This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-5373 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 23f4099c29e4bb3ed5be1936aa8ade4cf97d6d85 Author: Madhan Neethiraj <[email protected]> AuthorDate: Sun Oct 19 15:25:59 2025 -0700 RANGER-5373: addressed review comments; verified kerberos authentication in admin, usersync and tagsync services --- dev-support/ranger-docker/Dockerfile.ranger | 1 + dev-support/ranger-docker/Dockerfile.ranger-kms | 1 + dev-support/ranger-docker/Dockerfile.ranger-tagsync | 1 + dev-support/ranger-docker/Dockerfile.ranger-usersync | 1 + dev-support/ranger-docker/config/kdc/entrypoint.sh | 2 +- dev-support/ranger-docker/config/kdc/krb5.conf | 8 +++----- dev-support/ranger-docker/docker-compose.ranger-build.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-db.yml | 8 ++++---- dev-support/ranger-docker/docker-compose.ranger-hadoop.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-hbase.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-hive.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-kafka.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-kdc.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-kms.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-knox.yml | 2 +- .../ranger-docker/docker-compose.ranger-tagsync.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger-trino.yml | 2 +- .../ranger-docker/docker-compose.ranger-usersync.yml | 2 +- dev-support/ranger-docker/docker-compose.ranger.yml | 6 +++--- dev-support/ranger-docker/scripts/core-site-kerberos.xml | 11 +++++++++++ .../ranger-docker/scripts/create-ranger-services.py | 2 +- dev-support/ranger-docker/scripts/hbase-site.xml | 4 ++-- dev-support/ranger-docker/scripts/hive-site-mysql.xml | 2 +- dev-support/ranger-docker/scripts/hive-site-oracle.xml | 2 +- dev-support/ranger-docker/scripts/hive-site-postgres.xml | 2 +- dev-support/ranger-docker/scripts/hive-site-sqlserver.xml | 2 +- .../scripts/ranger-admin-install-mysql.properties | 12 ++++++------ .../scripts/ranger-admin-install-oracle.properties | 12 ++++++------ .../scripts/ranger-admin-install-postgres.properties | 12 ++++++------ .../scripts/ranger-admin-install-sqlserver.properties | 12 ++++++------ dev-support/ranger-docker/scripts/ranger-kafka-setup.sh | 2 +- .../scripts/ranger-kms-install-mysql.properties | 4 ++-- .../scripts/ranger-kms-install-oracle.properties | 4 ++-- .../scripts/ranger-kms-install-postgres.properties | 4 ++-- .../scripts/ranger-kms-install-sqlserver.properties | 4 ++-- dev-support/ranger-docker/scripts/ranger-kms.sh | 5 +++++ dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml | 14 +++++++------- .../scripts/ranger-tagsync-install.properties | 13 +++++-------- dev-support/ranger-docker/scripts/ranger-tagsync.sh | 5 +++++ .../scripts/ranger-trino-plugin-install.properties | 4 ++-- .../scripts/ranger-usersync-install.properties | 4 ++-- dev-support/ranger-docker/scripts/ranger-usersync.sh | 5 +++++ dev-support/ranger-docker/scripts/ranger.sh | 5 +++++ 43 files changed, 113 insertions(+), 83 deletions(-) diff --git a/dev-support/ranger-docker/Dockerfile.ranger b/dev-support/ranger-docker/Dockerfile.ranger index eac69fc88..4d70080ed 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger +++ b/dev-support/ranger-docker/Dockerfile.ranger @@ -29,6 +29,7 @@ COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz /home/ranger/dist/ COPY ./scripts/ranger.sh ${RANGER_SCRIPTS}/ COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties COPY ./scripts/create-ranger-services.py ${RANGER_SCRIPTS}/ +COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/ RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \ && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-kms b/dev-support/ranger-docker/Dockerfile.ranger-kms index eb8e967f4..805446fc5 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-kms +++ b/dev-support/ranger-docker/Dockerfile.ranger-kms @@ -26,6 +26,7 @@ COPY ./dist/ranger-${KMS_VERSION}-kms.tar.gz /home/ranger/dist COPY ./scripts/ranger-kms.sh ${RANGER_SCRIPTS}/ COPY ./scripts/ranger-kms-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-kms-install.properties +COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/ RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz --directory=${RANGER_HOME} && \ ln -s ${RANGER_HOME}/ranger-${KMS_VERSION}-kms ${RANGER_HOME}/kms && \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-tagsync b/dev-support/ranger-docker/Dockerfile.ranger-tagsync index 31d610982..f9c1ab400 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-tagsync +++ b/dev-support/ranger-docker/Dockerfile.ranger-tagsync @@ -26,6 +26,7 @@ COPY ./dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz /home/ranger/dist/ COPY ./scripts/ranger-tagsync.sh ${RANGER_SCRIPTS}/ COPY ./scripts/ranger-tagsync-install.properties ${RANGER_SCRIPTS}/ COPY ./scripts/ranger-tagsync-tags.json ${RANGER_SCRIPTS}/ +COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/ RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --directory=${RANGER_HOME} && \ ln -s ${RANGER_HOME}/ranger-${TAGSYNC_VERSION}-tagsync ${RANGER_HOME}/tagsync && \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-usersync b/dev-support/ranger-docker/Dockerfile.ranger-usersync index 47d7b102e..1211c6881 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-usersync +++ b/dev-support/ranger-docker/Dockerfile.ranger-usersync @@ -26,6 +26,7 @@ COPY ./dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz /home/ranger/dist/ COPY ./scripts/ranger-usersync.sh ${RANGER_SCRIPTS}/ COPY ./scripts/ranger-usersync-install.properties ${RANGER_SCRIPTS}/ COPY ./scripts/ugsync-file-source.csv ${RANGER_SCRIPTS}/ +COPY ./scripts/core-site-kerberos.xml ${RANGER_SCRIPTS}/ RUN tar xvfz /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz --directory=${RANGER_HOME} && \ ln -s ${RANGER_HOME}/ranger-${USERSYNC_VERSION}-usersync ${RANGER_HOME}/usersync && \ diff --git a/dev-support/ranger-docker/config/kdc/entrypoint.sh b/dev-support/ranger-docker/config/kdc/entrypoint.sh index 8d35e16f6..339a76866 100644 --- a/dev-support/ranger-docker/config/kdc/entrypoint.sh +++ b/dev-support/ranger-docker/config/kdc/entrypoint.sh @@ -19,7 +19,7 @@ set -e REALM="${REALM:-EXAMPLE.COM}" -KDC_HOST="${KDC_HOST:-ranger-kdc.example.com}" +KDC_HOST="${KDC_HOST:-ranger-kdc.rangernw}" MASTER_PASSWORD="${MASTER_PASSWORD:-masterpassword}" ADMIN_PRINC="${ADMIN_PRINCIPAL:-admin/admin}" ADMIN_PASSWORD="${ADMIN_PASSWORD:-adminpassword}" diff --git a/dev-support/ranger-docker/config/kdc/krb5.conf b/dev-support/ranger-docker/config/kdc/krb5.conf index 5fa04110f..fffba1c83 100644 --- a/dev-support/ranger-docker/config/kdc/krb5.conf +++ b/dev-support/ranger-docker/config/kdc/krb5.conf @@ -7,11 +7,9 @@ [realms] EXAMPLE.COM = { - kdc = ranger-kdc.example.com - admin_server = ranger-kdc.example.com + kdc = ranger-kdc.rangernw + admin_server = ranger-kdc.rangernw } [domain_realm] - .example.com = EXAMPLE.COM - example.com = EXAMPLE.COM - + .rangernw = EXAMPLE.COM diff --git a/dev-support/ranger-docker/docker-compose.ranger-build.yml b/dev-support/ranger-docker/docker-compose.ranger-build.yml index cfdd6a8c2..38ca4ab50 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-build.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-build.yml @@ -8,7 +8,7 @@ services: - RANGER_BASE_BUILD_VERSION=${RANGER_BASE_BUILD_VERSION} image: ranger-build container_name: ranger-build - hostname: ranger-build.example.com + hostname: ranger-build.rangernw networks: - ranger volumes: diff --git a/dev-support/ranger-docker/docker-compose.ranger-db.yml b/dev-support/ranger-docker/docker-compose.ranger-db.yml index 3688a2a6d..5a3dda120 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-db.