Repository: ranger
Updated Branches:
  refs/heads/ranger-1.0 743e66f88 -> 3b5686c5a


RANGER-1998:Add ability to specify passwords for admin accounts during ranger 
install only.


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/3b5686c5
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/3b5686c5
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/3b5686c5

Branch: refs/heads/ranger-1.0
Commit: 3b5686c5acd94fcbef15efe77aa1496892cc3f85
Parents: 743e66f
Author: fatimaawez <fatimakhan4...@gmail.com>
Authored: Wed Feb 28 15:42:32 2018 +0530
Committer: pradeep <prad...@apache.org>
Committed: Wed Mar 7 16:51:18 2018 +0530

----------------------------------------------------------------------
 security-admin/scripts/db_setup.py              | 102 ++++++++++---------
 security-admin/scripts/install.properties       |   7 ++
 security-admin/scripts/setup.sh                 |  29 ++++++
 tagsync/scripts/install.properties              |   3 +
 tagsync/scripts/setup.py                        |  11 +-
 tagsync/scripts/updatetagadminpassword.py       |  10 +-
 unixauthservice/scripts/install.properties      |   3 +
 unixauthservice/scripts/setup.py                |  10 ++
 .../scripts/updatepolicymgrpassword.py          |   8 +-
 9 files changed, 130 insertions(+), 53 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py 
b/security-admin/scripts/db_setup.py
index 25b004a..1689e5d 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -124,7 +124,17 @@ def subprocessCallWithRetry(query):
                if(returnCode!=0 and retryCount>=3):
                        break
        return returnCode
-
+def dbversionBasedOnUserName(userName):
+    version = ""
+    if userName == "admin" :
+        version = 'DEFAULT_ADMIN_UPDATE'
+    if userName == "rangerusersync" :
+        version = 'DEFAULT_RANGER_USERSYNC_UPDATE'
+    if userName == "rangertagsync" :
+        version = 'DEFAULT_RANGER_TAGSYNC_UPDATE'
+    if userName == "keyadmin" :
+        version = 'DEFAULT_KEYADMIN_UPDATE'
+    return version
 class BaseDB(object):
 
        def check_connection(self, db_name, db_user, db_password):
@@ -180,7 +190,7 @@ class BaseDB(object):
                log("[I] ----------------- Creating Synonym ------------", 
"info")
 
        def change_admin_default_password(xa_db_host, db_user, db_password, 
db_name,userName,oldPassword,newPassword):
-               log("[I] ----------------- Changing Ranger admin default 
password  ------------", "info")
+                log("[I] ----------------- Changing Ranger "+ userName +" 
default password  ------------", "info")
 
        def import_core_db_schema(self, db_name, db_user, db_password, 
file_name,first_table,last_table):
                log("[I] ---------- Importing Core DB Schema ----------", 
"info")
@@ -600,7 +610,7 @@ class MysqlConf(BaseDB):
                my_dict = {}
                version = ""
                className = "ChangePasswordUtil"
-               version = 'DEFAULT_ADMIN_UPDATE'
+                version = dbversionBasedOnUserName(userName)
                app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
                ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
                filePath = 
os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
@@ -614,7 +624,7 @@ class MysqlConf(BaseDB):
                                jisql_log(query, db_password)
                                output = check_output(query)
                                if output.strip(version + " |"):
-                                       log("[I] Ranger admin default password 
has already been changed!!","info")
+                                    log("[I] Ranger "+ userName +" default 
password has already been changed!!","info")
                                else:
                                        if is_unix:
                                                query = get_cmd + " -query 
\"select version from x_db_version_h where version = '%s' and active = 'N';\"" 
%(version)
@@ -638,10 +648,10 @@ class MysqlConf(BaseDB):
                                                        jisql_log(query, 
db_password)
                                                        ret = 
subprocess.call(query)
                                                if ret == 0:
-                                                       log ("[I] Ranger admin 
default password change request is in process..","info")
+                                                    log ("[I] Ranger "+ 
userName +" default password change request is in process..","info")
                                                else:
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
-                                                       sys.exit(1)
+                                                    log("[E] Ranger "+ 
userName +" default password change request failed", "error")
+                                                    sys.exit(1)
                                                if is_unix:
                                                        path = 
os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s"
 )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home 
,self.SQL_CONNECTOR_JAR)
                                                elif os_name == "WINDOWS":
@@ -661,9 +671,9 @@ class MysqlConf(BaseDB):
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
                                                        if ret == 0 and status 
== 0:
-                                                               log ("[I] 
Ranger admin default password change request processed successfully..","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request processed 
successfully..","info")
                                                        elif ret == 0 and 
status == 2:
-                                                               log ("[I] 
Ranger admin default password change request process skipped!","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request process skipped!","info")
                                                        else:
                                                                if is_unix:
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\"" %(version,client_host)
@@ -673,7 +683,7 @@ class MysqlConf(BaseDB):
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c ;" %(version,client_host)
                                                                        
