Repository: ranger Updated Branches: refs/heads/master b619bd596 -> 987abe806
RANGER-2113 : Improve error handling when of change password process gets killed. Signed-off-by: pradeep <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/987abe80 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/987abe80 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/987abe80 Branch: refs/heads/master Commit: 987abe8064529b08149a03ab22e2dbfbbe1cc0d8 Parents: b619bd5 Author: fatimaawez <[email protected]> Authored: Mon Jun 4 15:05:48 2018 +0530 Committer: pradeep <[email protected]> Committed: Mon Jun 4 15:52:57 2018 +0530 ---------------------------------------------------------------------- security-admin/scripts/db_setup.py | 175 +++++++++------ security-admin/scripts/setup.sh | 372 +++++++++++++++++--------------- 2 files changed, 301 insertions(+), 246 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/987abe80/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index f123dff..02701c7 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -119,16 +119,16 @@ def subprocessCallWithRetry(query): break return returnCode def dbversionBasedOnUserName(userName): - version = "" - if userName == "admin" : - version = 'DEFAULT_ADMIN_UPDATE' - if userName == "rangerusersync" : - version = 'DEFAULT_RANGER_USERSYNC_UPDATE' - if userName == "rangertagsync" : - version = 'DEFAULT_RANGER_TAGSYNC_UPDATE' - if userName == "keyadmin" : - version = 'DEFAULT_KEYADMIN_UPDATE' - return version + version = "" + if userName == "admin" : + version = 'DEFAULT_ADMIN_UPDATE' + if userName == "rangerusersync" : + version = 'DEFAULT_RANGER_USERSYNC_UPDATE' + if userName == "rangertagsync" : + version = 'DEFAULT_RANGER_TAGSYNC_UPDATE' + if userName == "keyadmin" : + version = 'DEFAULT_KEYADMIN_UPDATE' + return version class BaseDB(object): def check_connection(self, db_name, db_user, db_password): @@ -620,7 +620,7 @@ class MysqlConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): - log("[I] Ranger "+ userName +" default password has already been changed!!","info") + log("[I] Ranger "+ userName +" default password has already been changed!!","info") else: if is_unix: query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version) @@ -629,11 +629,18 @@ class MysqlConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): + countTries = 0 while(output.strip(version + " |")): - log("[I] Ranger Password change utility is being executed by some other process" ,"info") - time.sleep(retryPatchAfterSeconds) - jisql_log(query, db_password) - output = check_output(query) + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) else: if is_unix: query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host) @@ -644,10 +651,10 @@ class MysqlConf(BaseDB): jisql_log(query, db_password) ret = subprocess.call(query) if ret == 0: - log ("[I] Ranger "+ userName +" default password change request is in process..","info") + log ("[I] Ranger "+ userName +" default password change request is in process..","info") else: - log("[E] Ranger "+ userName +" default password change request failed", "error") - sys.exit(1) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) if is_unix: path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) elif os_name == "WINDOWS": @@ -858,7 +865,7 @@ class MysqlConf(BaseDB): query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) output = check_output(query) if not output.strip(version + " |"): - sys.exit(0) + sys.exit(0) class OracleConf(BaseDB): # Constructor @@ -1349,11 +1356,11 @@ class OracleConf(BaseDB): if is_unix: query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) elif os_name == "WINDOWS": - query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): - log("[I] Ranger "+ userName +" default password has already been changed!!","info") + log("[I] Ranger "+ userName +" default password has already been changed!!","info") else: if is_unix: query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version) @@ -1362,11 +1369,18 @@ class OracleConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): + countTries = 0 while(output.strip(version + " |")): - log("[I] Ranger Password change utility is being executed by some other process" ,"info") - time.sleep(retryPatchAfterSeconds) - jisql_log(query, db_password) - output = check_output(query) + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) else: if is_unix: query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host) @@ -1575,23 +1589,23 @@ class OracleConf(BaseDB): log("[I] "+ version +" status entry to x_db_version_h table completed", "info") def is_new_install(self, xa_db_host, db_user, db_password, db_name): - get_cmd = self.get_jisql_cmd(db_user, db_password) - if is_unix: - query = get_cmd + " -c \; -query \"select * from v$version;\"" - elif os_name == "WINDOWS": - query = get_cmd + " -query \"select * from v$version;\" -c ;" - output = check_output(query) - if not output.strip('Production |'): - sys.exit(0) - get_cmd = self.get_jisql_cmd(db_user, db_password) - version="J10001" - if is_unix: - query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) - output = check_output(query) - if not output.strip(version + " |"): - sys.exit(0) + get_cmd = self.get_jisql_cmd(db_user, db_password) + if is_unix: + query = get_cmd + " -c \; -query \"select * from v$version;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select * from v$version;\" -c ;" + output = check_output(query) + if not output.strip('Production |'): + sys.exit(0) + get_cmd = self.get_jisql_cmd(db_user, db_password) + version="J10001" + if is_unix: + query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + output = check_output(query) + if not output.strip(version + " |"): + sys.exit(0) class PostgresConf(BaseDB): # Constructor @@ -2057,11 +2071,11 @@ class PostgresConf(BaseDB): if is_unix: query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) elif os_name == "WINDOWS": - query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): - log("[I] Ranger "+ userName +" default password has already been changed!!","info") + log("[I] Ranger "+ userName +" default password has already been changed!!","info") else: if is_unix: query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version) @@ -2070,11 +2084,18 @@ class PostgresConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): + countTries = 0 while(output.strip(version + " |")): - log("[I] Ranger Password change utility is being executed by some other process" ,"info") - time.sleep(retryPatchAfterSeconds) - jisql_log(query, db_password) - output = check_output(query) + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) else: if is_unix: query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host) @@ -2290,7 +2311,7 @@ class PostgresConf(BaseDB): query = get_cmd + " -query \"SELECT 1;\" -c ;" output = check_output(query) if not output.strip('1 |'): - sys.exit(0) + sys.exit(0) get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) version="J10001" if is_unix: @@ -2299,7 +2320,7 @@ class PostgresConf(BaseDB): query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) output = check_output(query) if not output.strip(version + " |"): - sys.exit(0) + sys.exit(0) class SqlServerConf(BaseDB): # Constructor @@ -2707,7 +2728,7 @@ class SqlServerConf(BaseDB): if is_unix: query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version) elif os_name == "WINDOWS": - query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): @@ -2720,11 +2741,18 @@ class SqlServerConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): + countTries = 0 while(output.strip(version + " |")): - log("[I] Ranger Password change utility is being executed by some other process" ,"info") - time.sleep(retryPatchAfterSeconds) - jisql_log(query, db_password) - output = check_output(query) + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) else: if is_unix: query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host) @@ -2735,10 +2763,10 @@ class SqlServerConf(BaseDB): jisql_log(query, db_password) ret = subprocess.call(query) if ret == 0: - log ("[I] Ranger "+ userName +" default password change request is in process..","info") + log ("[I] Ranger "+ userName +" default password change request is in process..","info") else: - log("[E] Ranger "+ userName +" default password change request failed", "error") - sys.exit(1) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) if is_unix: path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) elif os_name == "WINDOWS": @@ -2940,7 +2968,7 @@ class SqlServerConf(BaseDB): query = get_cmd + " -query \"SELECT 1;\" -c ;" output = check_output(query) if not output.strip('1 |'): - sys.exit(0) + sys.exit(0) get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) version="J10001" if is_unix: @@ -2949,7 +2977,7 @@ class SqlServerConf(BaseDB): query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) output = check_output(query) if not output.strip(version + " |"): - sys.exit(0) + sys.exit(0) class SqlAnywhereConf(BaseDB): # Constructor @@ -3374,7 +3402,7 @@ class SqlAnywhereConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): - log("[I] Ranger "+ userName +" default password has already been changed!!","info") + log("[I] Ranger "+ userName +" default password has already been changed!!","info") else: if is_unix: query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version) @@ -3383,11 +3411,18 @@ class SqlAnywhereConf(BaseDB): jisql_log(query, db_password) output = check_output(query) if output.strip(version + " |"): + countTries = 0 while(output.strip(version + " |")): - log("[I] Ranger "+ userName +" change utility is being executed by some other process" ,"info") - time.sleep(retryPatchAfterSeconds) - jisql_log(query, db_password) - output = check_output(query) + if countTries < 3: + log("[I] Ranger Password change utility is being executed by some other process" ,"info") + time.sleep(retryPatchAfterSeconds) + jisql_log(query, db_password) + output = check_output(query) + countTries += 1 + else: + log("[E] Tried updating the password "+ str(countTries) + " times","error") + log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error") + sys.exit(1) else: if is_unix: query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host) @@ -3398,10 +3433,10 @@ class SqlAnywhereConf(BaseDB): jisql_log(query, db_password) ret = subprocess.call(query) if ret == 0: - log ("[I] Ranger "+ userName +" default password change request is in process..","info") + log ("[I] Ranger "+ userName +" default password change request is in process..","info") else: - log("[E] Ranger "+ userName +" default password change request failed", "error") - sys.exit(1) + log("[E] Ranger "+ userName +" default password change request failed", "error") + sys.exit(1) if is_unix: path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) elif os_name == "WINDOWS": @@ -3603,7 +3638,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -query \"SELECT 1;\" -c ;" output = check_output(query) if not output.strip('1 |'): - sys.exit(0) + sys.exit(0) get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) version="J10001" if is_unix: @@ -3612,7 +3647,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) output = check_output(query) if not output.strip(version + " |"): - sys.exit(0) + sys.exit(0) def main(argv): populate_global_dict() http://git-wip-us.apache.org/repos/asf/ranger/blob/987abe80/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 76baa4c..0b10e0f 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -20,32 +20,32 @@ # This script will install policymanager webapplication under tomcat and also, initialize the database with ranger users/tables. usage() { - [ "$*" ] && echo "$0: $*" - sed -n '/^##/,/^$/s/^## \{0,1\}//p' "$0" - exit 2 + [ "$*" ] && echo "$0: $*" + sed -n '/^##/,/^$/s/^## \{0,1\}//p' "$0" + exit 2 } 2>/dev/null log() { - local prefix="$(date +%Y-%m-%d\ %H:%M:%S,%3N) " - echo "${prefix} $@" >> $LOGFILE - echo "${prefix} $@" + local prefix="$(date +%Y-%m-%d\ %H:%M:%S,%3N) " + echo "${prefix} $@" >> $LOGFILE + echo "${prefix} $@" } get_prop(){ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi value=$(echo $validateProperty | cut -d "=" -f2-) if [[ $1 == *password* ]] - then - echo $value - else - echo $value | tr -d \'\" - fi + then + echo $value + else + echo $value | tr -d \'\" + fi } PROPFILE=${RANGER_ADMIN_CONF:-$PWD}/install.properties if [ ! -f "${PROPFILE}" ]; then - echo "$PROPFILE file not found....!!" - exit 1; + echo "$PROPFILE file not found....!!" + exit 1; fi LOGFILE=$(eval echo " $(get_prop 'LOGFILE' $PROPFILE)") @@ -156,31 +156,31 @@ check_ret_status(){ check_ret_status_for_groupadd(){ # 9 is the response if the group exists - if [ $1 -ne 0 ] && [ $1 -ne 9 ]; then - log "[E] $2"; - exit 1; - fi + if [ $1 -ne 0 ] && [ $1 -ne 9 ]; then + log "[E] $2"; + exit 1; + fi } check_user_pwd(){ - if [ -z "$1" ]; then - log "[E] The unix user password is empty. Please set user password."; - exit 1; - fi + if [ -z "$1" ]; then + log "[E] The unix user password is empty. Please set user password."; + exit 1; + fi } is_command () { - log "[I] check if command $1 exists" - type "$1" >/dev/null + log "[I] check if command $1 exists" + type "$1" >/dev/null } get_distro(){ log "[I] Checking distribution name.." ver=$(cat /etc/*{issues,release,version} 2> /dev/null) if [[ $(echo $ver | grep DISTRIB_ID) ]]; then - DIST_NAME=$(lsb_release -si) + DIST_NAME=$(lsb_release -si) else - DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1) + DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1) fi export $DIST_NAME log "[I] Found distribution : $DIST_NAME" @@ -193,9 +193,9 @@ getPropertyFromFileNoExit(){ if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; if [ $4 == "true" ] ; then - exit 1; + exit 1; else - value="" + value="" fi else value=$(echo $validateProperty | cut -d "=" -f2-) @@ -214,8 +214,8 @@ getPropertyFromFile(){ #Update Properties to File #$1 -> propertyName $2 -> newPropertyValue $3 -> fileName updatePropertyToFilePy(){ - python update_property.py $1 $2 $3 - check_ret_status $? "Update property failed for: " $1 + python update_property.py $1 $2 $3 + check_ret_status $? "Update property failed for: " $1 } init_variables(){ @@ -310,8 +310,8 @@ check_java_version() { if is_command ${JAVA_BIN} ; then log "[I] '${JAVA_BIN}' command found" else - log "[E] '${JAVA_BIN}' command not found" - exit 1; + log "[E] '${JAVA_BIN}' command not found" + exit 1; fi version=$("$JAVA_BIN" -version 2>&1 | awk -F '"' '/version/ {print $2}') @@ -334,9 +334,9 @@ sanity_check_files() { log "[I] $app_home folder found" else log "[E] $app_home does not exists" ; exit 1; - fi + fi if [ "${DB_FLAVOR}" == "MYSQL" ] - then + then if test -f $mysql_core_file; then log "[I] $mysql_core_file file found" else @@ -344,29 +344,29 @@ sanity_check_files() { fi fi if [ "${DB_FLAVOR}" == "ORACLE" ] - then - if test -f ${oracle_core_file}; then + then + if test -f ${oracle_core_file}; then log "[I] ${oracle_core_file} file found" - else - log "[E] ${oracle_core_file} does not exists" ; exit 1; + else + log "[E] ${oracle_core_file} does not exists" ; exit 1; + fi fi - fi - if [ "${DB_FLAVOR}" == "POSTGRES" ] - then - if test -f ${postgres_core_file}; then + if [ "${DB_FLAVOR}" == "POSTGRES" ] + then + if test -f ${postgres_core_file}; then log "[I] ${postgres_core_file} file found" - else - log "[E] ${postgres_core_file} does not exists" ; exit 1; + else + log "[E] ${postgres_core_file} does not exists" ; exit 1; + fi fi - fi - if [ "${DB_FLAVOR}" == "MSSQL" ] - then - if test -f ${sqlserver_core_file}; then + if [ "${DB_FLAVOR}" == "MSSQL" ] + then + if test -f ${sqlserver_core_file}; then log "[I] ${sqlserver_core_file} file found" - else - log "[E] ${sqlserver_core_file} does not exists" ; exit 1; + else + log "[E] ${sqlserver_core_file} does not exists" ; exit 1; + fi fi - fi if [ "${DB_FLAVOR}" == "SQLA" ] then if [ "${LD_LIBRARY_PATH}" == "" ] @@ -383,15 +383,15 @@ sanity_check_files() { } create_rollback_point() { - DATE=`date` - BAK_FILE=$APP-$VERSION.$DATE.bak - log "Creating backup file : $BAK_FILE" - cp "$APP" "$BAK_FILE" + DATE=`date` + BAK_FILE=$APP-$VERSION.$DATE.bak + log "Creating backup file : $BAK_FILE" + cp "$APP" "$BAK_FILE" } copy_db_connector(){ log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib "; - cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib + cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib check_ret_status $? "Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib failed" log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib DONE"; } @@ -406,76 +406,76 @@ update_properties() { log "[I] $to_file_ranger file found" else log "[E] $to_file_ranger does not exists" ; exit 1; - fi + fi to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml if test -f $to_file_default; then log "[I] $to_file_default file found" else log "[E] $to_file_default does not exists" ; exit 1; - fi + fi if [ "${spnego_principal}" != "" ] then - propertyName=ranger.spnego.kerberos.principal - newPropertyValue="${spnego_principal}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.spnego.kerberos.principal + newPropertyValue="${spnego_principal}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${spnego_keytab}" != "" ] then - propertyName=ranger.spnego.kerberos.keytab - newPropertyValue="${spnego_keytab}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.spnego.kerberos.keytab + newPropertyValue="${spnego_keytab}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${token_valid}" != "" ] then - propertyName=ranger.admin.kerberos.token.valid.seconds - newPropertyValue="${token_valid}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.admin.kerberos.token.valid.seconds + newPropertyValue="${token_valid}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${cookie_domain}" != "" ] then - propertyName=ranger.admin.kerberos.cookie.domain - newPropertyValue="${cookie_domain}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.admin.kerberos.cookie.domain + newPropertyValue="${cookie_domain}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${cookie_path}" != "" ] then - propertyName=ranger.admin.kerberos.cookie.path - newPropertyValue="${cookie_path}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.admin.kerberos.cookie.path + newPropertyValue="${cookie_path}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${admin_principal}" != "" ] then - propertyName=ranger.admin.kerberos.principal - newPropertyValue="${admin_principal}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.admin.kerberos.principal + newPropertyValue="${admin_principal}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${admin_keytab}" != "" ] then - propertyName=ranger.admin.kerberos.keytab - newPropertyValue="${admin_keytab}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.admin.kerberos.keytab + newPropertyValue="${admin_keytab}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${lookup_principal}" != "" ] - then - propertyName=ranger.lookup.kerberos.principal - newPropertyValue="${lookup_principal}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + then + propertyName=ranger.lookup.kerberos.principal + newPropertyValue="${lookup_principal}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${lookup_keytab}" != "" ] then - propertyName=ranger.lookup.kerberos.keytab - newPropertyValue="${lookup_keytab}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + propertyName=ranger.lookup.kerberos.keytab + newPropertyValue="${lookup_keytab}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi if [ "${db_ssl_enabled}" != "" ] @@ -954,25 +954,25 @@ update_properties() { do_unixauth_setup() { - ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml - if test -f $ldap_file; then - log "[I] $ldap_file file found" - - propertyName=ranger.authentication.method - newPropertyValue="${authentication_method}" - updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml + if test -f $ldap_file; then + log "[I] $ldap_file file found" + + propertyName=ranger.authentication.method + newPropertyValue="${authentication_method}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file - propertyName=ranger.unixauth.remote.login.enabled - newPropertyValue="${remoteLoginEnabled}" - updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + propertyName=ranger.unixauth.remote.login.enabled + newPropertyValue="${remoteLoginEnabled}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file - propertyName=ranger.unixauth.service.hostname - newPropertyValue="${authServiceHostName}" - updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + propertyName=ranger.unixauth.service.hostname + newPropertyValue="${authServiceHostName}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file - propertyName=ranger.unixauth.service.port - newPropertyValue="${authServicePort}" - updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + propertyName=ranger.unixauth.service.port + newPropertyValue="${authServicePort}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file else log "[E] $ldap_file does not exists" ; exit 1; fi @@ -982,7 +982,7 @@ do_authentication_setup(){ log "[I] Starting setup based on user authentication method=$authentication_method"; ./setup_authentication.sh $authentication_method $app_home - if [ $authentication_method = "LDAP" ] ; then + if [ $authentication_method = "LDAP" ] ; then log "[I] Loading LDAP attributes and properties"; newPropertyValue='' ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml @@ -1079,10 +1079,9 @@ do_authentication_setup(){ fi else log "[E] $ldap_file does not exists" ; exit 1; - + fi fi - fi - if [ $authentication_method = "ACTIVE_DIRECTORY" ] ; then + if [ $authentication_method = "ACTIVE_DIRECTORY" ] ; then log "[I] Loading ACTIVE DIRECTORY attributes and properties"; newPropertyValue='' ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml @@ -1167,22 +1166,22 @@ do_authentication_setup(){ else log "[E] $ldap_file does not exists" ; exit 1; fi - fi - if [ $authentication_method = "UNIX" ] ; then - do_unixauth_setup - fi - - if [ $authentication_method = "NONE" ] ; then - newPropertyValue='NONE' - ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml - if test -f $ldap_file; then - propertyName=ranger.authentication.method - newPropertyValue="${authentication_method}" - updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file - fi - fi + fi + if [ $authentication_method = "UNIX" ] ; then + do_unixauth_setup + fi + + if [ $authentication_method = "NONE" ] ; then + newPropertyValue='NONE' + ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml + if test -f $ldap_file; then + propertyName=ranger.authentication.method + newPropertyValue="${authentication_method}" + updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file + fi + fi - log "[I] Finished setup based on user authentication method=$authentication_method"; + log "[I] Finished setup based on user authentication method=$authentication_method"; } #===================================================================== setup_unix_user_group(){ @@ -1201,8 +1200,8 @@ setup_unix_user_group(){ if [ $? -ne 0 ] then check_user_pwd ${unix_user_pwd} - log "[I] Creating new user and adding to group" - useradd ${unix_user} -g ${unix_group} -m + log "[I] Creating new user and adding to group" + useradd ${unix_user} -g ${unix_group} -m check_ret_status $? "useradd ${unix_user} failed" passwdtmpfile=passwd.tmp @@ -1215,9 +1214,9 @@ EOF chpasswd < ${passwdtmpfile} rm -rf ${passwdtmpfile} else - useringroup=`id ${unix_user}` - useringrouparr=(${useringroup// / }) - if [[ ${useringrouparr[1]} =~ "(${unix_group})" ]] + useringroup=`id ${unix_user}` + useringrouparr=(${useringroup// / }) + if [[ ${useringrouparr[1]} =~ "(${unix_group})" ]] then log "[I] the ${unix_user} user already exists and belongs to group ${unix_group}" else @@ -1231,9 +1230,9 @@ EOF setup_install_files(){ log "[I] Setting up installation files and directory"; if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then - log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf" - mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf - cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf + log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf" + mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf + cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf fi echo "export RANGER_HADOOP_CONF_DIR=${hadoop_conf}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-hadoopconfdir.sh @@ -1259,53 +1258,54 @@ setup_install_files(){ fi if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then - log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib" - mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib + log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib" + mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib fi if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/lib fi if [ -d /etc/init.d ]; then - log "[I] Setting up init.d" - cp ${INSTALL_DIR}/ews/${RANGER_ADMIN_INITD} /etc/init.d/${RANGER_ADMIN} - chmod ug+rx /etc/init.d/${RANGER_ADMIN} + log "[I] Setting up init.d" + cp ${INSTALL_DIR}/ews/${RANGER_ADMIN_INITD} /etc/init.d/${RANGER_ADMIN} + chmod ug+rx /etc/init.d/${RANGER_ADMIN} - if [ -d /etc/rc2.d ] - then + if [ -d /etc/rc2.d ] + then RC_DIR=/etc/rc2.d log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... " rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} - fi + fi - if [ -d /etc/rc3.d ] - then + if [ -d /etc/rc3.d ] + then RC_DIR=/etc/rc3.d log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... " rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} - fi + fi - # SUSE has rc2.d and rc3.d under /etc/rc.d - if [ -d /etc/rc.d/rc2.d ] - then + # SUSE has rc2.d and rc3.d under /etc/rc.d + if [ -d /etc/rc.d/rc2.d ] + then RC_DIR=/etc/rc.d/rc2.d log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... " rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} - fi - if [ -d /etc/rc.d/rc3.d ] - then + fi + + if [ -d /etc/rc.d/rc3.d ] + then RC_DIR=/etc/rc.d/rc3.d log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... " rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN} ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} - fi + fi fi if [ -f /etc/init.d/${RANGER_ADMIN} ]; then if [ "${unix_user}" != "" ]; then @@ -1315,28 +1315,32 @@ setup_install_files(){ if [ -z "${RANGER_ADMIN_LOG_DIR}" ] || [ ${RANGER_ADMIN_LOG_DIR} == ${XAPOLICYMGR_DIR} ]; then RANGER_ADMIN_LOG_DIR=${XAPOLICYMGR_DIR}/ews/logs; - fi + fi + if [ ! -d ${RANGER_ADMIN_LOG_DIR} ]; then - log "[I] ${RANGER_ADMIN_LOG_DIR} Ranger Log folder" - mkdir -p ${RANGER_ADMIN_LOG_DIR} + log "[I] ${RANGER_ADMIN_LOG_DIR} Ranger Log folder" + mkdir -p ${RANGER_ADMIN_LOG_DIR} fi + if [ -d ${RANGER_ADMIN_LOG_DIR} ]; then - chown -R ${unix_user} ${RANGER_ADMIN_LOG_DIR} + chown -R ${unix_user} ${RANGER_ADMIN_LOG_DIR} fi + echo "export RANGER_ADMIN_LOG_DIR=${RANGER_ADMIN_LOG_DIR}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-logdir.sh chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-logdir.sh - if [ -z "${RANGER_PID_DIR_PATH}" ] - then - RANGER_PID_DIR_PATH=/var/run/ranger - fi + if [ -z "${RANGER_PID_DIR_PATH}" ] + then + RANGER_PID_DIR_PATH=/var/run/ranger + fi + if [ ! -d ${RANGER_PID_DIR_PATH} ]; then - log "[I]Creating Ranger PID folder: ${RANGER_PID_DIR_PATH}" - mkdir -p ${RANGER_PID_DIR_PATH} - if [ ! $? = "0" ];then - log "Make $RANGER_PID_DIR_PATH failure....!!"; - exit 1; - fi + log "[I]Creating Ranger PID folder: ${RANGER_PID_DIR_PATH}" + mkdir -p ${RANGER_PID_DIR_PATH} + if [ ! $? = "0" ];then + log "Make $RANGER_PID_DIR_PATH failure....!!"; + exit 1; + fi fi chown -R ${unix_user} ${RANGER_PID_DIR_PATH} @@ -1354,7 +1358,7 @@ setup_install_files(){ DB_SSL_PARAM="' -Djavax.net.ssl.keyStore=${javax_net_ssl_keyStore} -Djavax.net.ssl.keyStorePassword=${javax_net_ssl_keyStorePassword} -Djavax.net.ssl.trustStore=${javax_net_ssl_trustStore} -Djavax.net.ssl.trustStorePassword=${javax_net_ssl_trustStorePassword} '" fi echo "export DB_SSL_PARAM=${DB_SSL_PARAM}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-dbsslparam.sh - chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-dbsslparam.sh + chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-dbsslparam.sh else if [ -f ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-dbsslparam.sh ]; then DB_SSL_PARAM="" @@ -1365,11 +1369,11 @@ setup_install_files(){ log "[I] Setting up installation files and directory DONE"; if [ ! -f ${INSTALL_DIR}/rpm ]; then - if [ -d ${INSTALL_DIR} ] - then + if [ -d ${INSTALL_DIR} ] + then chown -R ${unix_user}:${unix_group} ${INSTALL_DIR} chown -R ${unix_user}:${unix_group} ${INSTALL_DIR}/* - fi + fi fi # Copy ranger-admin-services to /usr/bin @@ -1385,31 +1389,47 @@ python_command_for_change_password(){ validateDefaultUsersPassword(){ if [ "${2}" == "" ] then - log "[E] validatePassword(). Password for ${1} user cannot be blank" - exit 1 + log "[E] validatePassword(). Password for ${1} user cannot be blank" + exit 1 elif ! [[ ${#2} -ge 8 && "$2" =~ [A-Za-z] && "$2" =~ [0-9] ]] || [[ "${2}" =~ [\"\`\\"'"] ]] then - log "[E] validatePassword(). ${1} password change failed. Password should be minimum 8 characters with minimum one alphabet and one numeric. Unsupported special characters are \\\`'\"" - exit 1 + log "[E] validatePassword(). ${1} password change failed. Password should be minimum 8 characters with minimum one alphabet and one numeric. Unsupported special characters are \\\`'\"" + exit 1 fi } change_default_users_password(){ if [ "${rangerAdmin_password}" != "admin" ] then - python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}" + python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}" + if [ "$?" != "0" ] + then + exit 1 + fi fi if [ "${rangerTagsync_password}" != "rangertagsync" ] then - python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}" + python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}" + if [ "$?" != "0" ] + then + exit 1 + fi fi if [ "${rangerUsersync_password}" != "rangerusersync" ] then - python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}" + python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}" + if [ "$?" != "0" ] + then + exit 1 + fi fi if [ "${keyadmin_password}" != "keyadmin" ] then - python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}" + python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}" + if [ "$?" != "0" ] + then + exit 1 + fi fi } log " --------- Running Ranger PolicyManager Web Application Install Script --------- " @@ -1454,10 +1474,10 @@ then if [ "$?" == "0" ] then $PYTHON_COMMAND_INVOKER db_setup.py -javapatch - if [ "$?" == "0" ] - then - change_default_users_password - fi + if [ "$?" == "0" ] + then + change_default_users_password + fi else exit 1 fi