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-db.yml @@ -7,7 +7,7 @@ services: - POSTGRES_VERSION=${POSTGRES_VERSION} image: ranger-postgres container_name: ranger-postgres - hostname: ranger-db.example.com + hostname: ranger-db.rangernw ports: - "5432:5432" networks: @@ -27,7 +27,7 @@ services: image: ranger-mysql command: --default-authentication-plugin=mysql_native_password container_name: ranger-mysql - hostname: ranger-db.example.com + hostname: ranger-db.rangernw ports: - "3306:3306" networks: @@ -47,7 +47,7 @@ services: - ORACLE_VERSION=${ORACLE_VERSION} image: ranger-oracle container_name: ranger-oracle - hostname: ranger-db.example.com + hostname: ranger-db.rangernw ports: - "1521:1521" networks: @@ -66,7 +66,7 @@ services: - SQLSERVER_VERSION=${SQLSERVER_VERSION} image: ranger-sqlserver container_name: ranger-sqlserver - hostname: ranger-db.example.com + hostname: ranger-db.rangernw ports: - "1433:1433" networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-hadoop.yml b/dev-support/ranger-docker/docker-compose.ranger-hadoop.yml index 132ec80e1..735c5c7cb 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-hadoop.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-hadoop.yml @@ -12,7 +12,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-hadoop container_name: ranger-hadoop - hostname: ranger-hadoop.example.com + hostname: ranger-hadoop.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-hbase.yml b/dev-support/ranger-docker/docker-compose.ranger-hbase.yml index 8e4e90bbf..bc0519215 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-hbase.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-hbase.yml @@ -11,7 +11,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-hbase container_name: ranger-hbase - hostname: ranger-hbase.example.com + hostname: ranger-hbase.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-hive.yml b/dev-support/ranger-docker/docker-compose.ranger-hive.yml index f2bddc924..6beb4508e 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-hive.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-hive.yml @@ -13,7 +13,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-hive container_name: ranger-hive - hostname: ranger-hive.example.com + hostname: ranger-hive.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-kafka.yml b/dev-support/ranger-docker/docker-compose.ranger-kafka.yml index 6f5c77bb6..f32c64d54 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-kafka.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-kafka.yml @@ -11,7 +11,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-kafka container_name: ranger-kafka - hostname: ranger-kafka.example.com + hostname: ranger-kafka.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-kdc.yml b/dev-support/ranger-docker/docker-compose.ranger-kdc.yml index 14012199f..a73e4c22e 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-kdc.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-kdc.yml @@ -11,7 +11,7 @@ services: - ADMIN_PASSWORD=${KERBEROS_ADMIN_PASSWORD} image: ranger-kdc:latest container_name: ranger-kdc - hostname: ranger-kdc.example.com + hostname: ranger-kdc.rangernw networks: - ranger ports: diff --git a/dev-support/ranger-docker/docker-compose.ranger-kms.yml b/dev-support/ranger-docker/docker-compose.ranger-kms.yml index 0a0a743e6..df2ca3611 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-kms.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-kms.yml @@ -11,7 +11,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-kms:latest container_name: ranger-kms - hostname: ranger-kms.example.com + hostname: ranger-kms.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-knox.yml b/dev-support/ranger-docker/docker-compose.ranger-knox.yml index 3f6ed0c01..024c647c2 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-knox.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-knox.yml @@ -11,7 +11,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-knox container_name: ranger-knox - hostname: ranger-knox.example.com + hostname: ranger-knox.