jisql_log(query, db_password)
                                                                        ret = 
subprocess.call(query)
-                                                               log("[E] Ranger 
admin default password change request failed", "error")
+                                                                log("[E] 
Ranger "+ userName +" default password change request failed", "error")
                                                                sys.exit(1)
                                                else:
                                                        if is_unix:
@@ -684,7 +694,7 @@ class MysqlConf(BaseDB):
                                                                query = get_cmd 
+ " -query \"delete from x_db_version_h where version='%s' and active='N' and 
updated_by='%s';\" -c ;" %(version,client_host)
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
 
        def create_version_history_table(self, db_name, db_user, db_password, 
file_name,table_name):
@@ -1315,7 +1325,7 @@ class OracleConf(BaseDB):
                my_dict = {}
                version = ""
                className = "ChangePasswordUtil"
-               version = 'DEFAULT_ADMIN_UPDATE'
+                version = dbversionBasedOnUserName(userName)
                app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
                ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
                filePath = 
os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
@@ -1329,7 +1339,7 @@ class OracleConf(BaseDB):
                                jisql_log(query, db_password)
                                output = check_output(query)
                                if output.strip(version + " |"):
-                                       log("[I] Ranger admin default password 
has already been changed!!","info")
+                                     log("[I] Ranger "+ userName +" default 
password has already been changed!!","info")
                                else:
                                        if is_unix:
                                                query = get_cmd + " -c \; 
-query \"select version from x_db_version_h where version = '%s' and active = 
'N';\"" %(version)
@@ -1353,9 +1363,9 @@ class OracleConf(BaseDB):
                                                        jisql_log(query, 
db_password)
                                                        ret = 
subprocess.call(query)
                                                if ret == 0:
-                                                       log ("[I] Ranger admin 
default password change request is in process..","info")
+                                                        log ("[I] Ranger "+ 
userName +" default password change request is in process..","info")
                                                else:
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
                                                if is_unix:
                                                        path = 
os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s"
 )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home 
,self.SQL_CONNECTOR_JAR)
@@ -1376,9 +1386,9 @@ class OracleConf(BaseDB):
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
                                                        if ret == 0 and status 
== 0:
-                                                               log ("[I] 
Ranger admin default password change request processed successfully..","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request processed 
successfully..","info")
                                                        elif ret == 0 and 
status == 2:
-                                                               log ("[I] 
Ranger admin default password change request process skipped!","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request process skipped!","info")
                                                        else:
                                                                if is_unix:
                                                                        query = 
get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\"" %(version,client_host)
@@ -1388,7 +1398,7 @@ class OracleConf(BaseDB):
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c ;" %(version,client_host)
                                                                        
jisql_log(query, db_password)
                                                                        ret = 
subprocess.call(query)
-                                                               log("[E] Ranger 
admin default password change request failed", "error")
+                                                                log("[E] 
Ranger        "+ userName +" default password change request failed", "error")
                                                                sys.exit(1)
                                                else:
                                                        if is_unix:
@@ -1399,7 +1409,7 @@ class OracleConf(BaseDB):
                                                                query = get_cmd 
+ " -query \"delete from x_db_version_h where version='%s' and active='N' and 
updated_by='%s';\" -c ;" %(version,client_host)
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
 
