This is an automated email from the ASF dual-hosted git repository.
abhi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0f980ba6e RANGER-5396: Use Volume Mounts for all ranger-service
configs (#728)
0f980ba6e is described below
commit 0f980ba6e64fd52fa672116e010e92a97020fdcf
Author: Abhishek Kumar <[email protected]>
AuthorDate: Fri Nov 14 12:38:19 2025 -0800
RANGER-5396: Use Volume Mounts for all ranger-service configs (#728)
- Update hadoop_conf prop in install.properties to /home/ranger/scripts
- Add try except in usersync setup script to avoid installation failures on
CI runner.
---
dev-support/ranger-docker/Dockerfile.ranger | 25 +++++++---------------
dev-support/ranger-docker/Dockerfile.ranger-kms | 11 ++--------
.../ranger-docker/Dockerfile.ranger-tagsync | 11 ++--------
.../ranger-docker/Dockerfile.ranger-usersync | 16 +++-----------
.../ranger-docker/docker-compose.ranger-kms.yml | 4 ++++
.../docker-compose.ranger-tagsync.yml | 5 +++++
.../docker-compose.ranger-usersync.yml | 5 +++++
.../ranger-docker/docker-compose.ranger.yml | 4 ++++
.../usersync/ranger-usersync-install.properties | 2 +-
unixauthservice/scripts/setup.py | 20 ++++++++++-------
10 files changed, 46 insertions(+), 57 deletions(-)
diff --git a/dev-support/ranger-docker/Dockerfile.ranger
b/dev-support/ranger-docker/Dockerfile.ranger
index ed6770832..a030464aa 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger
+++ b/dev-support/ranger-docker/Dockerfile.ranger
@@ -23,30 +23,21 @@ ARG RANGER_VERSION
ARG RANGER_DB_TYPE
ARG TARGETARCH
-VOLUME /etc/keytabs
-
-COPY ./dist/version /home/ranger/dist/
-COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz /home/ranger/dist/
-
-COPY ./scripts/admin/ranger.sh
${RANGER_SCRIPTS}/
-COPY ./scripts/admin/ranger-admin-install-${RANGER_DB_TYPE}.properties
${RANGER_SCRIPTS}/ranger-admin-install.properties
-COPY ./scripts/admin/create-ranger-services.py
${RANGER_SCRIPTS}/
-COPY ./scripts/hadoop/core-site.xml
${RANGER_SCRIPTS}/
-COPY ./scripts/wait_for_keytab.sh
${RANGER_SCRIPTS}/
-COPY ./scripts/kdc/krb5.conf
/etc/krb5.conf
+COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz /home/ranger/dist/
+COPY ./scripts/admin/ranger.sh ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/create-ranger-services.py ${RANGER_SCRIPTS}/
+COPY ./scripts/wait_for_keytab.sh ${RANGER_SCRIPTS}/
RUN tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz
--directory=${RANGER_HOME} \
&& ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin
${RANGER_HOME}/admin \
&& rm -f /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz \
- && cp -f ${RANGER_SCRIPTS}/ranger-admin-install.properties
${RANGER_HOME}/admin/install.properties \
- && mkdir -p /var/run/ranger \
- && mkdir -p /var/log/ranger \
+ && rm -f /opt/ranger/admin/install.properties \
+ && mkdir -p /var/run/ranger /var/log/ranger /usr/share/java/ \
&& chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/
/var/run/ranger/ /var/log/ranger/ \
- && chmod 755 ${RANGER_SCRIPTS}/ranger.sh
${RANGER_SCRIPTS}/wait_for_keytab.sh \
- && mkdir -p /usr/share/java/
+ && chmod 755 ${RANGER_SCRIPTS}/ranger.sh
${RANGER_SCRIPTS}/wait_for_keytab.sh
FROM ranger AS ranger_postgres