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml index faa6a2807..aed9b2fdd 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml @@ -10,7 +10,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-tagsync container_name: ranger-tagsync - hostname: ranger-tagsync.example.com + hostname: ranger-tagsync.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger-trino.yml b/dev-support/ranger-docker/docker-compose.ranger-trino.yml index 3239c4b69..6ee95df71 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-trino.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-trino.yml @@ -8,7 +8,7 @@ services: - TRINO_VERSION=${TRINO_VERSION} - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-trino - hostname: ranger-trino + hostname: ranger-trino.rangernw container_name: ranger-trino stdin_open: true tty: true diff --git a/dev-support/ranger-docker/docker-compose.ranger-usersync.yml b/dev-support/ranger-docker/docker-compose.ranger-usersync.yml index a07e8b486..4db0ec280 100644 --- a/dev-support/ranger-docker/docker-compose.ranger-usersync.yml +++ b/dev-support/ranger-docker/docker-compose.ranger-usersync.yml @@ -10,7 +10,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-usersync container_name: ranger-usersync - hostname: ranger-usersync.example.com + hostname: ranger-usersync.rangernw stdin_open: true tty: true networks: diff --git a/dev-support/ranger-docker/docker-compose.ranger.yml b/dev-support/ranger-docker/docker-compose.ranger.yml index 49fcec642..1e757342a 100644 --- a/dev-support/ranger-docker/docker-compose.ranger.yml +++ b/dev-support/ranger-docker/docker-compose.ranger.yml @@ -11,7 +11,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger:latest container_name: ranger - hostname: ranger.example.com + hostname: ranger.rangernw stdin_open: true tty: true networks: @@ -47,7 +47,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-zk container_name: ranger-zk - hostname: ranger-zk.example.com + hostname: ranger-zk.rangernw volumes: - ./config/kdc/keytabs:/etc/keytabs networks: @@ -66,7 +66,7 @@ services: - KERBEROS_ENABLED=${KERBEROS_ENABLED} image: ranger-solr container_name: ranger-solr - hostname: ranger-solr.example.com + hostname: ranger-solr.rangernw volumes: - ./config/kdc/keytabs:/etc/keytabs networks: diff --git a/dev-support/ranger-docker/scripts/core-site-kerberos.xml b/dev-support/ranger-docker/scripts/core-site-kerberos.xml new file mode 100644 index 000000000..73a5d29bd --- /dev/null +++ b/dev-support/ranger-docker/scripts/core-site-kerberos.xml @@ -0,0 +1,11 @@ +<?xml version="1.0"?> +<configuration> + <property> + <name>hadoop.security.authentication</name> + <value>kerberos</value> + </property> + <property> + <name>hadoop.security.auth_to_local</name> + <value>DEFAULT</value> + </property> +</configuration> diff --git a/dev-support/ranger-docker/scripts/create-ranger-services.py b/dev-support/ranger-docker/scripts/create-ranger-services.py index 7e0ad7e38..230236d4c 100644 --- a/dev-support/ranger-docker/scripts/create-ranger-services.py +++ b/dev-support/ranger-docker/scripts/create-ranger-services.py @@ -29,7 +29,7 @@ def service_not_exists(service): kafka = RangerService({'name': 'dev_kafka', 'type': 'kafka', 'configs': {'username': 'kafka', 'password': 'kafka', - 'zookeeper.connect': 'ranger-zk.example.com:2181', + 'zookeeper.connect': 'ranger-zk.rangernw:2181', 'ranger.plugin.kafka.policy.refresh.synchronous':'true'}}) knox = RangerService({'name': 'dev_knox', 'type': 'knox', diff --git a/dev-support/ranger-docker/scripts/hbase-site.xml b/dev-support/ranger-docker/scripts/hbase-site.xml index 6789bf19f..08449b49e 100644 --- a/dev-support/ranger-docker/scripts/hbase-site.xml +++ b/dev-support/ranger-docker/scripts/hbase-site.xml @@ -43,10 +43,10 @@ </property> <property> <name>hbase.rootdir</name> - <value>hdfs://ranger-hadoop.example.com:9000/hbase</value> + <value>hdfs://ranger-hadoop.rangernw:9000/hbase</value> </property> <property> <name>hbase.zookeeper.quorum</name> - <value>ranger-zk.example.com</value> + <value>ranger-zk.rangernw</value> </property> </configuration> diff --git a/dev-support/ranger-docker/scripts/hive-site-mysql.xml b/dev-support/ranger-docker/scripts/hive-site-mysql.xml index 118cdbbca..77ffc6996 100644 --- a/dev-support/ranger-docker/scripts/hive-site-mysql.xml +++ b/dev-support/ranger-docker/scripts/hive-site-mysql.xml @@ -43,7 +43,7 @@ <property> <name>hive.zookeeper.quorum</name> - <value>ranger-zk.example.com</value> + <value>ranger-zk.rangernw</value> </property> <property> <name>hive.zookeeper.client.port</name> diff --git a/dev-support/ranger-docker/scripts/hive-site-oracle.xml b/dev-support/ranger-docker/scripts/hive-site-oracle.xml index 2b8cc5e08..55b02c2db 100644 --- a/dev-support/ranger-docker/scripts/hive-site-oracle.xml +++ b/dev-support/ranger-docker/scripts/hive-site-oracle.xml @@ -43,7 +43,7 @@ <property> <name>hive.zookeeper.quorum</name> - <value>ranger-zk.example.com</value> + <value>ranger-zk.rangernw</value> </property> <property> <name>hive.zookeeper.client.port</name> diff --git a/dev-support/ranger-docker/scripts/hive-site-postgres.xml b/dev-support/ranger-docker/scripts/hive-site-postgres.xml index 55343a323..24771a4ad 100644 --- a/dev-support/ranger-docker/scripts/hive-site-postgres.xml +++ b/dev-support/ranger-docker/scripts/hive-site-postgres.xml @@ -43,7 +43,7 @@ <property> <name>hive.zookeeper.quorum</name> - <value>ranger-zk.example.com</value> + <value>ranger-zk.rangernw</value> </property> <property> <name>hive.zookeeper.client.port</name> diff --git a/dev-support/ranger-docker/scripts/hive-site-sqlserver.xml b/dev-support/ranger-docker/scripts/hive-site-sqlserver.xml index 5bed21c2d..51eba6422 100644 --- a/dev-support/ranger-docker/scripts/hive-site-sqlserver.xml +++ b/dev-support/ranger-docker/scripts/hive-site-sqlserver.xml @@ -41,7 +41,7 @@ </property> <property> <name>hive.zookeeper.quorum</name> - <value>ranger-zk.example.com</value> + <value>ranger-zk.rangernw</value> </property> <property> <name>hive.zookeeper.client.port</name> diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install-mysql.properties b/dev-support/ranger-docker/scripts/ranger-admin-install-mysql.properties index 6b927d6a1..55760159d 100644 --- a/dev-support/ranger-docker/scripts/ranger-admin-install-mysql.properties +++ b/dev-support/ranger-docker/scripts/ranger-admin-install-mysql.properties @@ -92,10 +92,10 @@ hadoop_conf= authentication_method=UNIX #------------ Kerberos Config ----------------- -spnego_principal=HTTP/_HOST@REALM -spnego_keytab=/etc/keytabs/HTTP.keytab +spnego_principal=HTTP/[email protected] +spnego_keytab=/opt/ranger/admin/keytabs/HTTP.keytab token_valid=30 -admin_principal=rangeradmin/_HOST@REALM -admin_keytab=/etc/keytabs/rangeradmin.keytab -lookup_principal=rangerlookup/_HOST@REALM -lookup_keytab=/etc/keytabs/rangerlookup.keytab +admin_principal=rangeradmin/[email protected] +admin_keytab=/opt/ranger/admin/keytabs/rangeradmin.keytab +lookup_principal=rangerlookup/[email protected] +lookup_keytab=/opt/ranger/admin/keytabs/rangerlookup.keytab diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties b/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties index 1bfaca6f4..4de7bf0e8 100644 --- a/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties +++ b/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties @@ -93,10 +93,10 @@ hadoop_conf= authentication_method=UNIX #------------ Kerberos Config ----------------- -spnego_principal=HTTP/_HOST@REALM -spnego_keytab=/etc/keytabs/HTTP.keytab +spnego_principal=HTTP/[email protected] +spnego_keytab=/opt/ranger/admin/keytabs/HTTP.keytab token_valid=30 -admin_principal=rangeradmin/_HOST@REALM -admin_keytab=/etc/keytabs/rangeradmin.keytab -lookup_principal=rangerlookup/_HOST@REALM -lookup_keytab=/etc/keytabs/rangerlookup.keytab +admin_principal=rangeradmin/[email protected] +admin_keytab=/opt/ranger/admin/keytabs/rangeradmin.keytab +lookup_principal=rangerlookup/[email protected] +lookup_keytab=/opt/ranger/admin/keytabs/rangerlookup.keytab diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties b/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties index 291d98527..09804e1b0 100644 --- a/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties +++ b/dev-support/ranger-docker/scripts/ranger-admin-install-postgres.properties @@ -92,10 +92,10 @@ hadoop_conf= authentication_method=UNIX #------------ Kerberos Config ----------------- -spnego_principal=HTTP/_HOST@REALM -spnego_keytab=/etc/keytabs/HTTP.keytab +spnego_principal=HTTP/[email protected] +spnego_keytab=/opt/ranger/admin/keytabs/HTTP.keytab token_valid=30 -admin_principal=rangeradmin/_HOST@REALM -admin_keytab=/etc/keytabs/rangeradmin.keytab -lookup_principal=rangerlookup/_HOST@REALM -lookup_keytab=/etc/keytabs/rangerlookup.keytab +admin_principal=rangeradmin/[email protected] +admin_keytab=/opt/ranger/admin/keytabs/rangeradmin.keytab +lookup_principal=rangerlookup/[email protected] +lookup_keytab=/opt/ranger/admin/keytabs/rangerlookup.keytab diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install-sqlserver.properties b/dev-support/ranger-docker/scripts/ranger-admin-install-sqlserver.properties index 7cf0d0bc6..e957f01be 100644 --- a/dev-support/ranger-docker/scripts/ranger-admin-install-sqlserver.properties +++ b/dev-support/ranger-docker/scripts/ranger-admin-install-sqlserver.properties @@ -99,10 +99,10 @@ hadoop_conf= authentication_method=UNIX #------------ Kerberos Config ----------------- -spnego_principal=HTTP/_HOST@REALM -spnego_keytab=/etc/keytabs/HTTP.keytab +spnego_principal=HTTP/[email protected] +spnego_keytab=/opt/ranger/admin/keytabs/HTTP.keytab token_valid=30 -admin_principal=rangeradmin/_HOST@REALM -admin_keytab=/etc/keytabs/rangeradmin.keytab -lookup_principal=rangerlookup/_HOST@REALM -lookup_keytab=/etc/keytabs/rangerlookup.keytab +admin_principal=rangeradmin/[email protected] +admin_keytab=/opt/ranger/admin/keytabs/rangeradmin.keytab +lookup_principal=rangerlookup/[email protected] +lookup_keytab=/opt/ranger/admin/keytabs/rangerlookup.keytab diff --git a/dev-support/ranger-docker/scripts/ranger-kafka-setup.sh b/dev-support/ranger-docker/scripts/ranger-kafka-setup.sh index 51c91195f..c9dea2ab0 100755 --- a/dev-support/ranger-docker/scripts/ranger-kafka-setup.sh +++ b/dev-support/ranger-docker/scripts/ranger-kafka-setup.sh @@ -27,7 +27,7 @@ chown -R kafka:hadoop /opt/kafka/ cd ${RANGER_HOME}/ranger-kafka-plugin ./enable-kafka-plugin.sh -sed -i 's/localhost:2181/ranger-zk.example.com:2181/' ${KAFKA_HOME}/config/server.properties +sed -i 's/localhost:2181/ranger-zk.rangernw:2181/' ${KAFKA_HOME}/config/server.properties echo >> ${KAFKA_HOME}/config/server.properties echo "authorizer.class.name=org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer" >> ${KAFKA_HOME}/config/server.properties diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties index ed7ab2d82..ce0e21f19 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties @@ -67,8 +67,8 @@ COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd #------------------------- Ranger KMS Kerberos Configuration --------------------------- -kms_principal= -kms_keytab= +kms_principal=rangerkms/[email protected] +kms_keytab=/opt/ranger/kms/keytabs/rangerkms.keytab hadoop_conf= #------------------------- Ranger KMS HSM CONFIG ------------------------------ diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties index 33097eb40..d83f780a0 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties @@ -68,8 +68,8 @@ COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd #------------------------- Ranger KMS Kerberos Configuration --------------------------- -kms_principal= -kms_keytab= +kms_principal=rangerkms/[email protected] +kms_keytab=/opt/ranger/kms/keytabs/rangerkms.keytab hadoop_conf= #------------------------- Ranger