        def create_version_history_table(self, db_name, db_user, db_password, 
file_name,table_name):
@@ -1985,7 +1995,7 @@ class PostgresConf(BaseDB):
                my_dict = {}
                version = ""
                className = "ChangePasswordUtil"
-               version = 'DEFAULT_ADMIN_UPDATE'
+                version = dbversionBasedOnUserName(userName)
                app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
                ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
                filePath = 
os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
@@ -1999,7 +2009,7 @@ class PostgresConf(BaseDB):
                                jisql_log(query, db_password)
                                output = check_output(query)
                                if output.strip(version + " |"):
-                                       log("[I] Ranger admin default password 
has already been changed!!","info")
+                                    log("[I] Ranger "+ userName +" default 
password has already been changed!!","info")
                                else:
                                        if is_unix:
                                                query = get_cmd + " -query 
\"select version from x_db_version_h where version = '%s' and active = 'N';\"" 
%(version)
@@ -2023,9 +2033,9 @@ class PostgresConf(BaseDB):
                                                        jisql_log(query, 
db_password)
                                                        ret = 
subprocess.call(query)
                                                if ret == 0:
-                                                       log ("[I] Ranger admin 
default password change request is in process..","info")
+                                                        log ("[I] Ranger "+ 
userName +" default password change request is in process..","info")
                                                else:
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
                                                if is_unix:
                                                        path = 
os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s"
 )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home 
,self.SQL_CONNECTOR_JAR)
@@ -2046,9 +2056,9 @@ class PostgresConf(BaseDB):
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
                                                        if ret == 0 and status 
== 0:
-                                                               log ("[I] 
Ranger admin default password change request processed successfully..","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request processed 
successfully..","info")
                                                        elif ret == 0 and 
status == 2:
-                                                               log ("[I] 
Ranger admin default password change request process skipped!","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request process skipped!","info")
                                                        else:
                                                                if is_unix:
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\"" %(version,client_host)
@@ -2058,7 +2068,7 @@ class PostgresConf(BaseDB):
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c ;" %(version,client_host)
                                                                        
jisql_log(query, db_password)
                                                                        ret = 
subprocess.call(query)
-                                                               log("[E] Ranger 
admin default password change request failed", "error")
+                                                                log("[E] 
Ranger "+ userName +" default password change request failed", "error")
                                                                sys.exit(1)
                                                else:
                                                        if is_unix:
@@ -2069,7 +2079,7 @@ class PostgresConf(BaseDB):
                                                                query = get_cmd 
+ " -query \"delete from x_db_version_h where version='%s' and active='N' and 
updated_by='%s';\" -c ;" %(version,client_host)
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
 
        def create_version_history_table(self, db_name, db_user, db_password, 
file_name,table_name):
@@ -2617,7 +2627,7 @@ class SqlServerConf(BaseDB):
                my_dict = {}
                version = ""
                className = "ChangePasswordUtil"
-               version = 'DEFAULT_ADMIN_UPDATE'
+                version = dbversionBasedOnUserName(userName)
                app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
                ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
                filePath = 
os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
@@ -2631,7 +2641,7 @@ class SqlServerConf(BaseDB):
                                jisql_log(query, db_password)
                                output = check_output(query)
                                if output.strip(version + " |"):
-                                       log("[I] Ranger admin default password 
has already been changed!!","info")
+                                        log("[I] Ranger "+ userName +" default 
password has already been changed!!","info")
                                else:
                                        if is_unix:
                                                query = get_cmd + " -query 
\"select version from x_db_version_h where version = '%s' and active = 'N';\" 
-c \;" %(version)
@@ -2655,10 +2665,10 @@ class SqlServerConf(BaseDB):
                                                        jisql_log(query, 
db_password)
                                                        ret = 
subprocess.call(query)
                                                if ret == 0:
-                                                       log ("[I] Ranger admin 
default password change request is in process..","info")
+                                                    log ("[I] Ranger "+ 
userName +" default password change request is in process..","info")
                                                else:
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
-                                                       sys.exit(1)
+                                                    log("[E] Ranger "+ 
userName +" default password change request failed", "error")
+                                                    sys.exit(1)
                                                if is_unix:
                                                        path = 
os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s"
 )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home 
,self.SQL_CONNECTOR_JAR)
                                                elif os_name == "WINDOWS":
@@ -2678,9 +2688,9 @@ class SqlServerConf(BaseDB):
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
                                                        if ret == 0 and status 
== 0:
-                                                               log ("[I] 
Ranger admin default password change request processed successfully..","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request processed 
successfully..","info")
                                                        elif ret == 0 and 
status == 2:
-                                                               log ("[I] 
Ranger admin default password change request process skipped!","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request process skipped!","info")
                                                        else:
                                                                if is_unix:
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c \;"  %(version,client_host)
@@ -2690,7 +2700,7 @@ class SqlServerConf(BaseDB):
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c ;" %(version,client_host)
                                                                        