-COPY ./downloads/postgresql-42.2.16.jre7.jar /home/ranger/dist/
+COPY ./downloads/postgresql-42.2.16.jre7.jar /home/ranger/dist/
RUN mv /home/ranger/dist/postgresql-42.2.16.jre7.jar
/usr/share/java/postgresql.jar
FROM ranger AS ranger_mysql
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-kms
b/dev-support/ranger-docker/Dockerfile.ranger-kms
index 0dd1f2114..1dbddd5e8 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-kms
+++ b/dev-support/ranger-docker/Dockerfile.ranger-kms
@@ -22,22 +22,15 @@ FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION} AS
ranger-kms
ARG KMS_VERSION
ARG RANGER_DB_TYPE
-VOLUME /etc/keytabs
-
-COPY ./dist/version
/home/ranger/dist/
-COPY ./dist/ranger-${KMS_VERSION}-kms.tar.gz
/home/ranger/dist/
-
+COPY ./dist/ranger-${KMS_VERSION}-kms.tar.gz
/home/ranger/dist/
COPY ./scripts/kms/ranger-kms.sh
${RANGER_SCRIPTS}/
-COPY ./scripts/kms/ranger-kms-install-${RANGER_DB_TYPE}.properties
${RANGER_SCRIPTS}/ranger-kms-install.properties
-COPY ./scripts/hadoop/core-site.xml
${RANGER_SCRIPTS}/
COPY ./scripts/wait_for_keytab.sh
${RANGER_SCRIPTS}/
-COPY ./scripts/kdc/krb5.conf
/etc/krb5.conf
RUN tar xvfz /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz
--directory=${RANGER_HOME} && \
ln -s ${RANGER_HOME}/ranger-${KMS_VERSION}-kms ${RANGER_HOME}/kms && \
rm -f /home/ranger/dist/ranger-${KMS_VERSION}-kms.tar.gz && \
+ rm -f ${RANGER_HOME}/kms/install.properties && \
mkdir -p /var/run/ranger_kms /var/log/ranger/kms /etc/ranger
/usr/share/java/ && \
- cp -f ${RANGER_SCRIPTS}/ranger-kms-install.properties
${RANGER_HOME}/kms/install.properties && \
touch /etc/init.d/ranger-kms && \
ln -s /etc/init.d/ranger-kms /etc/rc2.d/S88ranger-kms && \
ln -s /etc/init.d/ranger-kms /etc/rc2.d/K90ranger-kms && \
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-tagsync
b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
index 9f95a8fce..bd81e938e 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-tagsync
+++ b/dev-support/ranger-docker/Dockerfile.ranger-tagsync
@@ -20,21 +20,14 @@ FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION}
ARG TAGSYNC_VERSION
-VOLUME /etc/keytabs
-
-COPY ./dist/version /home/ranger/dist/
-COPY ./dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz /home/ranger/dist/
-
+COPY ./dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz /home/ranger/dist/
COPY ./scripts/tagsync/ranger-tagsync.sh ${RANGER_SCRIPTS}/
-COPY ./scripts/tagsync/ranger-tagsync-install.properties ${RANGER_SCRIPTS}/
-COPY ./scripts/tagsync/ranger-tagsync-tags.json ${RANGER_SCRIPTS}/
-COPY ./scripts/hadoop/core-site.xml ${RANGER_SCRIPTS}/
COPY ./scripts/wait_for_keytab.sh ${RANGER_SCRIPTS}/
-COPY ./scripts/kdc/krb5.conf /etc/krb5.conf
RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz
--directory=${RANGER_HOME} && \
ln -s ${RANGER_HOME}/ranger-${TAGSYNC_VERSION}-tagsync
${RANGER_HOME}/tagsync && \
rm -f /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz && \
+ rm -f ${RANGER_HOME}/tagsync/install.properties && \
mkdir -p /opt/ranger/tagsync/data /var/run/ranger /var/log/ranger/tagsync
/etc/ranger && \
cp -f ${RANGER_SCRIPTS}/ranger-tagsync-install.properties
${RANGER_HOME}/tagsync/install.properties && \
cp -f ${RANGER_SCRIPTS}/ranger-tagsync-tags.json
