(ranger-tools) branch main updated: RANGER-5455: Move Kerberos related scripts to base image (#7)

[abhi]

This is an automated email from the ASF dual-hosted git repository.

abhi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/ranger-tools.git


The following commit(s) were added to refs/heads/main by this push:
     new 95f06c4  RANGER-5455: Move Kerberos related scripts to base image (#7)
95f06c4 is described below

commit 95f06c459c77fb7f97fffe11df185b4f18f01adb
Author: Abhishek Kumar <a...@apache.org>
AuthorDate: Fri Jan 23 09:55:17 2026 -0800

    RANGER-5455: Move Kerberos related scripts to base image (#7)
---
 docker/Dockerfile                       | 15 +++++++++---
 docker/krb/wait_for_keytab.sh           | 41 +++++++++++++++++++++++++++++++++
 docker/krb/wait_for_testusers_keytab.sh | 21 +++++++++++++++++
 3 files changed, 74 insertions(+), 3 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index eea0aa7..a68254d 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -48,13 +48,22 @@ ENV RANGER_HOME=/opt/ranger
 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 # create directories and setup perms
-RUN mkdir -p /home/ranger/dist /home/ranger/scripts /opt/ranger && \
-    chmod +rx /home/ranger /home/ranger/dist /home/ranger/scripts
+RUN mkdir -p ${RANGER_DIST} ${RANGER_SCRIPTS} ${RANGER_HOME} && \
+    chmod +rx /home/ranger ${RANGER_DIST} ${RANGER_SCRIPTS}
 
 # setup groups and users
 COPY docker/create_users_and_groups.sh ${RANGER_SCRIPTS}
 RUN chmod +x /home/ranger/scripts/create_users_and_groups.sh && \
-    ./home/ranger/scripts/create_users_and_groups.sh
+    /home/ranger/scripts/create_users_and_groups.sh
+
+# Create opensearch user and group
+RUN groupadd -g 3002 opensearch && \
+    useradd -u 3002 -g opensearch -G hadoop -s /bin/bash opensearch
+
+# copy kerberos utility scripts
+COPY docker/krb/* ${RANGER_SCRIPTS}
+RUN chmod 755 ${RANGER_SCRIPTS}/wait_for_keytab.sh && \
+    chmod 755 ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
 
 # change ownerships
 RUN chown -R ranger:ranger /home/ranger /opt/ranger
diff --git a/docker/krb/wait_for_keytab.sh b/docker/krb/wait_for_keytab.sh
new file mode 100644
index 0000000..77d0f17
--- /dev/null
+++ b/docker/krb/wait_for_keytab.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+RETRY_COUNT="${KEYTAB_RETRY_COUNT:-5}"
+KEYTABS_DIR=/etc/keytabs
+
+KEYTAB=${KEYTABS_DIR}/$1
+
+for i in {1..RETRY_COUNT}; do
+  if [ -f ${KEYTAB} ]
+  then
+    break
+  else
+    echo [INFO] "Waiting for keytab ${KEYTAB}.."
+    sleep 5
+  fi
+done
+
+if [ -f ${KEYTAB} ]
+then
+  echo "[INFO] Found keytab ${KEYTAB}"
+  exit 0
+else
+  echo "[ERROR] Keytab not found: ${KEYTAB}"
+  exit 1
+fi
diff --git a/docker/krb/wait_for_testusers_keytab.sh 
b/docker/krb/wait_for_testusers_keytab.sh
new file mode 100644
index 0000000..7f887af
--- /dev/null
+++ b/docker/krb/wait_for_testusers_keytab.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+${RANGER_SCRIPTS}/wait_for_keytab.sh testuser1.keytab
+${RANGER_SCRIPTS}/wait_for_keytab.sh testuser2.keytab
+${RANGER_SCRIPTS}/wait_for_keytab.sh testuser3.keytab