jisql_log(query, db_password)
                                                                        ret = 
subprocess.call(query)
-                                                               log("[E] Ranger 
admin default password change request failed", "error")
+                                                                log("[E] 
Ranger "+ userName +" default password change request failed", "error")
                                                                sys.exit(1)
                                                else:
                                                        if is_unix:
@@ -2701,7 +2711,7 @@ class SqlServerConf(BaseDB):
                                                                query = get_cmd 
+ " -query \"delete from x_db_version_h where version='%s' and active='N' and 
updated_by='%s';\" -c ;" %(version,client_host)
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
 
        def create_version_history_table(self, db_name, db_user, db_password, 
file_name,table_name):
@@ -3262,7 +3272,7 @@ class SqlAnywhereConf(BaseDB):
                my_dict = {}
                version = ""
                className = "ChangePasswordUtil"
-               version = 'DEFAULT_ADMIN_UPDATE'
+                version = dbversionBasedOnUserName(userName)
                app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
                ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
                filePath = 
os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
@@ -3276,7 +3286,7 @@ class SqlAnywhereConf(BaseDB):
                                jisql_log(query, db_password)
                                output = check_output(query)
                                if output.strip(version + " |"):
-                                       log("[I] Ranger admin default password 
has already been changed!!","info")
+                                    log("[I] Ranger "+ userName +" default 
password has already been changed!!","info")
                                else:
                                        if is_unix:
                                                query = get_cmd + " -query 
\"select version from x_db_version_h where version = '%s' and active = 'N';\" 
-c \;" %(version)
@@ -3286,7 +3296,7 @@ class SqlAnywhereConf(BaseDB):
                                        output = check_output(query)
                                        if output.strip(version + " |"):
                                                while(output.strip(version + " 
|")):
-                                                       log("[I] Ranger 
Password change utility is being executed by some other process" ,"info")
+                                                        log("[I] Ranger "+ 
userName +" change utility is being executed by some other process" ,"info")
                                                        
time.sleep(retryPatchAfterSeconds)
                                                        jisql_log(query, 
db_password)
                                                        output = 
check_output(query)
@@ -3300,10 +3310,10 @@ class SqlAnywhereConf(BaseDB):
                                                        jisql_log(query, 
db_password)
                                                        ret = 
subprocess.call(query)
                                                if ret == 0:
-                                                       log ("[I] Ranger admin 
default password change request is in process..","info")
+                                                    log ("[I] Ranger "+ 
userName +" default password change request is in process..","info")
                                                else:
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
-                                                       sys.exit(1)
+                                                    log("[E] Ranger "+ 
userName +" default password change request failed", "error")
+                                                    sys.exit(1)
                                                if is_unix:
                                                        path = 
os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s"
 )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home 
,self.SQL_CONNECTOR_JAR)
                                                elif os_name == "WINDOWS":
@@ -3323,9 +3333,9 @@ class SqlAnywhereConf(BaseDB):
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
                                                        if ret == 0 and status 
== 0:
-                                                               log ("[I] 
Ranger admin default password change request processed successfully..","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request processed 
successfully..","info")
                                                        elif ret == 0 and 
status == 2:
-                                                               log ("[I] 
Ranger admin default password change request process skipped!","info")
+                                                                log ("[I] 
Ranger "+ userName +" default password change request process skipped!","info")
                                                        else:
                                                                if is_unix:
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c \;"  %(version,client_host)
@@ -3335,7 +3345,7 @@ class SqlAnywhereConf(BaseDB):
                                                                        query = 
get_cmd + " -query \"delete from x_db_version_h where version='%s' and 
active='N' and updated_by='%s';\" -c ;" %(version,client_host)
                                                                        
