This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 63df056 RANGER-2854: Make audit bootstrap property configurable
63df056 is described below
commit 63df056c754a2889ee4c6fc17d22529ca0cb7f6d
Author: pradeep <[email protected]>
AuthorDate: Thu Jun 11 17:03:10 2020 +0530
RANGER-2854: Make audit bootstrap property configurable
---
.../ranger/server/tomcat/EmbeddedServer.java | 32 ++++++++++++++++------
security-admin/scripts/install.properties | 5 +++-
security-admin/scripts/setup.sh | 17 +++++++++++-
.../conf.dist/ranger-admin-default-site.xml | 10 +++++--
.../main/resources/conf.dist/ranger-admin-site.xml | 9 ++++++
5 files changed, 60 insertions(+), 13 deletions(-)
diff --git
a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index e9da9cd..9df95fb 100644
---
a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++
b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -64,7 +64,11 @@ public class EmbeddedServer {
private static final String AUTH_TYPE_KERBEROS = "kerberos";
private static final String AUTHENTICATION_TYPE =
"hadoop.security.authentication";
private static final String ADMIN_USER_PRINCIPAL =
"ranger.admin.kerberos.principal";
+ private static final String AUDIT_SOURCE_TYPE =
"ranger.audit.source.type";
+ private static final String AUDIT_SOURCE_SOLR = "solr";
+ private static final String AUDIT_SOURCE_ES = "elasticsearch";
private static final String SOLR_BOOTSTRAP_ENABLED =
"ranger.audit.solr.bootstrap.enabled";
+ private static final String ES_BOOTSTRAP_ENABLED =
"ranger.audit.elasticsearch.bootstrap.enabled";
private static final String ADMIN_USER_KEYTAB =
"ranger.admin.kerberos.keytab";
private static final String ADMIN_NAME_RULES =
"hadoop.security.auth_to_local";
@@ -292,17 +296,29 @@ public class EmbeddedServer {
String servername =
EmbeddedServerUtil.getConfig("servername");
LOG.info("Server Name : " + servername);
if (servername.equalsIgnoreCase(ADMIN_SERVER_NAME)) {
- boolean solrBootstrapEnabled =
Boolean.valueOf(EmbeddedServerUtil.getConfig(SOLR_BOOTSTRAP_ENABLED, "true"));
- if (solrBootstrapEnabled) {
- try {
- SolrCollectionBootstrapper
solrSetup = new SolrCollectionBootstrapper();
- solrSetup.start();
- } catch (Exception e) {
- LOG.severe("Error while setting
solr " + e);
+ String auditSourceType =
EmbeddedServerUtil.getConfig(AUDIT_SOURCE_TYPE, "db");
+ if
(AUDIT_SOURCE_SOLR.equalsIgnoreCase(auditSourceType)) {
+ boolean solrBootstrapEnabled =
Boolean.valueOf(EmbeddedServerUtil.getConfig(SOLR_BOOTSTRAP_ENABLED, "true"));
+ if (solrBootstrapEnabled) {
+ try {
+
SolrCollectionBootstrapper solrSetup = new SolrCollectionBootstrapper();
+ solrSetup.start();
+ } catch (Exception e) {
+ LOG.severe("Error while
setting solr " + e);
+ }
+ }
+ } else if
(AUDIT_SOURCE_ES.equalsIgnoreCase(auditSourceType)) {
+ boolean esBootstrapEnabled =
Boolean.valueOf(EmbeddedServerUtil.getConfig(ES_BOOTSTRAP_ENABLED, "true"));
+ if (esBootstrapEnabled) {
+ try {
+
ElasticSearchIndexBootStrapper esSchemaSetup = new
ElasticSearchIndexBootStrapper();
+ esSchemaSetup.start();
+ } catch (Exception e) {
+ LOG.severe("Error while
setting elasticsearch " + e);
+ }
}
}
}
-
server.start();
server.getServer().await();
shutdownServer();
diff --git a/security-admin/scripts/install.properties
b/security-admin/scripts/install.properties
index cb79d12..a18bcd5 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -87,6 +87,9 @@ audit_elasticsearch_port=
audit_elasticsearch_protocol=
audit_elasticsearch_user=
audit_elasticsearch_password=
+audit_elasticsearch_index=
+audit_elasticsearch_bootstrap_enabled=true
+
# * audit_solr_url URL to Solr. E.g. http://<solr_host>:6083/solr/ranger_audits
audit_solr_urls=
@@ -101,7 +104,7 @@ audit_solr_no_shards=1
audit_solr_no_replica=1
audit_solr_max_shards_per_node=1
audit_solr_acl_user_list_sasl=solr,infra-solr
-
+audit_solr_bootstrap_enabled=true
#------------------------- DB CONFIG - END ----------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 61d351d..949c242 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -76,6 +76,8 @@ audit_elasticsearch_urls=$(get_prop
'audit_elasticsearch_urls' $PROPFILE)
audit_elasticsearch_port=$(get_prop 'audit_elasticsearch_port' $PROPFILE)
audit_elasticsearch_user=$(get_prop 'audit_elasticsearch_user' $PROPFILE)
audit_elasticsearch_password=$(get_prop 'audit_elasticsearch_password'
$PROPFILE)
+audit_elasticsearch_index=$(get_prop 'audit_elasticsearch_index' $PROPFILE)
+audit_elasticsearch_bootstrap_enabled=$(get_prop
'audit_elasticsearch_bootstrap_enabled' $PROPFILE)
audit_solr_urls=$(get_prop 'audit_solr_urls' $PROPFILE)
audit_solr_user=$(get_prop 'audit_solr_user' $PROPFILE)
audit_solr_password=$(get_prop 'audit_solr_password' $PROPFILE)
@@ -154,7 +156,7 @@ audit_solr_no_shards=$(get_prop 'audit_solr_no_shards'
$PROPFILE)
audit_solr_no_replica=$(get_prop 'audit_solr_no_replica' $PROPFILE)
audit_solr_max_shards_per_node=$(get_prop 'audit_solr_max_shards_per_node'
$PROPFILE)
audit_solr_acl_user_list_sasl=$(get_prop 'audit_solr_acl_user_list_sasl'
$PROPFILE)
-
+audit_solr_bootstrap_enabled=$(get_prop 'audit_solr_bootstrap_enabled'
$PROPFILE)
DB_HOST="${db_host}"
@@ -711,6 +713,10 @@ update_properties() {
propertyName=ranger.audit.solr.urls
newPropertyValue=${audit_solr_urls}
updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+
+ propertyName=ranger.audit.solr.bootstrap.enabled
+ newPropertyValue=${audit_solr_bootstrap_enabled}
+ updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
fi
if [ "${audit_store}" == "elasticsearch" ]
@@ -730,6 +736,15 @@ update_properties() {
propertyName=ranger.audit.elasticsearch.password
newPropertyValue=${audit_elasticsearch_password}
updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+
+ propertyName=ranger.audit.elasticsearch.index
+ newPropertyValue=${audit_elasticsearch_index}
+ updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+
+ propertyName=ranger.audit.elasticsearch.bootstrap.enabled
+ newPropertyValue=${audit_elasticsearch_bootstrap_enabled}
+ updatePropertyToFilePy $propertyName $newPropertyValue
$to_file_ranger
+
fi
if [ "${audit_store}" != "" ]
diff --git
a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index fffd950..fcd4bd0 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -466,9 +466,13 @@
<description>Time in milliseconds</description>
</property>
<property>
- <name>ranger.audit.solr.bootstrap.enabled</name>
- <value>true</value>
- </property>
+ <name>ranger.audit.solr.bootstrap.enabled</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>ranger.audit.elasticsearch.bootstrap.enabled</name>
+ <value>true</value>
+ </property>
<property>
<name>ranger.audit.solr.max.retry</name>
<value>30</value>
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
index 5dc14ab..c410984 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml
@@ -66,6 +66,15 @@
<description></description>
</property>
<property>
+ <name>ranger.audit.elasticsearch.index</name>
+ <value></value>
+ <description></description>
+ </property>
+ <property>
+ <name>ranger.audit.elasticsearch.bootstrap.enabled</name>
+ <value>true</value>
+ </property>
+ <property>
<name>ranger.audit.solr.urls</name>
<value>http://##solr_host##:6083/solr/ranger_audits</value>
<description></description>