KMS HSM CONFIG ------------------------------ diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties index 35a369007..f549c7426 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties @@ -67,8 +67,8 @@ COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd #------------------------- Ranger KMS Kerberos Configuration --------------------------- -kms_principal= -kms_keytab= +kms_principal=rangerkms/[email protected] +kms_keytab=/opt/ranger/kms/keytabs/rangerkms.keytab hadoop_conf= #------------------------- Ranger KMS HSM CONFIG ------------------------------ diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties index 04c96989b..1f0d51b00 100644 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties @@ -72,8 +72,8 @@ COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd #------------------------- Ranger KMS Kerberos Configuration --------------------------- -kms_principal= -kms_keytab= +kms_principal=rangerkms/[email protected] +kms_keytab=/opt/ranger/kms/keytabs/rangerkms.keytab hadoop_conf= #------------------------- Ranger KMS HSM CONFIG ------------------------------ diff --git a/dev-support/ranger-docker/scripts/ranger-kms.sh b/dev-support/ranger-docker/scripts/ranger-kms.sh index 9f450d5fb..06ac006e0 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms.sh +++ b/dev-support/ranger-docker/scripts/ranger-kms.sh @@ -35,6 +35,11 @@ then cd "${RANGER_HOME}"/kms || exit if ./setup.sh; then + if [ "${KERBEROS_ENABLED}" == "true" ] + then + cp ${RANGER_SCRIPTS}/core-site-kerberos.xml ${RANGER_HOME}/kms/ews/webapp/WEB-INF/classes/conf/core-site.xml + fi + touch "${RANGER_HOME}"/.setupDone else echo "Ranger KMS Setup Script didn't complete proper execution." diff --git a/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml b/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml index c6ae98605..0da825ff4 100644 --- a/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml +++ b/dev-support/ranger-docker/scripts/ranger-knox-sandbox.xml @@ -88,22 +88,22 @@ <service> <role>NAMENODE</role> - <url>hdfs://ranger-hadoop.example.com:8020</url> + <url>hdfs://ranger-hadoop.rangernw:8020</url> </service> <service> <role>JOBTRACKER</role> - <url>rpc://ranger-hadoop.example.com:8050</url> + <url>rpc://ranger-hadoop.rangernw:8050</url> </service> <service> <role>WEBHDFS</role> - <url>http://ranger-hadoop.example.com:9870/webhdfs</url> + <url>http://ranger-hadoop.rangernw:9870/webhdfs</url> </service> <service> <role>WEBHCAT</role> - <url>http://ranger-hive.example.com:50111/templeton</url> + <url>http://ranger-hive.rangernw:50111/templeton</url> </service> <service> @@ -117,7 +117,7 @@ <service> <role>WEBHBASE</role> - <url>http://ranger-hbase.example.com:60080</url> + <url>http://ranger-hbase.rangernw:60080</url> <param> <name>replayBufferSize</name> <value>8</value> @@ -126,7 +126,7 @@ <service> <role>HIVE</role> - <url>http://ranger-hive.example.com:10001/cliservice</url> + <url>http://ranger-hive.rangernw:10001/cliservice</url> <param> <name>replayBufferSize</name> <value>8</value> @@ -135,7 +135,7 @@ <service> <role>RESOURCEMANAGER</role> - <url>http://ranger-hadoop.example.com:8088/ws</url> + <url>http://ranger-hadoop.rangernw:8088/ws</url> </service> <service> diff --git a/dev-support/ranger-docker/scripts/ranger-tagsync-install.properties b/dev-support/ranger-docker/scripts/ranger-tagsync-install.properties index 7a3291c6a..379511e2b 100644 --- a/dev-support/ranger-docker/scripts/ranger-tagsync-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-tagsync-install.properties @@ -28,8 +28,8 @@ TAG_DEST_RANGER_SSL_CONFIG_FILENAME = TAG_SOURCE_ATLAS_ENABLED = false # Endpoint specifications needed by Atlas -TAG_SOURCE_ATLAS_KAFKA_BOOTSTRAP_SERVERS = ranger-kafka.example.com:6667 -TAG_SOURCE_ATLAS_KAFKA_ZOOKEEPER_CONNECT = ranger-zk.example.com:2181 +TAG_SOURCE_ATLAS_KAFKA_BOOTSTRAP_SERVERS = ranger-kafka.rangernw:6667 +TAG_SOURCE_ATLAS_KAFKA_ZOOKEEPER_CONNECT = ranger-zk.rangernw:2181 TAG_SOURCE_ATLAS_KAFKA_ENTITIES_GROUP_ID = ranger_entities_consumer TAG_SOURCE_ATLAS_KAFKA_SERVICE_NAME = kafka @@ -102,12 +102,9 @@ logdir = /var/log/ranger/tagsync TAGSYNC_PID_DIR_PATH=/var/run/ranger #Set to run in kerberos environment -is_secure = false -tagsync_principal= -tagsync_keytab= - - - +is_secure = true +tagsync_principal=rangertagsync/[email protected] +tagsync_keytab=/opt/ranger/tagsync/keytabs/rangertagsync.keytab hadoop_conf=/etc/hadoop/conf # if you want to enable or disable jvm metrics for tagsync process diff --git a/dev-support/ranger-docker/scripts/ranger-tagsync.sh b/dev-support/ranger-docker/scripts/ranger-tagsync.sh index beba6f699..1bc4efa70 100755 --- a/dev-support/ranger-docker/scripts/ranger-tagsync.sh +++ b/dev-support/ranger-docker/scripts/ranger-tagsync.sh @@ -35,6 +35,11 @@ then cd "${RANGER_HOME}"/tagsync || exit if ./setup.sh; then + if [ "${KERBEROS_ENABLED}" == "true" ] + then + cp ${RANGER_SCRIPTS}/core-site-kerberos.xml ${RANGER_HOME}/tagsync/conf/core-site.xml + fi + touch "${RANGER_HOME}"/.setupDone else echo "Ranger TagSync Setup Script didn't complete proper execution." diff --git a/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties index 8446f9383..c8abf9b02 100644 --- a/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties @@ -60,7 +60,7 @@ XAAUDIT.ELASTICSEARCH.PROTOCOL=http # Enable audit logs to HDFS #Example #XAAUDIT.HDFS.ENABLE=true -#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.rangernw:8020/ranger/audit # If using Azure Blob Storage #XAAUDIT.HDFS.HDFS_DIR=wasb[s]://<containername>@<accountname>.blob.core.windows.net/<path> #XAAUDIT.HDFS.HDFS_DIR=wasb://[email protected]/ranger/audit @@ -112,7 +112,7 @@ XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE # # Example: # XAAUDIT.HDFS.IS_ENABLED=true -# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.rangernw:8020/ranger/audit/%app-type%/%time:yyyyMMdd% # XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/trino/audit # XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/trino/audit/archive # diff --git a/dev-support/ranger-docker/scripts/ranger-usersync-install.properties b/dev-support/ranger-docker/scripts/ranger-usersync-install.properties index 9c89fa37d..26ea0baf1 100644 --- a/dev-support/ranger-docker/scripts/ranger-usersync-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-usersync-install.properties @@ -53,8 +53,8 @@ unix_group=ranger rangerUsersync_password=rangerR0cks! #Set to run in kerberos environment -usersync_principal= -usersync_keytab= +usersync_principal=rangerusersync/[email protected] +usersync_keytab=/opt/ranger/usersync/keytabs/rangerusersync.keytab hadoop_conf=/etc/hadoop/conf # # The file where all credential is kept in cryptic format diff --git a/dev-support/ranger-docker/scripts/ranger-usersync.sh b/dev-support/ranger-docker/scripts/ranger-usersync.sh index 85ac0b5d8..a3b7e5630 100755 --- a/dev-support/ranger-docker/scripts/ranger-usersync.sh +++ b/dev-support/ranger-docker/scripts/ranger-usersync.sh @@ -35,6 +35,11 @@ then cd "${RANGER_HOME}"/usersync || exit if ./setup.sh; then + if [ "${KERBEROS_ENABLED}" == "true" ] + then + cp ${RANGER_SCRIPTS}/core-site-kerberos.xml ${RANGER_HOME}/usersync/conf/core-site.xml + fi + touch "${RANGER_HOME}"/.setupDone else echo "Ranger UserSync Setup Script didn't complete proper execution." diff --git a/dev-support/ranger-docker/scripts/ranger.sh b/dev-support/ranger-docker/scripts/ranger.sh index f17914d73..fca8864b7 100755 --- a/dev-support/ranger-docker/scripts/ranger.sh +++ b/dev-support/ranger-docker/scripts/ranger.sh @@ -37,6 +37,11 @@ then cd "${RANGER_HOME}"/admin || exit if ./setup.sh; then + if [ "${KERBEROS_ENABLED}" == "true" ] + then + cp ${RANGER_SCRIPTS}/core-site-kerberos.xml ${RANGER_HOME}/admin/conf/core-site.xml + fi + touch "${RANGER_HOME}"/.setupDone else echo "Ranger Admin Setup Script didn't complete proper execution."