jisql_log(query, db_password)
                                                                        ret = 
subprocess.call(query)
-                                                               log("[E] Ranger 
admin default password change request failed", "error")
+                                                                log("[E] 
Ranger "+ userName +" default password change request failed", "error")
                                                                sys.exit(1)
                                                else:
                                                        if is_unix:
@@ -3346,7 +3356,7 @@ class SqlAnywhereConf(BaseDB):
                                                                query = get_cmd 
+ " -query \"delete from x_db_version_h where version='%s' and active='N' and 
updated_by='%s';\" -c ;" %(version,client_host)
                                                                
jisql_log(query, db_password)
                                                                ret = 
subprocess.call(query)
-                                                       log("[E] Ranger admin 
default password change request failed", "error")
+                                                        log("[E] Ranger "+ 
userName +" default password change request failed", "error")
                                                        sys.exit(1)
 
        def create_version_history_table(self, db_name, db_user, db_password, 
file_name,table_name):

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties 
b/security-admin/scripts/install.properties
index 49d2baa..9941733 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -69,6 +69,13 @@ db_name=ranger
 db_user=rangeradmin
 db_password=
 
+# change password. Password for below mentioned users can be changed only once 
using this property.
+rangerAdmin_password=
+rangerTagsync_password=
+rangerUsersync_password=
+keyadmin_password=
+
+
 #Source for Audit Store. Currently only solr is supported.
 # * audit_store is solr
 audit_store=solr

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index b68347a..f79a79e 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -63,6 +63,10 @@ db_ssl_enabled=$(get_prop 'db_ssl_enabled' $PROPFILE)
 db_ssl_required=$(get_prop 'db_ssl_required' $PROPFILE)
 db_ssl_verifyServerCertificate=$(get_prop 'db_ssl_verifyServerCertificate' 
$PROPFILE)
 db_ssl_auth_type=$(get_prop 'db_ssl_auth_type' $PROPFILE)
+rangerAdmin_password=$(get_prop 'rangerAdmin_password' $PROPFILE)
+rangerTagsync_password=$(get_prop 'rangerTagsync_password' $PROPFILE)
+rangerUsersync_password=$(get_prop 'rangerUsersync_password' $PROPFILE)
+keyadmin_password=$(get_prop 'keyadmin_password' $PROPFILE)
 javax_net_ssl_keyStore=$(get_prop 'javax_net_ssl_keyStore' $PROPFILE)
 javax_net_ssl_keyStorePassword=$(get_prop 'javax_net_ssl_keyStorePassword' 
$PROPFILE)
 javax_net_ssl_trustStore=$(get_prop 'javax_net_ssl_trustStore' $PROPFILE)
@@ -1372,7 +1376,28 @@ setup_install_files(){
                chmod ug+rx /usr/bin/ranger-admin       
        fi
 }
+python_command_for_change_password(){
+ $PYTHON_COMMAND_INVOKER db_setup.py -changepassword  $1 $2 $3
+}
 
+change_default_users_password(){
+ if [ "${rangerAdmin_password}" != '' ] && [ "${rangerAdmin_password}" != 
"admin" ]
+        then
+   python_command_for_change_password 'admin' 'admin' "$rangerAdmin_password"
+        fi
+        if [ "${rangerTagsync_password}" != "" ] &&  [ 
"${rangerTagsync_password}" != "rangertagsync" ]
+        then
+   python_command_for_change_password 'rangertagsync' 'rangertagsync' 
"$rangerTagsync_password"
+        fi
+        if [ "${rangerUsersync_password}" != "" ] &&  [ 
"${rangerUsersync_password}" != "rangerusersync" ]
+        then
+   python_command_for_change_password 'rangerusersync' 'rangerusersync' 
"$rangerUsersync_password"
+        fi
+        if [ "${keyadmin_password}" != "" ] &&  [ "${keyadmin_password}" != 
"keyadmin" ]
+        then
+   python_command_for_change_password 'keyadmin' 'keyadmin' 
"$keyadmin_password"
+        fi
+}
 log " --------- Running Ranger PolicyManager Web Application Install Script 
--------- "
 log "[I] uname=`uname`"
 log "[I] hostname=`hostname`"
@@ -1407,6 +1432,10 @@ then
        if [ "$?" == "0" ]
        then
                $PYTHON_COMMAND_INVOKER db_setup.py -javapatch
+    if [ "$?" == "0" ]
+    then
+      change_default_users_password
+    fi
        else
                exit 1
        fi

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/tagsync/scripts/install.properties
----------------------------------------------------------------------
diff --git a/tagsync/scripts/install.properties 
b/tagsync/scripts/install.properties
index e2e3ecd..be33cc2 100644
--- a/tagsync/scripts/install.properties
+++ b/tagsync/scripts/install.properties
@@ -92,6 +92,9 @@ TAG_SOURCE_ATLASREST_SSL_CONFIG_FILENAME =
 unix_user=ranger
 unix_group=ranger
 
+#change password of rangerTagsync user. Please note that this password should 
be as per rangerTagsync user in ranger
+rangerTagsync_password=
+
 # Logs are stored in logdir
 logdir = log
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/tagsync/scripts/setup.py
----------------------------------------------------------------------
diff --git a/tagsync/scripts/setup.py b/tagsync/scripts/setup.py
index 9712e8c..1293303 100755
--- a/tagsync/scripts/setup.py
+++ b/tagsync/scripts/setup.py
@@ -506,7 +506,16 @@ def main():
 
        if isfile(hadoop_conf_full_path) and not isfile(tagsync_conf_full_path):
                        os.symlink(hadoop_conf_full_path, 
tagsync_conf_full_path)
-
+        rangerTagsync_password = globalDict['rangerTagsync_password']
+        rangerTagsync_name ='rangerTagsync'
+        endPoint='RANGER'
+        cmd = 'python updatetagadminpassword.py %s %s %s'  %(endPoint, 
rangerTagsync_name, rangerTagsync_password)
+        if rangerTagsync_password != "" :
+                output = os.system(cmd)
+                if (output == 0):
+                        print "[I] Successfully updated password of " + 
rangerTagsync_name +" user"
+                else:
+                        print "[ERROR] Unable to change password of " + 
rangerTagsync_name +" user."
        print "\nINFO: Completed ranger-tagsync installation.....\n"
 
 main()

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/tagsync/scripts/updatetagadminpassword.py
----------------------------------------------------------------------
diff --git a/tagsync/scripts/updatetagadminpassword.py 
b/tagsync/scripts/updatetagadminpassword.py
index 2c89e83..f3e3025 100644
--- a/tagsync/scripts/updatetagadminpassword.py
+++ b/tagsync/scripts/updatetagadminpassword.py
@@ -82,7 +82,7 @@ def write_properties_to_xml(xml_path, property_name='', 
property_value=''):
        else:
                return -1
 
-def main():
+def main(argv):
        global globalDict
        FORMAT = '%(asctime)-15s %(message)s'
        logging.basicConfig(format=FORMAT, level=logging.DEBUG)
@@ -118,7 +118,10 @@ def main():
        PASSWORD=''
        USERNAME_PROPERTY_NAME=''
        FILENAME_PROPERTY_NAME=''
-
+        if len(argv) == 4:
+                ENDPOINT=argv[1]
+                USERNAME=argv[2]
+                PASSWORD=argv[3]
        while ENDPOINT == "" or not (ENDPOINT == "ATLAS" or ENDPOINT == 
"RANGER"):
                sys.stdout.write('Enter Destination NAME (Ranger/Atlas):')
                sys.stdout.flush()
@@ -159,7 +162,6 @@ def main():
                        USERNAME = 'rangertagsync'
                else:
                        USERNAME = 'admin'
-
        while PASSWORD == "":
                PASSWORD=getpass.getpass("Enter " + " password for " + ENDPOINT 
+ " user " + USERNAME + ":")
 
@@ -183,4 +185,4 @@ def main():
        else:
                log("[E] Input Error","error")
 
-main()
+main(sys.argv)

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/unixauthservice/scripts/install.properties
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/install.properties 
b/unixauthservice/scripts/install.properties
index 88bce69..be8723c 100644
--- a/unixauthservice/scripts/install.properties
+++ b/unixauthservice/scripts/install.properties
@@ -49,6 +49,9 @@ SYNC_INTERVAL =
 unix_user=ranger
 unix_group=ranger
 
+#change password of rangerusersync user. Please note that this password should 
be as per rangerusersync user in ranger
+rangerUsersync_password=
+
 #Set to run in kerberos environment
 usersync_principal=
 usersync_keytab=

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index 5ae9123..f7b232c 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -366,6 +366,7 @@ def main():
     hadoop_conf = globalDict['hadoop_conf']
     pid_dir_path = globalDict['USERSYNC_PID_DIR_PATH']
     unix_user = globalDict['unix_user']
+    rangerUsersync_password = globalDict['rangerUsersync_password']
 
     if globalDict['SYNC_SOURCE'].lower() == SYNC_SOURCE_LDAP and 
globalDict.has_key('ROLE_ASSIGNMENT_LIST_DELIMITER') \
      and globalDict.has_key('USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER') and 
globalDict.has_key('USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER'):
@@ -592,5 +593,14 @@ def main():
     if isfile(hadoop_conf_full_path) and not isfile(usersync_conf_full_path):
         os.symlink(hadoop_conf_full_path, usersync_conf_full_path)
 
+    rangerUsersync_name ='rangerusersync'
+    cmd = 'python updatepolicymgrpassword.py %s %s'  %(rangerUsersync_name, 
rangerUsersync_password)
+
+    if rangerUsersync_password != "" :
+        output = os.system(cmd)
+        if (output == 0):
+          print "[I] Successfully updated password of " + rangerUsersync_name 
+" user"
+        else:
+          print "[ERROR] Unable to change password of " + rangerUsersync_name 
+" user."
 
 main()

http://git-wip-us.apache.org/repos/asf/ranger/blob/3b5686c5/unixauthservice/scripts/updatepolicymgrpassword.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/updatepolicymgrpassword.py 
b/unixauthservice/scripts/updatepolicymgrpassword.py
index 574ce3b..bd6d7dd 100644
--- a/unixauthservice/scripts/updatepolicymgrpassword.py
+++ b/unixauthservice/scripts/updatepolicymgrpassword.py
@@ -92,7 +92,7 @@ def populate_global_install_dict():
             value = value.strip()
             installglobalDict[key] = value
 
-def main():
+def main(argv):
        global globalDict
        populate_global_install_dict()
        FORMAT = '%(asctime)-15s %(message)s'
@@ -128,6 +128,10 @@ def main():
        unix_user = installglobalDict['unix_user']
        unix_group = installglobalDict['unix_group']
 
+        if len(argv) == 3:
+                SYNC_POLICY_MGR_USERNAME=argv[1]
+                SYNC_POLICY_MGR_PASSWORD=argv[2]
+
        while SYNC_POLICY_MGR_USERNAME == "":
                print "Enter policymgr user name:"
                SYNC_POLICY_MGR_USERNAME=raw_input()
@@ -156,4 +160,4 @@ def main():
        else:
                log("[E] Input Error","error")
 
-main()
+main(sys.argv)

Reply via email to