http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/aedb1fc8/migration-util/bin/import_ranger_to_ambari.py ---------------------------------------------------------------------- diff --git a/migration-util/bin/import_ranger_to_ambari.py b/migration-util/bin/import_ranger_to_ambari.py index 3f2a922..0853662 100644 --- a/migration-util/bin/import_ranger_to_ambari.py +++ b/migration-util/bin/import_ranger_to_ambari.py @@ -8,985 +8,1180 @@ import time from xml.etree import ElementTree as ET import datetime import logging -from subprocess import Popen,PIPE +from subprocess import Popen, PIPE def port_ranger_installation_to_ambari(): - print('Preparing advanged configurations for Ranger') - flag_ranger_admin_present,ranger_admin_properties_from_file = get_ranger_admin_install_properties() - if flag_ranger_admin_present: - print('Ranger Admin service is installed, making configurations as required by Ambari.') - if create_ranger_service_in_ambari(): - print('Ranger service is added sucessfully in Ambari') - if create_ranger_service_components_in_ambari('RANGER_ADMIN'): - print('Ranger service component is added successfully in Ambari') - if register_ranger_admin_host_in_ambari(): - print('Ranger admin host is registered successfully in Ambari') - if add_advanced_ranger_configurations(1,ranger_admin_properties_from_file): - print('Ranger advanced configurations added successfully in Ambari, kindly run Ranger-Usersync to complete Ranger service install') - else: - print('Ranger advanced configurations added failed in Ambari') - else: - print('Ranger admin host registration failed in Ambari') - else: - print('Ranger service component add failed in Ambari') - else: - print('Ranger service add failed in Ambari') - else: - print( 'Ranger Admin and Usersync services are not installed, not importing configurations to Ambari.') + print('Preparing advanged configurations for Ranger') + flag_ranger_admin_present, ranger_admin_properties_from_file = get_ranger_admin_install_properties() + if flag_ranger_admin_present: + print('Ranger Admin service is installed, making configurations as required by Ambari.') + if create_ranger_service_in_ambari(): + print('Ranger service is added sucessfully in Ambari') + if create_ranger_service_components_in_ambari('RANGER_ADMIN'): + print('Ranger service component is added successfully in Ambari') + if register_ranger_admin_host_in_ambari(): + print('Ranger admin host is registered successfully in Ambari') + if add_advanced_ranger_configurations(1, ranger_admin_properties_from_file): + print('Ranger advanced configurations added successfully in Ambari, kindly run Ranger-Usersync to complete Ranger service install') + else: + print('Ranger advanced configurations added failed in Ambari') + else: + print('Ranger admin host registration failed in Ambari') + else: + print('Ranger service component add failed in Ambari') + else: + print('Ranger service add failed in Ambari') + else: + print('Ranger Admin and Usersync services are not installed, not importing configurations to Ambari.') def port_ranger_usersync_installation_to_ambari(): - print ('Preparing configurations for Ranger User-sync') - flag_ranger_usersync_present,ranger_usersync_properties_from_file = get_ranger_usersync_install_properties() - if flag_ranger_usersync_present: - print('Ranger Usersync service is installed, making configurations as required by Ambari.') - if create_ranger_service_components_in_ambari('RANGER_USERSYNC'): - print('Ranger service component is added successfully in Ambari') - if register_ranger_usersync_host_in_ambari(): - print('Ranger usersync host is registered successfully in Ambari') - if add_advanced_ranger_configurations(2, ranger_usersync_properties_from_file): - print('Ranger advanced configurations added successfully in Ambari') - if call_ranger_installed(): - print('Ranger service installed successfully in Ambari.') - else: - print('Ranger service install failed in Ambari') - else: - print('Ranger advanced configurations added failed in Ambari') - else: - print('Ranger usersync host registration failed in Ambari') - else: - print('Ranger service add failed in Ambari') - else: - print( 'Ranger Admin and Usersync services are not installed, not importing configurations to Ambari.') + print ('Preparing configurations for Ranger User-sync') + flag_ranger_usersync_present, ranger_usersync_properties_from_file = get_ranger_usersync_install_properties() + if flag_ranger_usersync_present: + print('Ranger Usersync service is installed, making configurations as required by Ambari.') + if create_ranger_service_components_in_ambari('RANGER_USERSYNC'): + print('Ranger service component is added successfully in Ambari') + if register_ranger_usersync_host_in_ambari(): + print('Ranger usersync host is registered successfully in Ambari') + if add_advanced_ranger_configurations(2, ranger_usersync_properties_from_file): + print('Ranger advanced configurations added successfully in Ambari') + if call_ranger_installed(): + print('Ranger service installed successfully in Ambari.') + else: + print('Ranger service install failed in Ambari') + else: + print('Ranger advanced configurations added failed in Ambari') + else: + print('Ranger usersync host registration failed in Ambari') + else: + print('Ranger service add failed in Ambari') + else: + print('Ranger Admin and Usersync services are not installed, not importing configurations to Ambari.') def create_ranger_service_in_ambari(): - print('Creating ranger service in ambari') - ranger_create_url = ambari_service_url + '/' + ranger_service_name - request_result = call_ambari_api(ranger_create_url,'POST',ambari_username_password,'') - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if (response_code == 201 and response is not None): - print('Ranger service created successfully in Ambari.') - return True - elif(response_code == 409 and response is not None): - print('Ranger service is already created in Ambari.') - return True - else: - print('Ranger service creation failed in Ambari.') - return False + print('Creating ranger service in ambari') + ranger_create_url = ambari_service_url + '/' + ranger_service_name + request_result = call_ambari_api(ranger_create_url, 'POST', ambari_username_password, '') + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 201 and response is not None): + print('Ranger service created successfully in Ambari.') + return True + elif (response_code == 409 and response is not None): + print('Ranger service is already created in Ambari.') + return True + else: + print('Ranger service creation failed in Ambari.') + return False def create_ranger_service_components_in_ambari(ranger_service_component_name): - print('adding Ranger servcie components in Ambari') - ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"'+ ranger_service_component_name +'"}}]}' - print('creating ranger service in ambari') - ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=' + ranger_service_name - request_result = call_ambari_api(ranger_service_component_create_url,'POST',ambari_username_password,ranger_service_components) - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if (response_code == 201 and response is not None): - print('Ranger service component : ' + ranger_service_component_name + ', created successfully in Ambari.') - return True - elif (response_code == 409 and response is not None) : - print('Ranger service component : ' + ranger_service_component_name + ', is already present in Ambari.') - return True - else: - print('Ranger service component creation for : ' + ranger_service_component_name + ', failed in Ambari.') - return False + print('adding Ranger servcie components in Ambari') + ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"' + ranger_service_component_name + '"}}]}' + print('creating ranger service in ambari') + ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=' + ranger_service_name + request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, ranger_service_components) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 