Repository: incubator-ranger Updated Branches: refs/heads/master aae97d767 -> b3b773216
RANGER-177 : Run Ranger usersync as non-root user Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b3b77321 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b3b77321 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b3b77321 Branch: refs/heads/master Commit: b3b773216ca7d0ccfec7b31ae2ca0b4de2f4d086 Parents: aae97d7 Author: Gautam Borad <[email protected]> Authored: Thu Apr 2 17:26:11 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Tue Apr 7 21:53:40 2015 -0400 ---------------------------------------------------------------------- unixauthservice/scripts/initd | 47 +++++++++++--- .../scripts/ranger-usersync-services.sh | 66 ++++++++++---------- unixauthservice/scripts/setup.sh | 10 ++- 3 files changed, 83 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3b77321/unixauthservice/scripts/initd ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/initd b/unixauthservice/scripts/initd index 0ff6da4..a1062af 100644 --- a/unixauthservice/scripts/initd +++ b/unixauthservice/scripts/initd @@ -23,23 +23,56 @@ # Short-Description: Start/Stop Ranger Usersync ### END INIT INFO +LINUX_USER=ranger BIN_PATH=/usr/bin MOD_NAME=ranger-usersync +pidf=/var/run/ranger/usersync.pid +pid="" +if [ -f ${pidf} ] +then + pid=`cat $pidf` +fi case $1 in start) - ${BIN_PATH}/${MOD_NAME} start + if [ "${pid}" != "" ] + then + echo "Ranger Usersync Service is already running" + exit 1 + else + echo "Starting Ranger Usersync." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" + fi ;; stop) - ${BIN_PATH}/${MOD_NAME} stop + if [ "${pid}" != "" ] + then + echo "Stopping Ranger Usersync." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" + else + echo "Ranger Usersync Service is NOT running" + exit 1 + fi ;; restart) - echo "Stopping Apache Ranger Usersync." - ${BIN_PATH}/${MOD_NAME} stop - echo "Starting Apache Ranger Usersync." - ${BIN_PATH}/${MOD_NAME} start + if [ "${pid}" != "" ] + then + echo "Stopping Ranger Usersync." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" + sleep 10 + fi + echo "Starting Ranger Usersync." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" ;; + status) + if [ "${pid}" != "" ] + then + echo "Ranger Usersync Service is running [pid={$pid}]" + else + echo "Ranger Usersync Service is NOT running." + fi + ;; *) - echo "Invalid argument [$1]; Only start | stop | restart, are supported." + echo "Invalid argument [$1]; Only start | stop | restart | status, are supported." exit 1 esac http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3b77321/unixauthservice/scripts/ranger-usersync-services.sh ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/ranger-usersync-services.sh b/unixauthservice/scripts/ranger-usersync-services.sh index 27978d3..65f2e39 100644 --- a/unixauthservice/scripts/ranger-usersync-services.sh +++ b/unixauthservice/scripts/ranger-usersync-services.sh @@ -27,7 +27,7 @@ realScriptDir=`dirname $realScriptPath` cd $realScriptDir cdir=`pwd` -pidf=${cdir}/.mypid +pidf=/var/run/ranger/usersync.pid if [ ${action^^} == "START" ]; then @@ -44,58 +44,60 @@ if [ ${action^^} == "START" ]; then if [ "$JAVA_HOME" != "" ]; then export PATH=$JAVA_HOME/bin:$PATH fi - + logdir=`grep -P '^[ \t]*logdir[ \t]*=' ${cdir}/install.properties | awk -F= '{ print $2 }' | tr '\t' ' ' | sed -e 's:[ ]::g'` if [ ! -d ${logdir} ] then - logdir=/var/log/ranger-usersync + logdir=/var/log/ranger/usersync + [ ! -d ${logdir} ] && mkdir -p ${logdir} + chown ranger:ranger ${logdir} fi cp="${cdir}/dist/*:${cdir}/lib/*:${cdir}/conf" - [ ! -d ${logdir} ] && mkdir -p ${logdir} - ${cdir}/ranger-usersync-services.sh stop + + if [ -f $pidf ]; then + PID=`cat $pidf` + if [ -z "`ps axf | grep ${PID} | grep -v grep`" ]; then + rm -f ${pidf} + else + kill -9 ${PID} > /dev/null 2>&1 + rm -f ${pidf} + echo "Ranger Usersync Service [pid = ${PID}] has been stopped." + fi + fi + cd ${cdir} umask 0077 nohup java -Dproc_rangerusersync ${JAVA_OPTS} -Dlogdir="${logdir}" -cp "${cp}" org.apache.ranger.authentication.UnixAuthenticationService -enableUnixAuth > ${logdir}/auth.log 2>&1 & echo $! > ${pidf} + chown ranger ${pidf} sleep 5 - port=`grep '^[ ]*authServicePort' ${cdir}/conf/unixauthservice.properties | awk -F= '{ print $2 }' | awk '{ print $1 }'` - pid=`netstat -antp | grep LISTEN | grep ${port} | awk '{ print $NF }' | awk -F/ '{ if ($2 == "java") { print $1 } }'` + pid=`cat $pidf` + if [ "${pid}" != "" ] then - echo "UnixAuthenticationService has started successfully." + echo "Ranger Usersync Service has started successfully." else - echo "UnixAuthenticationService failed to start. Please refer to log files under ${logdir} for further details." + echo "Ranger Usersync Service failed to start. Please refer to log files under ${logdir} for further details." fi exit; elif [ ${action^^} == "STOP" ]; then port=`grep '^[ ]*authServicePort' ${cdir}/conf/unixauthservice.properties | awk -F= '{ print $2 }' | awk '{ print $1 }'` - pid=`netstat -antp | grep LISTEN | grep ${port} | awk '{ print $NF }' | awk -F/ '{ if ($2 == "java") { print $1 } }'` - if [ "${pid}" != "" ] - then - kill -9 ${pid} - echo "AuthenticationService [pid = ${pid}] has been stopped." - fi - if [ -f ${pidf} ] - then - npid=`cat ${pidf}` - if [ "${npid}" != "" ] - then - if [ "${pid}" != "${npid}" ] - then - if [ -a /proc/${npid} ] - then - echo "AuthenticationService [pid = ${npid}] has been stopped." - kill -9 ${npid} > /dev/null 2>&1 - echo > ${pidf} - fi - fi - fi - fi + + if [ -f $pidf ]; then + pidf=/var/run/ranger/usersync.pid + PID=`cat $pidf` > /dev/null 2>&1 + kill -9 $PID > /dev/null 2>&1 + rm -f $pidf + echo "Ranger Usersync Service [pid = ${PID}] has been stopped." + else + echo "Ranger Usersync Service not running" + fi + exit; elif [ ${action^^} == "RESTART" ]; then - echo "Stopping Apache Ranger Usersync" + echo "Stopping Ranger Usersync" ${cdir}/ranger-usersync-services.sh stop echo "Starting Apache Ranger Usersync" ${cdir}/ranger-usersync-services.sh start http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b3b77321/unixauthservice/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/setup.sh b/unixauthservice/scripts/setup.sh index 473d8a6..35bdd75 100755 --- a/unixauthservice/scripts/setup.sh +++ b/unixauthservice/scripts/setup.sh @@ -23,7 +23,7 @@ unix_user=ranger unix_group=ranger INSTALL_DIR=${INSTALL_BASE} - +pidf=/var/run/ranger curDt=`date '+%Y%m%d%H%M%S'` LOGFILE=setup.log.$curDt @@ -33,6 +33,9 @@ log() { echo "${prefix} $@" } +mkdir -p ${pidf} +chown -R ${unix_user} ${pidf} + # Ensure that the user is root MY_ID=`id -u` if [ "${MY_ID}" -ne 0 ] @@ -241,6 +244,11 @@ then fi # END Grep configuration properties from install.properties +# changing ownership for ranger-usersync install directory +if [ -d ${INSTALL_DIR} ]; then + chown -R ${unix_user}:${unix_group} ${INSTALL_DIR} +fi + # Create $INSTALL_DIR/conf/unixauthservice.properties
