ranger Admin, creating it." - local output=$(curl -sS -u ${RANGER_USER}:${RANGER_PASSWORD} -H "Content-Type: application/json" -X POST http://${RANGER_URL}/service/public/v2/api/service -d "${payload}") - local created=$(echo ${output} | grep created | wc -l) - if [ ${created} == 0 ] || [ $(check_hawq_service_instance) == 0 ]; then - fail "Creation of HAWQ service instance in Ranger Admin at ${RANGER_URL} failed. ${output}" - fi - else - echo "HAWQ service instance already exists in Ranger Admin, nothing to do." - fi -} - -main() { - if [[ $# -lt 1 ]]; then - usage - fi - SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - parse_params "$@" - validate_params - create_hawq_service_definition - create_hawq_service_instance -} -main "$@" http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/rps.sh ---------------------------------------------------------------------- diff --git a/ranger-plugin/scripts/rps.sh b/ranger-plugin/scripts/rps.sh index e8ccf3a..476d0d6 100755 --- a/ranger-plugin/scripts/rps.sh +++ b/ranger-plugin/scripts/rps.sh @@ -20,41 +20,71 @@ # if [ $# -le 0 ]; then - echo "Usage: rps (start|stop|init) [<catalina-args...>]" + echo "Usage: rps.sh (start|stop)" exit 1 fi -actionCmd=$1 +action=$1 shift -CWDIR=$( cd $( dirname ${BASH_SOURCE[0]} ) && pwd ) -source $CWDIR/rps_env.sh - -setup_rps() { - echo "Initializing Hawq Ranger Plugin Service..." - cp $CATALINA_HOME/conf.template/* $CATALINA_BASE/conf - cp $CATALINA_BASE/conf/tomcat-server.xml $CATALINA_BASE/conf/server.xml - pushd $CATALINA_BASE/webapps >/dev/null - unzip -d rps rps.war >/dev/null - find . -name ranger-hawq-security.xml | xargs sed -i \ - "s/localhost:6080/$RANGER_ADMIN_HOST:$RANGER_ADMIN_PORT/g" - popd >/dev/null - echo "Hawq Ranger Plugin Service installed on http://$RPS_HOST:$RPS_PORT/rps"; - echo "Please use 'rps.sh start' to start the service" +CWDIR=$( cd $( dirname ${BASH_SOURCE[0]} ) && pwd -P) +BASEDIR=$( dirname ${CWDIR} ) +# read properties from the file +source ${BASEDIR}/etc/rps.properties + +export CATALINA_HOME=/usr/lib/bigtop-tomcat +export CATALINA_BASE=${BASEDIR}/plugin-service +export CATALINA_PID=${CATALINA_BASE}/work/rps.pid + +# options used to start the RPS process +export CATALINA_OPTS="-server -Xms512m -Xmx512m -XX:MaxPermSize=128m + -Dproc_rps -Dversion=${RPS_VERSION} + -Dranger.hawq.instance=${RANGER_HAWQ_INSTANCE} + -Drps.http.port=${RPS_HTTP_PORT} -Drps.https.port=${RPS_HTTPS_PORT} + -Dpolicy.manager.url=${POLICY_MGR_URL}" + +# options used to stop the RPS process +export JAVA_OPTS="-Drps.shutdown.port=${RPS_SHUTDOWN_PORT}" + +RPS_URL="http://localhost:${RPS_HTTP_PORT}/rps"; +RPS_LOG="${CATALINA_BASE}/logs/catalina.out" + +function fail() { + echo "FATAL: Failed to ${1} HAWQ Ranger Plugin Service. Check ${RPS_LOG} for details." + exit 2 } -case $actionCmd in - (init) - setup_rps - ;; +function tomcat_command() { + ${CWDIR}/catalina.sh ${1} ${2} + if [ $? -ne 0 ]; then + fail ${1} + fi +} + +function wait_until_server_started() { + echo -n "Waiting for Hawq Ranger Plugin Service to start ." + local retries="20" + local n=0 + until $(curl -s --output /dev/null --fail ${RPS_URL}/version); do + n=$[${n}+1] + if [ ${n} -ge ${retries} ]; then + echo + fail "start" + fi + printf '.' + sleep 3 + done + echo -e "\nHawq Ranger Plugin Service is available at ${RPS_URL}" +} + +case ${action} in (start) - $CATALINA_HOME/bin/catalina.sh start "$@" - echo "Waiting for RPS service to start..." - sleep 15 + tomcat_command "start" + wait_until_server_started ;; (stop) - $CATALINA_HOME/bin/catalina.sh stop "$@" - echo "Waiting for RPS service to stop..." - sleep 10 + # allow the server 10 seconds after shutdown command before force killing it + tomcat_command "stop" "10 -force" + echo "Hawq Ranger Plugin Service is stopped." ;; esac http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/rps_env.sh ---------------------------------------------------------------------- diff --git a/ranger-plugin/scripts/rps_env.sh b/ranger-plugin/scripts/rps_env.sh deleted file mode 100755 index ae36e8f..0000000 --- a/ranger-plugin/scripts/rps_env.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -export CATALINA_HOME=/usr/lib/bigtop-tomcat -export CATALINA_BASE=/usr/local/hawq/ranger/plugin-service - -export RANGER_ADMIN_HOST=${RANGER_ADMIN_HOST:-localhost} -export RANGER_ADMIN_PORT=${RANGER_ADMIN_PORT:-6080} - -export RPS_HOST=${RPS_HOST:-localhost} -export RPS_PORT=${RPS_PORT:-8432} -export CATALINA_OPTS="-Dhttp.host=$RPS_HOST -Dhttp.port=$RPS_PORT" http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/scripts/setenv.sh ---------------------------------------------------------------------- diff --git a/ranger-plugin/scripts/setenv.sh b/ranger-plugin/scripts/setenv.sh new file mode 100755 index 0000000..6124d83 --- /dev/null +++ b/ranger-plugin/scripts/setenv.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# allow the webapp to see config files in this directory from its classpath +export CLASSPATH=$(dirname ${CATALINA_BASE})/etc http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/pom.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/pom.xml b/ranger-plugin/service/pom.xml index 3f2f9f8..f29817c 100644 --- a/ranger-plugin/service/pom.xml +++ b/ranger-plugin/service/pom.xml @@ -32,14 +32,44 @@ <relativePath>..</relativePath> </parent> <build> - <resources> - <resource> - <directory>src/main/resources</directory> - <filtering>true</filtering> - </resource> - </resources> <plugins> <plugin> + <artifactId>maven-resources-plugin</artifactId> + <version>3.0.2</version> + <executions> + <execution> + <id>copy-resources</id> + <phase>validate</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <escapeString>\</escapeString> + <outputDirectory>${basedir}/target/conf</outputDirectory> + <resources> + <resource> + <directory>${basedir}/../conf</directory> + <excludes> + <exclude>ranger-servicedef-hawq.json</exclude> + <exclude>server.xml</exclude> + </excludes> + <filtering>true</filtering> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <artifactId>maven-war-plugin</artifactId> + <version>3.0.0</version> + <configuration> + <!-- Due to Hadoop library using system-level JVM hook, all dependent classes must be loaded by + Tomcat's server classloader, so they are shipped in RPM and not with the webapp --> + <packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes> + </configuration> + </plugin> + <plugin> <!-- use mvn tomcat6:run-war to run the appserver with the app deployed --> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat6-maven-plugin</artifactId> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java index 04d6f99..0d97e21 100644 --- a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java +++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/RangerHawqAuthorizer.java @@ -29,6 +29,7 @@ import org.apache.hawq.ranger.authorization.model.AuthorizationResponse; import org.apache.hawq.ranger.authorization.model.HawqPrivilege; import org.apache.hawq.ranger.authorization.model.HawqResource; import org.apache.hawq.ranger.authorization.model.ResourceAccess; +import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl; import org.apache.ranger.plugin.policyengine.RangerAccessResource; @@ -67,14 +68,15 @@ public class RangerHawqAuthorizer implements HawqAuthorizer { */ private RangerHawqAuthorizer() { - LOG.info("Initializing RangerHawqAuthorizer"); + LOG.info("********** Initializing RangerHawqAuthorizer **********"); String appId = Utils.getAppId(); LOG.info(String.format("Initializing RangerBasePlugin for service %s:%s", HAWQ, appId)); rangerPlugin = new RangerBasePlugin(HAWQ, appId); + rangerPlugin.setResultProcessor(new RangerDefaultAuditHandler()); rangerPlugin.init(); - LOG.info(String.format("Initialized RangerBasePlugin for service %s:%s", HAWQ, appId)); + LOG.info(String.format("********** Initialized RangerBasePlugin for service %s:%s **********", HAWQ, appId)); } @Override http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java index 86f7fc4..5f99b9d 100644 --- a/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java +++ b/ranger-plugin/service/src/main/java/org/apache/hawq/ranger/authorization/Utils.java @@ -27,14 +27,16 @@ import java.io.InputStream; import java.util.Properties; /** - * Utility class for reading values from the property file. + * Utility class for reading values from the environment with falling back to reading them from the property file. */ public abstract class Utils { public static final String HAWQ = "hawq"; public static final String UNKNOWN = "unknown"; - public static final String APP_ID_PROPERTY = "ranger.hawq.instance"; - public static final String VERSION_PROPERTY = "version"; + public static final String APP_ID_PROPERTY_ENV = "ranger.hawq.instance"; + public static final String APP_ID_PROPERTY_FILE = "RANGER_HAWQ_INSTANCE"; + public static final String VERSION_PROPERTY_ENV = "version"; + public static final String VERSION_PROPERTY_FILE = "RPS_VERSION"; public static final String RANGER_SERVICE_PROPERTY_FILE = "rps.properties"; private static final Log LOG = LogFactory.getLog(Utils.class); @@ -42,25 +44,26 @@ public abstract class Utils { /** * Retrieves the app id from the environment variable with the key ranger.hawq.instance - * or from the rps.properties file with the key ranger.hawq.instance + * or from the rps.properties file with the key RANGER_HAWQ_INSTANCE * * If none exist, hawq is used as the default * * @return String id of the app */ public static String getAppId() { - return System.getProperty(APP_ID_PROPERTY, properties.getProperty(APP_ID_PROPERTY, HAWQ)); + return System.getProperty(APP_ID_PROPERTY_ENV, properties.getProperty(APP_ID_PROPERTY_FILE, HAWQ)); } /** - * Retrieves the version read from the property file. + * Retrieves the version from the environment variable with the key version + * or from the rps.properties file with the key RPS_VERSION * * If none exist, unknown is used as the default * * @return version of the service */ public static String getVersion() { - return properties.getProperty(VERSION_PROPERTY, UNKNOWN); + return System.getProperty(VERSION_PROPERTY_ENV, properties.getProperty(VERSION_PROPERTY_FILE, UNKNOWN)); } /** http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/main/resources/log4j.properties b/ranger-plugin/service/src/main/resources/log4j.properties deleted file mode 100644 index 6bbdaed..0000000 --- a/ranger-plugin/service/src/main/resources/log4j.properties +++ /dev/null @@ -1,42 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# see debug messages during unit tests -project.root.logger=DEBUG,console - -# suppress all logging output during unit tests -#project.root.logger=FATAL,devnull - -# -# Loggers -# -log4j.rootLogger=${project.root.logger} - -# ignore most errors from the Apache Ranger and Hadoop for unit tests -log4j.logger.org.apache.ranger=FATAL -log4j.logger.org.apache.hadoop=FATAL - -# -# Appenders -# - -# nothing -log4j.appender.devnull=org.apache.log4j.varia.NullAppender - -# console -log4j.appender.console=org.apache.log4j.ConsoleAppender -log4j.appender.console.target=System.err -log4j.appender.console.layout=org.apache.log4j.PatternLayout -log4j.appender.console.layout.ConversionPattern=%d{ISO8601} %-5p [%t] %c{2}: %m%n \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml b/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml deleted file mode 100644 index 46dd75d..0000000 --- a/ranger-plugin/service/src/main/resources/ranger-hawq-security.xml +++ /dev/null @@ -1,92 +0,0 @@ -<?xml version="1.0"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> - -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> - -<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> - <property> - <name>ranger.plugin.hawq.service.name</name> - <value>hawq</value> - <description> - Name of the Ranger service containing policies for this HAWQ instance - </description> - </property> - - <property> - <name>ranger.plugin.hawq.policy.source.impl</name> - <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> - <description> - Class to retrieve policies from the source - </description> - </property> - - <property> - <name>ranger.plugin.hawq.policy.rest.url</name> - <value>http://localhost:6080</value> - <description> - URL to Ranger Admin - </description> - </property> - - <property> - <name>ranger.plugin.hawq.policy.rest.ssl.config.file</name> - <value>/usr/local/hawq/ranger/etc/ranger-policymgr-ssl.xml</value> - <description> - Path to the file containing SSL details to contact Ranger Admin - </description> - </property> - - <property> - <name>ranger.plugin.hawq.policy.pollIntervalMs</name> - <value>30000</value> - <description> - How often to poll for changes in policies? - </description> - </property> - - <property> - <name>ranger.plugin.hawq.policy.cache.dir</name> - <value>/usr/local/hawq/ranger/policycache</value> - <description> - Directory where Ranger policies are cached after successful retrieval from the source - </description> - </property> - - <!-- - <property> - <name>xasecure.hive.update.xapolicies.on.grant.revoke</name> - <value>true</value> - <description>Should Hive plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description> - </property> - --> - <property> - <name>ranger.plugin.hawq.policy.rest.client.connection.timeoutMs</name> - <value>120000</value> - <description> - RangerRESTClient Connection Timeout in Milliseconds - </description> - </property> - - <property> - <name>ranger.plugin.hawq.policy.rest.client.read.timeoutMs</name> - <value>30000</value> - <description> - RangerRESTClient read Timeout in Milliseconds - </description> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/resources/rps.properties ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/main/resources/rps.properties b/ranger-plugin/service/src/main/resources/rps.properties deleted file mode 100644 index 9e2b1f4..0000000 --- a/ranger-plugin/service/src/main/resources/rps.properties +++ /dev/null @@ -1,17 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ranger.hawq.instance=hawq -version=${project.version} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml index 36c976f..d8ae121 100644 --- a/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml +++ b/ranger-plugin/service/src/main/webapp/WEB-INF/web.xml @@ -31,10 +31,9 @@ under the License. init-param com.sun.jersey.config.property.packages Tells Jersey where are the REST components of this webapp jersey.config.server.provider.scanning.recursive - Tells Jersey to recusively scan package for REST resources + Tells Jersey to scan package for REST resources recursively load-on-startup Initialize the webapp on app server startup - servlet-mapping Maps the path of the servlet (ranger-plugin/*) - listener A class called after the webapp was initialized and before it's about to go down + servlet-mapping Maps the path of the servlet under the context (/*) --> <servlet> @@ -54,19 +53,4 @@ under the License. <servlet-name>HAWQ_Ranger_Plugin_Service</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> - - <!-- - <listener> - <listener-class>org.apache.hawq.pxf.service.rest.ServletLifecycleListener</listener-class> - </listener> - --> - <!-- log4j configuration - Log4jConfigListener looks for a file under log4jConfigLocation. - When not using absolute path, the path starts from the webapp root directory. - If this file cannot be read, log4j will revert to using the default - pxf-log4j.properties inside the webapp. --> - <context-param> - <param-name>log4jConfigLocation</param-name> - <param-value>/etc/pxf/conf/pxf-log4j.properties</param-value> - </context-param> </web-app> http://git-wip-us.apache.org/repos/asf/incubator-hawq/blob/8c9b45a4/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java ---------------------------------------------------------------------- diff --git a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java index bf62785..5b94df0 100644 --- a/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java +++ b/ranger-plugin/service/src/test/java/org/apache/hawq/ranger/authorization/UtilsTest.java @@ -21,7 +21,8 @@ package org.apache.hawq.ranger.authorization; import org.junit.Test; -import static org.apache.hawq.ranger.authorization.Utils.APP_ID_PROPERTY; +import static org.apache.hawq.ranger.authorization.Utils.APP_ID_PROPERTY_ENV; +import static org.apache.hawq.ranger.authorization.Utils.VERSION_PROPERTY_ENV; import static org.junit.Assert.assertEquals; /** @@ -30,19 +31,26 @@ import static org.junit.Assert.assertEquals; public class UtilsTest { @Test - public void testCustomAppId_SystemEnv() throws Exception { - System.setProperty(APP_ID_PROPERTY, "app-id"); + public void testAppId_SystemEnv() throws Exception { + System.setProperty(APP_ID_PROPERTY_ENV, "app-id"); assertEquals("app-id", Utils.getAppId()); - System.clearProperty(APP_ID_PROPERTY); + System.clearProperty(APP_ID_PROPERTY_ENV); } @Test - public void testCustomAppId_PropertyFile() throws Exception { + public void testAppId_PropertyFile() throws Exception { assertEquals("instance-test", Utils.getAppId()); } @Test - public void testGetVersion() throws Exception { + public void testGetVersion_SystemEnv() throws Exception { + System.setProperty(VERSION_PROPERTY_ENV, "1.2.3"); + assertEquals("1.2.3", Utils.getVersion()); + System.clearProperty(VERSION_PROPERTY_ENV); + } + + @Test + public void testGetVersion_PropertyFile() throws Exception { assertEquals("version-test", Utils.getVersion()); } } \ No newline at end of file