201 and response is not None): + print('Ranger service component : ' + ranger_service_component_name + ', created successfully in Ambari.') + return True + elif (response_code == 409 and response is not None): + print('Ranger service component : ' + ranger_service_component_name + ', is already present in Ambari.') + return True + else: + print('Ranger service component creation for : ' + ranger_service_component_name + ', failed in Ambari.') + return False def register_ranger_admin_host_in_ambari(): - print('adding Ranger servcie components in Ambari') - print('creating ranger admin service in ambari') - ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + admin_component_name - request_result = call_ambari_api(ranger_service_component_create_url,'POST',ambari_username_password, '') - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if response_code == 201 and response is not None: - print('Ranger admin host registered successfully in Ambari.') - return True - elif(response_code == 409 and response is not None): - print('Ranger admin host is already registered Ambari.') - return True - else: - print('Ranger admin host registration failed in Ambari.') - return False + print('adding Ranger servcie components in Ambari') + print('creating ranger admin service in ambari') + ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + admin_component_name + request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, '') + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 201 and response is not None: + print('Ranger admin host registered successfully in Ambari.') + return True + elif (response_code == 409 and response is not None): + print('Ranger admin host is already registered Ambari.') + return True + else: + print('Ranger admin host registration failed in Ambari.') + return False def register_ranger_usersync_host_in_ambari(): - print('adding Ranger servcie components in Ambari') - print('creating ranger admin service in ambari') - ranger_host_register_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + usersync_component_name - request_result = call_ambari_api(ranger_host_register_url,'POST',ambari_username_password, '') - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if (response_code == 201 and response is not None): - print('Ranger usersync host registered successfully in Ambari.') - return True - elif(response_code == 409 and response is not None): - print('Ranger usersync host is already registered Ambari.') - return True - else: - print('Ranger usersync host registration failed in Ambari.') - return False + print('adding Ranger servcie components in Ambari') + print('creating ranger admin service in ambari') + ranger_host_register_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + usersync_component_name + request_result = call_ambari_api(ranger_host_register_url, 'POST', ambari_username_password, '') + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 201 and response is not None): + print('Ranger usersync host registered successfully in Ambari.') + return True + elif (response_code == 409 and response is not None): + print('Ranger usersync host is already registered Ambari.') + return True + else: + print('Ranger usersync host registration failed in Ambari.') + return False def add_advanced_ranger_configurations(add_admin_or_usersync, ranger_service_properties_from_file): - print( 'creating advanced configurations to be added to Ambari.') - ranger_config_data = '' - advanced_admin_properties = dict() - advanced_ranger_site_properties = dict() - advanced_ranger_env_properties = dict() - advanced_user_sync_properties = dict() - date_time_stamp = getDateTimeNow() - - if(add_admin_or_usersync == 1): - advanced_admin_properties['DB_FLAVOR'] = ranger_service_properties_from_file['DB_FLAVOR'] - advanced_admin_properties['SQL_COMMAND_INVOKER'] = ranger_service_properties_from_file['SQL_COMMAND_INVOKER'] - advanced_admin_properties['SQL_CONNECTOR_JAR'] = ranger_service_properties_from_file['SQL_CONNECTOR_JAR'] - advanced_admin_properties['db_root_user'] = ranger_service_properties_from_file['db_root_user'] - advanced_admin_properties['db_root_password'] = ranger_service_properties_from_file['db_root_password'] - advanced_admin_properties['db_host'] = ranger_service_properties_from_file['db_host'] - advanced_admin_properties['db_name'] = ranger_service_properties_from_file['db_name'] - advanced_admin_properties['db_user'] = ranger_service_properties_from_file['jdbc.user'] - advanced_admin_properties['db_password'] = ranger_service_properties_from_file['jdbc.password'] - advanced_admin_properties['audit_db_name'] = ranger_service_properties_from_file['audit_db_name'] - advanced_admin_properties['audit_db_user'] = ranger_service_properties_from_file['auditDB.jdbc.user'] - advanced_admin_properties['audit_db_password'] = ranger_service_properties_from_file['auditDB.jdbc.password'] - advanced_admin_properties['policymgr_external_url'] = ranger_service_properties_from_file['xa.webapp.url.root'] - advanced_admin_properties['policymgr_http_enabled'] = ranger_service_properties_from_file['http.enabled'] - advanced_admin_properties['authentication_method'] = ranger_service_properties_from_file['authentication_method'] - advanced_admin_properties['remoteLoginEnabled'] = ranger_service_properties_from_file['remoteLoginEnabled'] - advanced_admin_properties['authServiceHostName'] = ranger_service_properties_from_file['authServiceHostName'] - advanced_admin_properties['authServicePort'] = ranger_service_properties_from_file['authServicePort'] - advanced_admin_properties['xa_ldap_url'] = ranger_service_properties_from_file['xa_ldap_url'] - advanced_admin_properties['xa_ldap_userDNpattern'] = ranger_service_properties_from_file['xa_ldap_userDNpattern'] - advanced_admin_properties['xa_ldap_groupSearchBase'] = ranger_service_properties_from_file['xa_ldap_groupSearchBase'] - advanced_admin_properties['xa_ldap_groupSearchFilter'] = ranger_service_properties_from_file['xa_ldap_groupSearchFilter'] - advanced_admin_properties['xa_ldap_groupRoleAttribute'] = ranger_service_properties_from_file['xa_ldap_groupRoleAttribute'] - advanced_admin_properties['xa_ldap_ad_domain'] = ranger_service_properties_from_file['xa_ldap_ad_domain'] - advanced_admin_properties['xa_ldap_ad_url'] = ranger_service_properties_from_file['xa_ldap_ad_url'] - - advanced_ranger_site_properties['HTTP_SERVICE_PORT'] = ranger_service_properties_from_file['http.service.port'] - advanced_ranger_site_properties['HTTPS_SERVICE_PORT'] = ranger_service_properties_from_file['https.service.port'] - advanced_ranger_site_properties['HTTPS_KEYSTORE_FILE'] = ranger_service_properties_from_file['https.attrib.keystoreFile'] - advanced_ranger_site_properties['HTTPS_KEYSTORE_PASS'] = ranger_service_properties_from_file['https.attrib.keystorePass'] - advanced_ranger_site_properties['HTTPS_KEY_ALIAS'] = ranger_service_properties_from_file['https.attrib.keyAlias'] - advanced_ranger_site_properties['HTTPS_CLIENT_AUTH'] = ranger_service_properties_from_file['https.attrib.clientAuth'] - advanced_ranger_site_properties['HTTP_ENABLED'] = ranger_service_properties_from_file['policymgr_http_enabled'] - - - advanced_ranger_env_properties['ranger_user'] = 'ranger' - advanced_ranger_env_properties['ranger_group'] = 'ranger' - advanced_ranger_env_properties['ranger_admin_log_dir'] = '/var/log/ranger/admin' - advanced_ranger_env_properties['ranger_usersync_log_dir'] = '/var/log/ranger/usersync' - advanced_ranger_env_properties['ranger_admin_username'] = 'amb_ranger_admin' - advanced_ranger_env_properties['ranger_admin_password'] = 'ambari123' - advanced_ranger_env_properties['admin_password'] = 'admin' - - - ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"admin-properties", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str(date_time_stamp) + '","properties":' + json.dumps(advanced_admin_properties) + ', "properties_attributes": {"final": "true"}},{"type":"ranger-site", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str(date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-env", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str(date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_env_properties) + ', "properties_attributes": {"final": "false"}}]}}]' - - - if(add_admin_or_usersync == 2): - advanced_user_sync_properties['SYNC_SOURCE'] = ranger_service_properties_from_file['SYNC_SOURCE'] - advanced_user_sync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = ranger_service_properties_from_file['usergroupSync.unix.minUserId'] - advanced_user_sync_properties['SYNC_INTERVAL'] = ranger_service_properties_from_file['usergroupSync.sleepTimeInMillisBetweenSyncCycle'] - advanced_user_sync_properties['SYNC_LDAP_URL'] = ranger_service_properties_from_file['ldapGroupSync.ldapUrl'] - advanced_user_sync_properties['SYNC_LDAP_BIND_DN'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'] - advanced_user_sync_properties['SYNC_LDAP_BIND_PASSWORD'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'] - advanced_user_sync_properties['CRED_KEYSTORE_FILENAME'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindKeystore'] - advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchBase'] - advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchScope'] - advanced_user_sync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = ranger_service_properties_from_file['ldapGroupSync.userObjectClass'] - advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'] - advanced_user_sync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userNameAttribute'] - advanced_user_sync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userGroupNameAttribute'] - advanced_user_sync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.username.caseConversion'] - advanced_user_sync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.groupname.caseConversion'] - advanced_user_sync_properties['logdir'] = ranger_service_properties_from_file['logdir'] - - ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"usersync-properties", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str(date_time_stamp) + '","properties":' + json.dumps(advanced_user_sync_properties) + ', "properties_attributes": {"final": "false"}}]}}]' - - ranger_config_request_url = ambari_cluster_url - request_result = call_ambari_api(ranger_config_request_url,'PUT',ambari_username_password,str(ranger_config_data)) - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if response_code == 200 and response is not None: - print('Ranger advanced configuration added successfully in Ambari.') - return True - else: - print('Ranger advanced configuration add failed in Ambari.') - return False - + print('creating advanced configurations to be added to Ambari.') + ranger_config_data = '' + advanced_admin_properties = dict() + advanced_ranger_site_properties = dict() + advanced_ranger_env_properties = dict() + advanced_user_sync_properties = dict() + date_time_stamp = getDateTimeNow() + + if (add_admin_or_usersync == 1): + if not ((str(ranger_service_properties_from_file['authentication_method']).strip() == '') or + (str(ranger_service_properties_from_file['db_root_password']).strip() == '') or + (str(ranger_service_properties_from_file['db_root_user']).strip() == '' )) : + advanced_admin_properties['DB_FLAVOR'] = ranger_service_properties_from_file['DB_FLAVOR'] + advanced_admin_properties['SQL_COMMAND_INVOKER'] = ranger_service_properties_from_file['SQL_COMMAND_INVOKER'] + advanced_admin_properties['SQL_CONNECTOR_JAR'] = ranger_service_properties_from_file['SQL_CONNECTOR_JAR'] + advanced_admin_properties['db_root_user'] = ranger_service_properties_from_file['db_root_user'] + advanced_admin_properties['db_root_password'] = ranger_service_properties_from_file['db_root_password'] + advanced_admin_properties['db_host'] = ranger_service_properties_from_file['db_host'] + advanced_admin_properties['db_name'] = ranger_service_properties_from_file['db_name'] + advanced_admin_properties['db_user'] = ranger_service_properties_from_file['jdbc.user'] + advanced_admin_properties['db_password'] = ranger_service_properties_from_file['jdbc.password'] + advanced_admin_properties['audit_db_name'] = ranger_service_properties_from_file['audit_db_name'] + advanced_admin_properties['audit_db_user'] = ranger_service_properties_from_file['auditDB.jdbc.user'] + advanced_admin_properties['audit_db_password'] = ranger_service_properties_from_file['auditDB.jdbc.password'] + advanced_admin_properties['policymgr_external_url'] = ranger_service_properties_from_file['xa.webapp.url.root'] + advanced_admin_properties['policymgr_http_enabled'] = ranger_service_properties_from_file['http.enabled'] + advanced_admin_properties['authentication_method'] = ranger_service_properties_from_file['authentication_method'] + advanced_admin_properties['remoteLoginEnabled'] = ranger_service_properties_from_file['remoteLoginEnabled'] + advanced_admin_properties['authServiceHostName'] = ranger_service_properties_from_file['authServiceHostName'] + advanced_admin_properties['authServicePort'] = ranger_service_properties_from_file['authServicePort'] + advanced_admin_properties['xa_ldap_url'] = ranger_service_properties_from_file['xa_ldap_url'] + advanced_admin_properties['xa_ldap_userDNpattern'] = ranger_service_properties_from_file['xa_ldap_userDNpattern'] + advanced_admin_properties['xa_ldap_groupSearchBase'] = ranger_service_properties_from_file['xa_ldap_groupSearchBase'] + advanced_admin_properties['xa_ldap_groupSearchFilter'] = ranger_service_properties_from_file['xa_ldap_groupSearchFilter'] + advanced_admin_properties['xa_ldap_groupRoleAttribute'] = ranger_service_properties_from_file['xa_ldap_groupRoleAttribute'] + advanced_admin_properties['xa_ldap_ad_domain'] = ranger_service_properties_from_file['xa_ldap_ad_domain'] + advanced_admin_properties['xa_ldap_ad_url'] = ranger_service_properties_from_file['xa_ldap_ad_url'] + + advanced_ranger_site_properties['HTTP_SERVICE_PORT'] = ranger_service_properties_from_file['http.service.port'] + advanced_ranger_site_properties['HTTPS_SERVICE_PORT'] = ranger_service_properties_from_file['https.service.port'] + advanced_ranger_site_properties['HTTPS_KEYSTORE_FILE'] = ranger_service_properties_from_file['https.attrib.keystoreFile'] + advanced_ranger_site_properties['HTTPS_KEYSTORE_PASS'] = ranger_service_properties_from_file['https.attrib.keystorePass'] + advanced_ranger_site_properties['HTTPS_KEY_ALIAS'] = ranger_service_properties_from_file['https.attrib.keyAlias'] + advanced_ranger_site_properties['HTTPS_CLIENT_AUTH'] = ranger_service_properties_from_file['https.attrib.clientAuth'] + advanced_ranger_site_properties['HTTP_ENABLED'] = ranger_service_properties_from_file['policymgr_http_enabled'] + + advanced_ranger_env_properties['ranger_user'] = 'ranger' + advanced_ranger_env_properties['ranger_group'] = 'ranger' + advanced_ranger_env_properties['ranger_admin_log_dir'] = '/var/log/ranger/admin' + advanced_ranger_env_properties['ranger_usersync_log_dir'] = '/var/log/ranger/usersync' + advanced_ranger_env_properties['ranger_admin_username'] = 'amb_ranger_admin' + advanced_ranger_env_properties['ranger_admin_password'] = 'ambari123' + advanced_ranger_env_properties['admin_password'] = 'admin' + + ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"admin-properties", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps( + advanced_admin_properties) + ', "properties_attributes": {"final": "true"}},{"type":"ranger-site", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps( + advanced_ranger_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-env", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_env_properties) + ', "properties_attributes": {"final": "false"}}]}}]' + + + print ('####################### admin_properties configuration :') + for each_key in advanced_admin_properties: + print str(each_key) + ' = ' + str(advanced_admin_properties[each_key]) + + print ('####################### ranger_site_properties configuration :') + for each_key in advanced_ranger_site_properties: + print str(each_key) + ' = ' + str(advanced_ranger_site_properties[each_key]) + + print ('####################### ranger_env_properties configuration :') + for each_key in advanced_ranger_env_properties: + print str(each_key) + ' = ' + str(advanced_ranger_env_properties[each_key]) + + + else: + print('Either authentication_method, db_root_user or db_root_password value is missing from ranger_admin_install.properties file, please set appropriate value and run the script again.') + sys.exit(1) + + elif (add_admin_or_usersync == 2): + advanced_user_sync_properties['SYNC_SOURCE'] = ranger_service_properties_from_file['SYNC_SOURCE'] + advanced_user_sync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = ranger_service_properties_from_file['usergroupSync.unix.minUserId'] + advanced_user_sync_properties['SYNC_INTERVAL'] = ranger_service_properties_from_file['usergroupSync.sleepTimeInMillisBetweenSyncCycle'] + print('SYNC_LDAP_URL = ' + str(ranger_service_properties_from_file['ldapGroupSync.ldapUrl'])) + advanced_user_sync_properties['SYNC_LDAP_URL'] = ranger_service_properties_from_file['ldapGroupSync.ldapUrl'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + print('SYNC_LDAP_URL = ' + str(ranger_service_properties_from_file['ldapGroupSync.ldapUrl'])) + print('SYNC_LDAP_BIND_DN = ' + str(ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'])) + advanced_user_sync_properties['SYNC_LDAP_BIND_DN'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + print('SYNC_LDAP_BIND_DN = ' + str(ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'])) + print('SYNC_LDAP_BIND_PASSWORD = ' + str(ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'])) + advanced_user_sync_properties['SYNC_LDAP_BIND_PASSWORD'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + print('SYNC_LDAP_BIND_PASSWORD = ' + str(ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'])) + advanced_user_sync_properties['CRED_KEYSTORE_FILENAME'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindKeystore'] + print('SYNC_LDAP_USER_SEARCH_BASE = ' + str(ranger_service_properties_from_file['ldapGroupSync.userSearchBase'])) + advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchBase'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + print('SYNC_LDAP_USER_SEARCH_BASE = ' + str(ranger_service_properties_from_file['ldapGroupSync.userSearchBase'])) + advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchScope'] + advanced_user_sync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = ranger_service_properties_from_file['ldapGroupSync.userObjectClass'] + print('SYNC_LDAP_USER_SEARCH_FILTER = ' + str(ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'])) + advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + print('SYNC_LDAP_USER_SEARCH_FILTER = ' + str(ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'])) + advanced_user_sync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userNameAttribute'] + advanced_user_sync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userGroupNameAttribute'] + advanced_user_sync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.username.caseConversion'] + advanced_user_sync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.groupname.caseConversion'] + advanced_user_sync_properties['logdir'] = ranger_service_properties_from_file['logdir'] + + ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"usersync-properties", "service_config_version_note": "Initial configuration for Ranger service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps(advanced_user_sync_properties) + ', "properties_attributes": {"final": "false"}}]}}]' + + for each_key in advanced_user_sync_properties: + print str(each_key) + ' = ' + str(advanced_user_sync_properties[each_key]) + + else: + print ('Invalid option for to add configuration to Ranger.') + sys.exit(1) + + + confirm_configurations = raw_input('Please confirm the above configuration values y/n(n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(ranger_config_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('Ranger advanced configuration added successfully in Ambari.') + return True + else: + print('Ranger advanced configuration add failed in Ambari.') + return False + else: + print('Ranger advanced configuration add failed in Ambari.') + return False + else: + print ('Exiting installation without configuration !') + sys.exit(0) def call_ranger_installed(): - print('Changing state of ranger services from init to installed.') - ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str(cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' - ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT' - request_result = call_ambari_api(ranger_state_change_url,'PUT',ambari_username_password, ranger_state_change_request) - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if (response_code == 200 and response is not None): - print('Ranger state changed to install successfully in Ambari.') - return True - if (response_code == 409 and response is not None): - print('Ranger is already installed in Ambari.') - return True - if response_code == 202 and response is not None: - print('Ranger state changed to install posted in Ambari, checking for updated status waiting for 30 seconds') - parsed_response = json.loads(response) - response_href_url = parsed_response['href'] - response_request_id = parsed_response['Requests']['id'] - response_status = parsed_response['Requests']['status'] - if response_status != 'Installed': - print('Received response but status is not installed, verifying installation to be successful.') - flag_ranger_installed = True - time.sleep(30) - while flag_ranger_installed: - print('checking request status') - ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id) - request_status_result = call_ambari_api(ambari_request_url ,'GET',ambari_username_password,'') - if request_status_result is not None: - response_code = request_status_result.getcode() - response_status = json.loads(json.JSONEncoder().encode(request_status_result.read())) - if (response_code != 200 and 'FAILED' not in response_status): - print('Ranger install failed in ambari.') - flag_ranger_installed = False - if (response_code == 200 and 'PENDING' in response_status): - print('Ranger install is pending in ambari.') - flag_ranger_installed = True - if (response_code == 200 and 'COMPLETED' in response_status): - print('Ranger installed successfully in ambari.') - flag_ranger_installed = False - else: - flag_ranger_installed = True - return not flag_ranger_installed - else: - print('Ranger state changed to install failed in Ambari.') - return False + print('Changing state of ranger services from init to installed.') + ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str( + cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' + ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT' + request_result = call_ambari_api(ranger_state_change_url, 'PUT', ambari_username_password, ranger_state_change_request) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 200 and response is not None): + print('Ranger state changed to install successfully in Ambari.') + return True + if (response_code == 409 and response is not None): + print('Ranger is already installed in Ambari.') + return True + if response_code == 202 and response is not None: + print('Ranger state changed to install posted in Ambari, checking for updated status waiting for 30 seconds') + parsed_response = json.loads(response) + response_href_url = parsed_response['href'] + response_request_id = parsed_response['Requests']['id'] + response_status = parsed_response['Requests']['status'] + if response_status != 'Installed': + print('Received response but status is not installed, verifying installation to be successful.') + flag_ranger_installed = True + time.sleep(30) + while flag_ranger_installed: + print('checking request status') + ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id) + request_status_result = call_ambari_api(ambari_request_url, 'GET', ambari_username_password, '') + if request_status_result is not None: + response_code = request_status_result.getcode() + response_status = json.loads(json.JSONEncoder().encode(request_status_result.read())) + print ('response_code = ' + str(response_code)) + print ('response_status = ' + str(response_status)) + if (response_code == 200 and ('FAILED' in response_status or 'INTERNAL_REQUEST' in response_status)): + print('Ranger install failed in ambari.') + flag_ranger_installed = False + if (response_code == 200 and 'PENDING' in response_status): + print('Ranger install is pending in ambari.') + flag_ranger_installed = True + if (response_code == 200 and 'COMPLETED' in response_status): + print('Ranger installed successfully in ambari.') + flag_ranger_installed = False + else: + flag_ranger_installed = True + return not flag_ranger_installed + else: + print('Ranger state changed to install failed in Ambari.') + return False def get_ranger_usersync_install_properties(): - print('preparing advanced configurations for Ranger User-sync') - flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir) - flag_ranger_usersync_present = False - ranger_usersync_current_dir = os.path.join(hdp_current_dir , 'ranger-usersync') - ranger_usersync_properties_from_file = None - print('checking for ranger-usersync service to be present') - flag_ranger_usersync_present,ranger_usersync__installed_version = check_ranger_usersync_install(ranger_usersync_current_dir) - if flag_ranger_usersync_present: - print('ranger usersync is installed, getting existing properties for ambari import') - ranger_usersync_properties_from_file = import_properties_from_file("ranger_usersync_install.properties") - if ranger_usersync_properties_from_file is not None and len(ranger_usersync_properties_from_file) != 0: - print('got ranger usersync values from install.properties file, need to configure ambari for ranger service.') - ranger_usersync_properties_from_file = get_additional_properties_for_usersync(ranger_usersync_properties_from_file) - return flag_ranger_usersync_present,ranger_usersync_properties_from_file - - + print('preparing advanced configurations for Ranger User-sync') + flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir) + flag_ranger_usersync_present = False + ranger_usersync_current_dir = os.path.join(hdp_current_dir, 'ranger-usersync') + ranger_usersync_properties_from_file = None + print('checking for ranger-usersync service to be present') + flag_ranger_usersync_present, ranger_usersync__installed_version = check_ranger_usersync_install(ranger_usersync_current_dir) + if flag_ranger_usersync_present: + print('ranger usersync is installed, getting existing properties for ambari import') + ranger_usersync_properties_from_file = import_properties_from_file("ranger_usersync_install.properties") + if ranger_usersync_properties_from_file is not None and len(ranger_usersync_properties_from_file) != 0: + print('got ranger usersync values from install.properties file, need to configure ambari for ranger service.') + ranger_usersync_properties_from_file = get_additional_properties_for_usersync(ranger_usersync_properties_from_file) + return flag_ranger_usersync_present, ranger_usersync_properties_from_file def get_ranger_admin_install_properties(): - ranger_admin_current_dir = os.path.join(hdp_current_dir , 'ranger-admin') - flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir) - flag_ranger_admin_present = False - ranger_admin_properties_from_file = None - - - if flag_hadoop_present : - print('Hadoop directory is present, checking ranger admin installation.') - flag_ranger_admin_present , ranger_admin_installed_version = check_ranger_admin_install(ranger_admin_current_dir) + ranger_admin_current_dir = os.path.join(hdp_current_dir, 'ranger-admin') + flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir) + flag_ranger_admin_present = False + ranger_admin_properties_from_file = None - if flag_ranger_admin_present: - print('Ranger Admin is present.getting existing configurations to port to Ambari.') - if os.path.isfile("ranger_admin_install.properties"): - print('ranger_install_properties_path exists, getting existing properties for ambari port') - ranger_admin_properties_from_file = import_properties_from_file("ranger_admin_install.properties") + if flag_hadoop_present: + print('Hadoop directory is present, checking ranger admin installation.') + flag_ranger_admin_present, ranger_admin_installed_version = check_ranger_admin_install(ranger_admin_current_dir) - if ranger_admin_properties_from_file is not None and len(ranger_admin_properties_from_file) != 0: - print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.') - print('getting additional properties required by Ranger services') - ranger_admin_properties_from_file = get_additional_properties_for_admin(ranger_admin_properties_from_file) + if flag_ranger_admin_present: + print('Ranger Admin is present.getting existing configurations to port to Ambari.') + if os.path.isfile("ranger_admin_install.properties"): + print('ranger_install_properties_path exists, getting existing properties for ambari port') + ranger_admin_properties_from_file = import_properties_from_file("ranger_admin_install.properties") + if ranger_admin_properties_from_file is not None and len(ranger_admin_properties_from_file) != 0: + print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.') + print('getting additional properties required by Ranger services') + ranger_admin_properties_from_file = get_additional_properties_for_admin(ranger_admin_properties_from_file) - return flag_ranger_admin_present,ranger_admin_properties_from_file - + return flag_ranger_admin_present, ranger_admin_properties_from_file def check_hadoop_dir_present(hdp_current_dir_path): - flag_hadoop_dir_present = False - if os.path.isdir(hdp_current_dir_path): - print('hadoop is installed.') - flag_hadoop_dir_present = True - return flag_hadoop_dir_present + flag_hadoop_dir_present = False + if os.path.isdir(hdp_current_dir_path): + print('hadoop is installed.') + flag_hadoop_dir_present = True + return flag_hadoop_dir_present + def check_ranger_admin_install(ranger_admin_current_dir): - flag_ranger_dir_present = False - ranger_current_installed_version = '' - print('checking ranger service path folder') - if os.path.isdir(ranger_admin_current_dir): - print('ranger admin is installed.') - if os.path.islink(ranger_admin_current_dir): - flag_ranger_dir_present = True - print('ranger admin link found getting current version from link.') - ranger_home_path = os.path.realpath(ranger_admin_current_dir) - ranger_current_installed_version = ranger_home_path.split('/')[4] - return flag_ranger_dir_present, ranger_current_installed_version + flag_ranger_dir_present = False + ranger_current_installed_version = '' + print('checking ranger service path folder') + if os.path.isdir(ranger_admin_current_dir): + print('ranger admin is installed.') + if os.path.islink(ranger_admin_current_dir): + flag_ranger_dir_present = True + print('ranger admin link found getting current version from link.') + ranger_home_path = os.path.realpath(ranger_admin_current_dir) + ranger_current_installed_version = ranger_home_path.split('/')[4] + return flag_ranger_dir_present, ranger_current_installed_version def check_ranger_usersync_install(ranger_usersync_current_dir): - flag_ranger_dir_present = False - ranger_current_installed_version = '' - print('checking ranger service path folder') - if os.path.isdir(ranger_usersync_current_dir): - print('Ranger User-sync is installed.') - if os.path.islink(ranger_usersync_current_dir): - flag_ranger_dir_present = True - print('ranger admin link found getting current version from link.') - ranger_home_path = os.path.realpath(ranger_usersync_current_dir) - ranger_current_installed_version = ranger_home_path.split('/')[4] - return flag_ranger_dir_present, ranger_current_installed_version + flag_ranger_dir_present = False + ranger_current_installed_version = '' + print('checking ranger service path folder') + if os.path.isdir(ranger_usersync_current_dir): + print('Ranger User-sync is installed.') + if os.path.islink(ranger_usersync_current_dir): + flag_ranger_dir_present = True + print('ranger admin link found getting current version from link.') + ranger_home_path = os.path.realpath(ranger_usersync_current_dir) + ranger_current_installed_version = ranger_home_path.split('/')[4] + return flag_ranger_dir_present, ranger_current_installed_version def get_additional_properties_for_admin(ranger_admin_properties_from_file): - ranger_conf_path = '/etc/ranger/admin/conf' - ranger_webserver_properties_path = os.path.join(ranger_conf_path, 'ranger_webserver.properties') - ranger_ldap_properties_path = os.path.join(ranger_conf_path,'xa_ldap.properties') - ranger_system_properties_path = os.path.join(ranger_conf_path,'xa_system.properties') - ranger_admin_properties_from_file = import_properties_from_file(ranger_webserver_properties_path,ranger_admin_properties_from_file) - ranger_admin_properties_from_file = import_properties_from_file(ranger_ldap_properties_path,ranger_admin_properties_from_file) - ranger_admin_properties_from_file = import_properties_from_file(ranger_system_properties_path,ranger_admin_properties_from_file) - - print('Getting db flavor, library and command invoker') - install_properties_db_flavour = ranger_admin_properties_from_file['DB_FLAVOR'] - print( 'install_properties_db_flavour = ' + install_properties_db_flavour) - xa_system_properties_db_dialect = ranger_admin_properties_from_file['jdbc.dialect'] - print( 'xa_system_properties_db_dialect = ' + xa_system_properties_db_dialect) - xa_system_properties_url = ranger_admin_properties_from_file['jdbc.url'] - print( 'xa_system_properties_url = ' + xa_system_properties_url) - if('mysql'.lower() in xa_system_properties_db_dialect.lower() and 'mysql'.lower() in xa_system_properties_url.lower()): - print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql') - ranger_admin_properties_from_file['DB_FLAVOR'] = 'MYSQL' - ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'mysql' - ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar' - elif('oracle'.lower() in xa_system_properties_db_dialect and 'oracle'.lower() in xa_system_properties_url.lower()): - print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle') - ranger_admin_properties_from_file['DB_FLAVOR'] = 'ORACLE' - ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'sqlplus' - ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar' - else: - print('Found unsupported DB_FLAVOUR, please configure as MYSQL or ORACLE, which are supported for now.exitting for now') - sys.exit(1) - - xa_system_properties_jdbc_url = ranger_admin_properties_from_file['jdbc.url'] - print('Found jdbc url configured as : ' + str(xa_system_properties_jdbc_url) + ' , getting db host from configured jdbc url') - xa_database_host_name = xa_system_properties_jdbc_url.split(':') - xa_database_host = xa_database_host_name[3].split('/')[2] - xa_database_name = xa_database_host_name[3].split('/')[3] - print('Found db host as : ' + str(xa_database_host)) - print('Found db name as : ' + str(xa_database_name)) - ranger_admin_properties_from_file['db_host'] = xa_database_host - ranger_admin_properties_from_file['db_name'] = xa_database_name - - xa_system_properties_audit_jdbc_url = ranger_admin_properties_from_file['auditDB.jdbc.url'] - print('Found audit jdbc url configured as : ' + str(xa_system_properties_audit_jdbc_url) + ' , getting db host from configured jdbc url') - xa_audit_database_host_name = xa_system_properties_audit_jdbc_url.split(':') - - xa_audit_database_host = xa_audit_database_host_name[3].split('/')[2] - xa_audit_database_name = xa_audit_database_host_name[3].split('/')[3] - print('Found xa_audit_database_name as : ' + str(xa_audit_database_name)) - ranger_admin_properties_from_file['audit_db_host'] = xa_audit_database_host - ranger_admin_properties_from_file['audit_db_name'] = xa_audit_database_name - - xa_db_password = '' - xa_audit_db_password = '' - - libpath= os.path.join(hdp_version_dir,'ranger-admin','cred','lib','*') - aliasKey='policydb.jdbc.password' - aliasValue = '' - filepath = os.path.join(hdp_version_dir , 'ranger-admin','ews','webapp','WEB-INF','classes','conf','.jceks' ,'rangeradmin.jceks') - - getorcreateorlist = 'get' - - statuscode,value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) - if statuscode == 0: - xa_db_password = value.strip() - - aliasKey='auditdb.jdbc.password' - statuscode,value = call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreateorlist) - if statuscode == 0: - xa_audit_db_password = value.strip() - - ranger_admin_properties_from_file['jdbc.password'] = xa_db_password - ranger_admin_properties_from_file['auditDB.jdbc.password'] = xa_audit_db_password - return ranger_admin_properties_from_file + ranger_conf_path = '/etc/ranger/admin/conf' + ranger_webserver_properties_path = os.path.join(ranger_conf_path, 'ranger_webserver.properties') + ranger_ldap_properties_path = os.path.join(ranger_conf_path, 'xa_ldap.properties') + ranger_system_properties_path = os.path.join(ranger_conf_path, 'xa_system.properties') + ranger_unixauth_properties_path = os.path.join(ranger_conf_path, 'ranger_jaas', 'unixauth.properties') + ranger_admin_properties_from_file = import_properties_from_file(ranger_webserver_properties_path, ranger_admin_properties_from_file) + ranger_admin_properties_from_file = import_properties_from_file(ranger_ldap_properties_path, ranger_admin_properties_from_file) + ranger_admin_properties_from_file = import_properties_from_file(ranger_system_properties_path, ranger_admin_properties_from_file) + ranger_admin_properties_from_file = import_properties_from_file(ranger_unixauth_properties_path, ranger_admin_properties_from_file) + + print('Getting db flavor, library and command invoker') + install_properties_db_flavour = ranger_admin_properties_from_file['DB_FLAVOR'] + print('install_properties_db_flavour = ' + install_properties_db_flavour) + xa_system_properties_db_dialect = ranger_admin_properties_from_file['jdbc.dialect'] + print('xa_system_properties_db_dialect = ' + xa_system_properties_db_dialect) + xa_system_properties_url = ranger_admin_properties_from_file['jdbc.url'] + print('xa_system_properties_url = ' + xa_system_properties_url) + if ('mysql'.lower() in xa_system_properties_db_dialect.lower() and 'mysql'.lower() in xa_system_properties_url.lower()): + print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql') + ranger_admin_properties_from_file['DB_FLAVOR'] = 'MYSQL' + ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'mysql' + ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar' + elif ('oracle'.lower() in xa_system_properties_db_dialect and 'oracle'.lower() in xa_system_properties_url.lower()): + print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle') + ranger_admin_properties_from_file['DB_FLAVOR'] = 'ORACLE' + ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'sqlplus' + ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar' + else: + print('Found unsupported DB_FLAVOUR, please configure as MYSQL or ORACLE, which are supported for now.exitting for now') + sys.exit(1) + + xa_system_properties_jdbc_url = ranger_admin_properties_from_file['jdbc.url'] + print('Found jdbc url configured as : ' + str(xa_system_properties_jdbc_url) + ' , getting db host from configured jdbc url') + xa_database_host_name = xa_system_properties_jdbc_url.split(':') + xa_database_host = xa_database_host_name[3].split('/')[2] + xa_database_name = xa_database_host_name[3].split('/')[3] + print('Found db host as : ' + str(xa_database_host)) + print('Found db name as : ' + str(xa_database_name)) + ranger_admin_properties_from_file['db_host'] = xa_database_host + ranger_admin_properties_from_file['db_name'] = xa_database_name + + xa_system_properties_audit_jdbc_url = ranger_admin_properties_from_file['auditDB.jdbc.url'] + print('Found audit jdbc url configured as : ' + str(xa_system_properties_audit_jdbc_url) + ' , getting db host from configured jdbc url') + xa_audit_database_host_name = xa_system_properties_audit_jdbc_url.split(':') + + xa_audit_database_host = xa_audit_database_host_name[3].split('/')[2] + xa_audit_database_name = xa_audit_database_host_name[3].split('/')[3] + print('Found xa_audit_database_name as : ' + str(xa_audit_database_name)) + ranger_admin_properties_from_file['audit_db_host'] = xa_audit_database_host + ranger_admin_properties_from_file['audit_db_name'] = xa_audit_database_name + + xa_db_password = '' + xa_audit_db_password = '' + + libpath = os.path.join(hdp_version_dir, 'ranger-admin', 'cred', 'lib', '*') + aliasKey = 'policydb.jdbc.password' + aliasValue = '' + filepath = os.path.join(hdp_version_dir, 'ranger-admin', 'ews', 'webapp', 'WEB-INF', 'classes', 'conf', '.jceks', 'rangeradmin.jceks') + + getorcreateorlist = 'get' + + statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) + if statuscode == 0: + xa_db_password = value.strip() + + aliasKey = 'auditdb.jdbc.password' + statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) + if statuscode == 0: + xa_audit_db_password = value.strip() + + ranger_admin_properties_from_file['jdbc.password'] = xa_db_password + ranger_admin_properties_from_file['auditDB.jdbc.password'] = xa_audit_db_password + return ranger_admin_properties_from_file + def get_additional_properties_for_usersync(ranger_usersync_properties_from_file): - ranger_conf_path = '/etc/ranger/usersync/conf' - unix_auth_properties_path = os.path.join(ranger_conf_path, 'unixauthservice.properties') - ranger_usersync_properties_from_file = import_properties_from_file(unix_auth_properties_path,ranger_usersync_properties_from_file) - return ranger_usersync_properties_from_file - - -def port_hdfs_plugin_to_ambari(): - print('Trying to add ranger hdfs plugin.') - flag_hdfs_plugin_installed,hdfs_plugin_install_properties,hdfs_site_xml_properties = get_hdfs_plugin_configuration() - if flag_hdfs_plugin_installed and hdfs_plugin_install_properties is not None and hdfs_site_xml_properties is not None: - hdfs_site_xml_properties['dfs.permissions.enabled'] = 'true' - print('hdfs plugin is installed and enabled, adding to configurations') - advanced_ranger_hdfs_plugin_properties = dict() - - advanced_ranger_hdfs_plugin_properties['policy_user'] = 'ambari-qa' - advanced_ranger_hdfs_plugin_properties['hadoop.rpc.protection'] = '-' - advanced_ranger_hdfs_plugin_properties['common.name.for.certificate'] = '-' - advanced_ranger_hdfs_plugin_properties['ranger-hdfs-plugin-enabled'] = 'Yes' - advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hadoop' - advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hadoop' - advanced_ranger_hdfs_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.db.is.enabled'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] - advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] - advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] - advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] - advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] - advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] - - date_time_stamp = getDateTimeNow() - plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site","tag":"' + str(date_time_stamp) + '","properties":' + str(json.dumps(hdfs_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-plugin-properties", "tag": "' + str(date_time_stamp) + '", "properties":'+json.dumps(advanced_ranger_hdfs_plugin_properties)+',"properties_attributes": {"final": "false"}}]}}]' - - ranger_config_request_url = ambari_cluster_url - request_result = call_ambari_api(ranger_config_request_url,'PUT',ambari_username_password,str(plugin_configuration_data)) - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if response_code == 200 and response is not None: - print('Ranger hdfs plugin configuration added successfully in Ambari.') - return True - else: - print('Ranger hdfs plugin configuration add failed in Ambari.') - return False + ranger_conf_path = '/etc/ranger/usersync/conf' + unix_auth_properties_path = os.path.join(ranger_conf_path, 'unixauthservice.properties') + ranger_usersync_properties_from_file = import_properties_from_file(unix_auth_properties_path, ranger_usersync_properties_from_file) + if (('unix'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()): + print('sync_source is unix') + ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'unix' + if (('ldap'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()): + print('sync source is ldap') + ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'ldap' + return ranger_usersync_properties_from_file + + +def port_ranger_hdfs_plugin_to_ambari(): + print('Trying to add ranger hdfs plugin.') + flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties = get_hdfs_plugin_configuration() + if flag_hdfs_plugin_installed and hdfs_plugin_install_properties is not None and hdfs_site_xml_properties is not None: + hdfs_site_xml_properties['dfs.permissions.enabled'] = 'true' + print('hdfs plugin is installed and enabled, adding to configurations') + advanced_ranger_hdfs_plugin_properties = dict() + + advanced_ranger_hdfs_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_hdfs_plugin_properties['hadoop.rpc.protection'] = '-' + advanced_ranger_hdfs_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_hdfs_plugin_properties['ranger-hdfs-plugin-enabled'] = 'Yes' + advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hadoop' + advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hadoop' + advanced_ranger_hdfs_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] + advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site","tag":"' + str(date_time_stamp) + '","properties":' + str( + json.dumps(hdfs_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-plugin-properties", "tag": "' + str( + date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + print ('####################### hdfs_site_xml configuration :') + for each_key in hdfs_site_xml_properties: + print str(each_key) + ' = ' + str(hdfs_site_xml_properties[each_key]) + + print ('####################### ranger_hdfs_plugin_properties configuration :') + for each_key in advanced_ranger_hdfs_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_hdfs_plugin_properties[each_key]) + + confirm_configurations = raw_input('Please confirm the above configuration values y/n(n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('Ranger hdfs plugin configuration added successfully in Ambari.') + return True + else: + print('Ranger hdfs plugin configuration add failed in Ambari.') + return False + else: + print('Ranger hdfs plugin configuration add failed in Ambari.') + return False + else: + print ('Exiting installation without configuration !') + sys.exit(0) + else: + print('Ranger hdfs plugin configuration add failed in Ambari.') + return False + + def port_ranger_hive_plugin_to_ambari(): - print('Trying to add ranger hive plugin.') - flag_hive_plugin_installed,hive_plugin_install_properties,hive_server2_xml_properties = get_hive_plugin_configuration() - if flag_hive_plugin_installed and hive_plugin_install_properties is not None and hive_server2_xml_properties is not None: - hive_server2_xml_properties['hive.security.authorization.enabled'] = 'true' - hive_server2_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory' - hive_server2_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator' - hive_server2_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager' - print('hive plugin is installed and enabled, adding to configurations') - advanced_ranger_hive_plugin_properties = dict() - - advanced_ranger_hive_plugin_properties['policy_user'] = 'ambari-qa' - advanced_ranger_hive_plugin_properties['jdbc.driverClassName'] = 'org.apache.hive.jdbc.HiveDriver' - advanced_ranger_hive_plugin_properties['common.name.for.certificate'] = '-' - advanced_ranger_hive_plugin_properties['ranger-hive-plugin-enabled'] = 'Yes' - advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hive' - advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hive' - advanced_ranger_hive_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.db.is.enabled'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] - advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] - advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] - advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] - advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] - advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] - advanced_ranger_hive_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hive_plugin_install_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] - - - date_time_stamp = getDateTimeNow() - plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hiveserver2-site","tag":"' + str(date_time_stamp) + '","properties":' + str(json.dumps(hive_server2_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hive-plugin-properties","tag":"' + str(date_time_stamp) + '", "properties":'+json.dumps(advanced_ranger_hive_plugin_properties)+',"properties_attributes": {"final": "false"}}]}}]' - - ranger_config_request_url = ambari_cluster_url - request_result = call_ambari_api(ranger_config_request_url,'PUT',ambari_username_password,str(plugin_configuration_data)) - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if response_code == 200 and response is not None: - print('Ranger hive plugin configuration added successfully in Ambari.') - return True - else: - print('Ranger hive plugin configuration add failed in Ambari.') - return False + print('Trying to add ranger hive plugin.') + flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties = get_hive_plugin_configuration() + if flag_hive_plugin_installed and hive_plugin_install_properties is not None and hive_server2_xml_properties is not None: + hive_server2_xml_properties['hive.security.authorization.enabled'] = 'true' + hive_server2_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory' + hive_server2_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator' + hive_server2_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager' + print('hive plugin is installed and enabled, adding to configurations') + advanced_ranger_hive_plugin_properties = dict() + + advanced_ranger_hive_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_hive_plugin_properties['jdbc.driverClassName'] = 'org.apache.hive.jdbc.HiveDriver' + advanced_ranger_hive_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_hive_plugin_properties['ranger-hive-plugin-enabled'] = 'Yes' + advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hive' + advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hive' + advanced_ranger_hive_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hive_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] + advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] + advanced_ranger_hive_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hive_plugin_install_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hiveserver2-site","tag":"' + str(date_time_stamp) + '","properties":' + str( + json.dumps(hive_server2_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hive-plugin-properties","tag":"' + str( + date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hive_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + + print ('####################### hive_server2_xml configuration :') + for each_key in hive_server2_xml_properties: + print str(each_key) + ' = ' + str(hive_server2_xml_properties[each_key]) + + print ('####################### ranger_hive_plugin_properties configuration :') + for each_key in advanced_ranger_hive_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_hive_plugin_properties[each_key]) + + confirm_configurations = raw_input('Please confirm the above configuration values y/n(n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('Ranger hive plugin configuration added successfully in Ambari.') + return True + else: + print('Ranger hive plugin configuration add failed in Ambari.') + return False + else: + print('Ranger hive plugin configuration add failed in Ambari.') + return False + else: + print ('Exiting installation without configuration !') + sys.exit(0) + else: + print('Ranger hive plugin configuration add failed in Ambari.') + return False def port_ranger_hbase_plugin_to_ambari(): - print('Trying to add Ranger Hbase plugin.') - flag_hbase_plugin_installed,hbase_plugin_install_properties,hbase_site_xml_properties = get_hbase_plugin_configuration() - if flag_hbase_plugin_installed and hbase_plugin_install_properties is not None and hbase_site_xml_properties is not None: - hbase_site_xml_properties['hive.security.authorization.enabled'] = 'true' - hbase_site_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory' - hbase_site_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator' - hbase_site_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager' - print('Hbase plugin is installed and enabled, adding to configurations') - advanced_ranger_hbase_plugin_properties = dict() - - advanced_ranger_hbase_plugin_properties['policy_user'] = 'ambari-qa' - advanced_ranger_hbase_plugin_properties['ranger-hbase-plugin-enabled'] = 'Yes' - advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hbase' - advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hbase' - advanced_ranger_hbase_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.db.is.enabled'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] - advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] - advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] - advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] - advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] - advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] - advanced_ranger_hbase_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hbase_plugin_install_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] - - date_time_stamp = getDateTimeNow() - plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hbase-site","tag":"' + str(date_time_stamp) + '","properties":' + str(json.dumps(hbase_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hbase-plugin-properties","tag":"' + str(date_time_stamp) + '", "properties":'+json.dumps(advanced_ranger_hbase_plugin_properties)+',"properties_attributes": {"final": "false"}}]}}]' - - ranger_config_request_url = ambari_cluster_url - request_result = call_ambari_api(ranger_config_request_url,'PUT',ambari_username_password,str(plugin_configuration_data)) - if request_result is not None: - response_code = request_result.getcode() - response = json.loads(json.JSONEncoder().encode(request_result.read())) - if response_code == 200 and response is not None: - print('Ranger Hbase plugin configuration added successfully in Ambari.') - return True - else: - print('Ranger Hbase plugin configuration add failed in Ambari.') - return False + print('Trying to add Ranger Hbase plugin.') + flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties = get_hbase_plugin_configuration() + if flag_hbase_plugin_installed and hbase_plugin_install_properties is not None and hbase_site_xml_properties is not None: + hbase_site_xml_properties['hive.security.authorization.enabled'] = 'true' + hbase_site_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory' + hbase_site_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator' + hbase_site_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager' + print('Hbase plugin is installed and enabled, adding to configurations') + advanced_ranger_hbase_plugin_properties = dict() + + advanced_ranger_hbase_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_hbase_plugin_properties['ranger-hbase-plugin-enabled'] = 'Yes' + advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hbase' + advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hbase' + advanced_ranger_hbase_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hbase_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_hbase_p
<TRUNCATED>