${RANGER_HOME}/tagsync/data/tags.json && \
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-usersync
b/dev-support/ranger-docker/Dockerfile.ranger-usersync
index c8854ba1a..12d5f7369 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-usersync
+++ b/dev-support/ranger-docker/Dockerfile.ranger-usersync
@@ -20,25 +20,15 @@ FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION}
ARG USERSYNC_VERSION
-VOLUME /etc/keytabs
-
-COPY ./dist/version /home/ranger/dist/
-COPY ./dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz /home/ranger/dist/
-
+COPY ./dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz /home/ranger/dist/
COPY ./scripts/usersync/ranger-usersync.sh ${RANGER_SCRIPTS}/
-COPY ./scripts/usersync/ranger-usersync-install.properties ${RANGER_SCRIPTS}/
-COPY ./scripts/usersync/ugsync-file-source.csv ${RANGER_SCRIPTS}/
-COPY ./scripts/hadoop/core-site.xml ${RANGER_SCRIPTS}/
COPY ./scripts/wait_for_keytab.sh ${RANGER_SCRIPTS}/
-COPY ./scripts/kdc/krb5.conf /etc/krb5.conf
RUN tar xvfz /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz
--directory=${RANGER_HOME} && \
ln -s ${RANGER_HOME}/ranger-${USERSYNC_VERSION}-usersync
${RANGER_HOME}/usersync && \
rm -f /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz && \
- cp -f ${RANGER_SCRIPTS}/ranger-usersync-install.properties
${RANGER_HOME}/usersync/install.properties && \
- mkdir -p /var/run/ranger /var/log/ranger/usersync && \
- mkdir -p /etc/ranger && \
- mkdir -p /etc/init.d /etc/rc2.d /etc/rc3.d && \
+ rm -f ${RANGER_HOME}/usersync/install.properties && \
+ mkdir -p /var/run/ranger /var/log/ranger/usersync /etc/ranger /etc/init.d
/etc/rc2.d /etc/rc3.d && \
touch /etc/init.d/ranger-usersync && \
ln -s /etc/init.d/ranger-usersync /etc/rc2.d/S99ranger-usersync && \
ln -s /etc/init.d/ranger-usersync /etc/rc2.d/K00ranger-usersync && \
diff --git a/dev-support/ranger-docker/docker-compose.ranger-kms.yml
b/dev-support/ranger-docker/docker-compose.ranger-kms.yml
index 5dd6679fd..e12fb0046 100644
--- a/dev-support/ranger-docker/docker-compose.ranger-kms.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger-kms.yml
@@ -14,6 +14,10 @@ services:
hostname: ranger-kms.rangernw
volumes:
- ./dist/keytabs/ranger-kms:/etc/keytabs
+ - ./scripts/kdc/krb5.conf:/etc/krb5.conf
+ - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
+ - ./dist/version:/home/ranger/dist/version:ro
+ -
./scripts/kms/ranger-kms-install-${RANGER_DB_TYPE}.properties:/opt/ranger/kms/install.properties
stdin_open: true
tty: true
networks:
diff --git a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
index 6c1e11a45..0b9bb7011 100644
--- a/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger-tagsync.yml
@@ -13,6 +13,11 @@ services:
hostname: ranger-tagsync.rangernw
volumes:
- ./dist/keytabs/ranger-tagsync:/etc/keytabs
+ - ./scripts/kdc/krb5.conf:/etc/krb5.conf
+ - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
+ - ./dist/version:/home/ranger/dist/version:ro
+ -
./scripts/tagsync/ranger-tagsync-tags.json:/home/ranger/scripts/ranger-tagsync-tags.json
+ -
./scripts/tagsync/ranger-tagsync-install.properties:/opt/ranger/tagsync/install.properties
stdin_open: true
tty: true
networks:
diff --git a/dev-support/ranger-docker/docker-compose.ranger-usersync.yml
b/dev-support/ranger-docker/docker-compose.ranger-usersync.yml
index 10e3f029e..d3b7bce47 100644
--- a/dev-support/ranger-docker/docker-compose.ranger-usersync.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger-usersync.yml
@@ -13,6 +13,11 @@ services:
hostname: ranger-usersync.rangernw
volumes:
- ./dist/keytabs/ranger-usersync:/etc/keytabs
+ - ./scripts/kdc/krb5.conf:/etc/krb5.conf
+ - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml
+ - ./dist/version:/home/ranger/dist/version:ro
+ -
./scripts/usersync/ugsync-file-source.csv:/home/ranger/scripts/ugsync-file-source.csv
+ -
./scripts/usersync/ranger-usersync-install.properties:/opt/ranger/usersync/install.properties
stdin_open: true
tty: true
networks:
diff --git a/dev-support/ranger-docker/docker-compose.ranger.yml
b/dev-support/ranger-docker/docker-compose.ranger.yml
index 90f65a6f1..6f9fd1390 100644
--- a/dev-support/ranger-docker/docker-compose.ranger.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger.yml
@@ -14,6 +14,10 @@ services:
hostname: ranger.rangernw
volumes:
- ./dist/keytabs/ranger:/etc/keytabs
+ - ./dist/version:/home/ranger/dist/version:ro
+ - ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
+ - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
+ -
./scripts/admin/ranger-admin-install-${RANGER_DB_TYPE}.properties:/opt/ranger/admin/install.properties
stdin_open: true
tty: true
networks:
diff --git
a/dev-support/ranger-docker/scripts/usersync/ranger-usersync-install.properties
b/dev-support/ranger-docker/scripts/usersync/ranger-usersync-install.properties
old mode 100644
new mode 100755
index 0ec2eb121..ae6c750a4
---
a/dev-support/ranger-docker/scripts/usersync/ranger-usersync-install.properties
+++
b/dev-support/ranger-docker/scripts/usersync/ranger-usersync-install.properties
@@ -55,7 +55,7 @@ rangerUsersync_password=rangerR0cks!
#Set to run in kerberos environment
usersync_principal=rangerusersync/[email protected]
usersync_keytab=/etc/keytabs/rangerusersync.keytab
-hadoop_conf=/etc/hadoop/conf
+hadoop_conf=/home/ranger/scripts
#
# The file where all credential is kept in cryptic format
#
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index d6ce8b037..e219b5e21 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -550,18 +550,22 @@ def main():
fixPermList = [".", usersyncBaseDirFullName, confFolderName,
certFolderName]
+ def _safe_chown_chmod(path, uid, gid, mode):
+ try:
+ os.chown(path, uid, gid)
+ os.chmod(path, mode)
+ except PermissionError as e:
+ print(f"Skipping {path}: Permission denied ({e})")
+ except OSError as e:
+ print(f"Skipping {path}: OS error ({e})")
+
for dir in fixPermList:
for root, dirs, files in os.walk(dir):
- os.chown(root, ownerId, groupId)
- os.chmod(root, 0o755)
+ _safe_chown_chmod(root, ownerId, groupId, 0o755)
for obj in dirs:
- dn = join(root, obj)
- os.chown(dn, ownerId, groupId)
- os.chmod(dn, 0o755)
+ _safe_chown_chmod(join(root, obj), ownerId, groupId, 0o755)
for obj in files:
- fn = join(root, obj)
- os.chown(fn, ownerId, groupId)
- os.chmod(fn, 0o750)
+ _safe_chown_chmod(join(root, obj), ownerId, groupId, 0o750)
if isfile(nativeAuthProgramName):
try:
