RANGER-247: Combined packaging of ranger kms and kms plugin (first set of changes)
Signed-off-by: sneethiraj <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/917833cd Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/917833cd Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/917833cd Branch: refs/heads/master Commit: 917833cd320757028a41e56d8c9eb92e052015f2 Parents: 60ec337 Author: Velmurugan Periasamy <[email protected]> Authored: Tue Apr 14 18:49:36 2015 -0400 Committer: sneethiraj <[email protected]> Committed: Tue Apr 14 18:56:16 2015 -0400 ---------------------------------------------------------------------- kms/config/kms-webapp/dbks-site.xml | 78 +- kms/pom.xml | 5 + kms/scripts/db_setup.py | 558 +++++++--- kms/scripts/dba_script.py | 1046 ++++++++++++++++++ kms/scripts/install.properties | 100 ++ kms/scripts/kms-initd | 78 ++ kms/scripts/ranger-kms-services.sh | 2 +- kms/scripts/setup.sh | 411 ++++++- kms/scripts/update_property.py | 24 + .../apache/hadoop/crypto/key/RangerKMSDB.java | 53 +- .../crypto/key/RangerKeyStoreProvider.java | 41 +- .../hadoop/crypto/key/RangerMasterKey.java | 2 - plugin-kms/scripts/enable-kms-plugin.sh | 633 +++++++++++ pom.xml | 10 +- src/main/assembly/kms.xml | 172 ++- 15 files changed, 2928 insertions(+), 285 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/config/kms-webapp/dbks-site.xml ---------------------------------------------------------------------- diff --git a/kms/config/kms-webapp/dbks-site.xml b/kms/config/kms-webapp/dbks-site.xml index d4faf7e..f29f0e4 100644 --- a/kms/config/kms-webapp/dbks-site.xml +++ b/kms/config/kms-webapp/dbks-site.xml @@ -41,23 +41,7 @@ <!-- db Details --> <property> - <name>ranger.db.ks.database.flavor</name> - <value>MYSQL</value> - <description> - ULR for Database - </description> - </property> - - <property> - <name>ranger.db.ks.core.file</name> - <value>db/mysql/kms_core_db.sql</value> - <description> - ULR for Database - </description> - </property> - - <property> - <name>ranger.db.ks.javax.persistence.jdbc.url</name> + <name>ranger.ks.jpa.jdbc.url</name> <value>jdbc:log4jdbc:mysql://localhost:3306/rangerkms</value> <description> ULR for Database @@ -65,55 +49,47 @@ </property> <property> - <name>ranger.db.root.user</name> - <value>root</value> + <name>ranger.ks.jpa.jdbc.user</name> + <value>kmsadmin</value> <description> - Database root user name used for operation + Database username used for operation </description> </property> <property> - <name>ranger.db.root.password</name> - <value></value> + <name>ranger.ks.jpa.jdbc.password</name> + <value>kmsadmin</value> <description> - Database root user name used for operation + Database user's password </description> </property> - + <property> - <name>ranger.db.host</name> - <value>localhost</value> + <name>ranger.ks.jpa.jdbc.credential.provider.path</name> + <value>/tmp/kms.jceks</value> <description> - Database root user name used for operation + Credential provider path </description> </property> - - <property> - <name>ranger.db.ks.name</name> - <value>rangerkms</value> - <description> - Driver used for database - </description> - </property> - + <property> - <name>ranger.db.ks.javax.persistence.jdbc.user</name> - <value>kmsadmin</value> + <name>ranger.ks.jpa.jdbc.credential.alias</name> + <value>ranger.ks.jdbc.password</value> <description> - Database user name used for operation + Credential alias used for password </description> </property> - + <property> - <name>ranger.db.ks.javax.persistence.jdbc.password</name> - <value>kmsadmin</value> + <name>ranger.ks.masterkey.credential.alias</name> + <value>ranger.ks.masterkey.password</value> <description> - Database user's password + Credential alias used for masterkey </description> </property> - + <property> - <name>ranger.db.ks.javax.persistence.jdbc.dialect</name> + <name>ranger.ks.jpa.jdbc.dialect</name> <value>org.eclipse.persistence.platform.database.MySQLPlatform</value> <description> Dialect used for database @@ -121,7 +97,7 @@ </property> <property> - <name>ranger.db.ks.javax.persistence.jdbc.driver</name> + <name>ranger.ks.jpa.jdbc.driver</name> <value>net.sf.log4jdbc.DriverSpy</value> <description> Driver used for database @@ -129,19 +105,11 @@ </property> <property> - <name>ranger.db.ks.sql.connector.jar</name> + <name>ranger.ks.jdbc.sqlconnectorjar</name> <value>/usr/share/java/mysql-connector-java.jar</value> <description> Driver used for database </description> </property> - <property> - <name>ranger.db.ks.java.bin</name> - <value>java</value> - <description> - ULR for Database - </description> - </property> - </configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/pom.xml ---------------------------------------------------------------------- diff --git a/kms/pom.xml b/kms/pom.xml index 5ce8b11..62ececf 100644 --- a/kms/pom.xml +++ b/kms/pom.xml @@ -426,6 +426,11 @@ <artifactId>xz</artifactId> <version>${xz.version}</version> </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <version>${project.version}</version> + </dependency> </dependencies> <build> <pluginManagement> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py index 301bdcc..b022e08 100644 --- a/kms/scripts/db_setup.py +++ b/kms/scripts/db_setup.py @@ -17,19 +17,33 @@ import re import sys import errno import shlex +import platform import logging import subprocess import fileinput from os.path import basename +from subprocess import Popen,PIPE from datetime import date -from xml.etree import ElementTree as ET +import datetime +from time import gmtime, strftime globalDict = {} +os_name = platform.system() +os_name = os_name.upper() + +if os_name == "LINUX": + RANGER_KMS_HOME = os.getcwd() +elif os_name == "WINDOWS": + RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME") + def check_output(query): - p = subprocess.Popen(query, stdout=subprocess.PIPE) + if os_name == "LINUX": + p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE) + elif os_name == "WINDOWS": + p = subprocess.Popen(query, stdout=subprocess.PIPE, shell=True) output = p.communicate ()[0] return output - + def log(msg,type): if type == 'info': logging.info(" %s",msg) @@ -39,214 +53,422 @@ def log(msg,type): logging.warning(" %s",msg) if type == 'exception': logging.exception(" %s",msg) + if type == 'error': + logging.error(" %s",msg) def populate_global_dict(): - global globalDict - os.chdir("..") - read_config_file = open(os.path.join(os.getcwd(),'ews/webapp/config/dbks-site.xml')) - dbks_site_properties = import_properties_from_xml(read_config_file, globalDict) + global globalDict + if os_name == "LINUX": + read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties')) + elif os_name == "WINDOWS": + read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties')) + library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*") + + for each_line in read_config_file.read().split('\n') : + if len(each_line) == 0 : continue + if re.search('=', each_line): + key , value = each_line.strip().split("=",1) + key = key.strip() + if 'PASSWORD' in key: + jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks') + statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get') + if statuscode == 1: + value = '' + value = value.strip() + globalDict[key] = value + +def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate): + finalLibPath = libpath.replace('\\','/').replace('//','/') + finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/') + if getorcreate == 'create': + commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath] + p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode + elif getorcreate == 'get': + commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath] + p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode, output + else: + print 'proper command not received for input need get or create' class BaseDB(object): - def init_logfiles(self): - FORMAT = '%(asctime)-15s %(message)s' - logging.basicConfig(format=FORMAT, level=logging.DEBUG) + def check_connection(self, db_name, db_user, db_password): + log("[I] ---------- Verifying DB connection ----------", "info") + + def check_table(self, db_name, db_user, db_password, TABLE_NAME): + log("[I] ---------- Verifying table ----------", "info") + + def import_db_file(self, db_name, db_user, db_password, file_name): + log("[I] ---------- Importing db schema ----------", "info") - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - log("---------- Creating User ----------", "info") - def check_table(self, db_name, root_user, db_root_password, TABLE_NAME): - log("---------- Verifying table ----------", "info") - def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name): - log("---------- Importing db schema ----------", "info") - class MysqlConf(BaseDB): # Constructor def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): self.host = host self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR self.JAVA_BIN = JAVA_BIN - BaseDB.init_logfiles(self) def get_jisql_cmd(self, user, password ,db_name): - #TODO: User array for forming command - jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) + #path = os.getcwd() + path = RANGER_KMS_HOME + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd - - def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password): - hosts_arr =["%", "localhost"] - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(root_user, db_root_password ,'mysql') - query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - log( "\nMYSQL User: " + db_user + " already exists!", "debug") - else: - log("User does not exists", "info") - if db_password == "": - log ("Creating MySQL user: "+ db_user +" with DB password blank\n", "info") - query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) - output = check_output(shlex.split(query)) - if output.strip(db_user + " |"): - log("Mysql user " + db_user +" created","info") - else: - log("Creating Mysql user " + db_user +" Failed","info") - sys.exit(1) - else: - log ("Creating MySQL user: "+ db_user +" with DB password\n", "info") - query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("Mysql user " + db_user +" created","info") - else: - log("Creating Mysql user " + db_user +" Failed","info") - sys.exit(1) - - def verify_db(self, root_user, db_root_password, db_name): - log("\nVerifying Database: " + db_name + "\n", "debug") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) - output = check_output(shlex.split(query)) - if output.strip(db_name + " |"): - return True - else: - return False - - - def import_file_to_db(self, root_user, db_name, db_user, db_password, db_root_password, file_name): - log ("\nImporting db schema to Database: " + db_name,"debug"); - if self.verify_db(root_user, db_root_password, db_name): - log("\nDatabase: "+db_name + " already exists. Ignoring import_db\n","info") - else: - log("\nDatabase does not exist. Creating database : " + db_name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"create database %s;\"" %(db_name) - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - log("\nDatabase creation failed!!\n","info") - sys.exit(1) - else: - if self.verify_db(root_user, db_root_password, db_name): - log("Creating database: " + db_name + " succeeded", "info") - self.import_db_file(db_name, root_user , db_user, db_password, db_root_password, file_name) - else: - log("\nDatabase creation failed!!\n","info") - sys.exit(1) - - - def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke): - hosts_arr =["%", "localhost"] - if is_revoke: - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret != 0: - sys.exit(1) - else: - sys.exit(1) - - for host in hosts_arr: - log ("---------------GRANTING PRIVILEGES TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'-------------" , "info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) - ret = subprocess.check_call(shlex.split(query)) + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection..", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT version();\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT version();\" -c ;" + output = check_output(query) + if output.strip('Production |'): + log("[I] Checking connection passed.", "info") + return True + else: + log("[E] Can't establish connection!! Exiting.." ,"error") + log("[I] Please run DB setup first or contact Administrator.." ,"info") + sys.exit(1) + + + def import_db_file(self, db_name, db_user, db_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + log("[I] Importing db schema to database " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -input %s -c ;" %file_name + ret = subprocess.call(query) if ret == 0: - log ("---------------FLUSH PRIVILEGES -------------" , "info") - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) - if ret == 0: - log("Privileges granted to '" + db_user + "' on '"+db_name+"'\n", "info") - else: - log("Granting privileges to '" +db_user+"' FAILED on '"+db_name+"'\n", "info") - sys.exit(1) + log("[I] "+name + " DB schema imported successfully","info") else: - log("\nGranting privileges to '" +db_user+"' FAILED on '"+db_name+"'\n", "info") + log("[E] "+name + " DB schema import failed!","error") sys.exit(1) + else: + log("[E] DB schema file " + name+ " not found","error") + sys.exit(1) + + + def check_table(self, db_name, db_user, db_password, TABLE_NAME): + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"show tables like '%s';\" -c ;" %(TABLE_NAME) + output = check_output(query) + if output.strip(TABLE_NAME + " |"): + log("[I] Table " + TABLE_NAME +" already exists in database '" + db_name + "'","info") + return True + else: + log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name + "","info") + return False + - def import_db_file(self, db_name, root_user, db_user, db_password, db_root_password, file_name): +class OracleConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password): + #path = os.getcwd() + path = RANGER_KMS_HOME + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password) + return jisql_cmd + + + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select * from v$version;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select * from v$version;\" -c ;" + output = check_output(query) + if output.strip('Production |'): + log("[I] Connection success", "info") + return True + else: + log("[E] Can't establish connection!", "error") + sys.exit(1) + + + def import_db_file(self, db_name, db_user, db_password, file_name): name = basename(file_name) if os.path.isfile(file_name): - log("Importing db schema to database : " + db_name + " from file: " + name,"info") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) - query = get_cmd + " -input %s" %file_name - ret = subprocess.check_call(shlex.split(query)) + log("[I] Importing script " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + if os_name == "LINUX": + query = get_cmd + " -input %s -c \;" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -input %s -c ;" %file_name + ret = subprocess.call(query) if ret == 0: - log(name + " DB schema imported successfully\n","info") + log("[I] "+name + " imported successfully","info") else: - log(name + " DB Schema import failed!\n","info") + log("[E] "+name + " import failed!","error") sys.exit(1) else: - log("\nDB Schema file " + name+ " not found\n","exception") - sys.exit(1) + log("[E] Import " +name + " sql file not found","error") + sys.exit(1) - def check_table(self, db_name, root_user, db_root_password, TABLE_NAME): - if self.verify_db(root_user, db_root_password, db_name): - log("Verifying table " + TABLE_NAME +" in database " + db_name, "debug") - get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) - query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME) - output = check_output(shlex.split(query)) - if output.strip(TABLE_NAME + " |"): - log("Table " + TABLE_NAME +" already exists in database " + db_name + "\n","info") - return True + def check_table(self, db_name, db_user, db_password, TABLE_NAME): + get_cmd = self.get_jisql_cmd(db_user ,db_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;" + output = check_output(query).strip() + output = output.strip(' |') + db_name = db_name.upper() + if output == db_name: + log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info") + log("[I] Verifying table " + TABLE_NAME +" in tablespace " + db_name, "info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\" -c ;" %(db_name ,TABLE_NAME) + output = check_output(query) + if output.strip(TABLE_NAME.upper() + ' |'): + log("[I] Table " + TABLE_NAME +" already exists in tablespace " + db_name + "","info") + return True else: - log("Table " + TABLE_NAME +" does not exist in database " + db_name + "\n","info") + log("[I] Table " + TABLE_NAME +" does not exist in tablespace " + db_name + "","info") return False else: - log("Database " + db_name +" does not exist\n","info") + log("[E] "+db_user + " user already assigned to some other tablespace , provide different DB name.","error") + sys.exit(1) + + + +class PostgresConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password, db_name): + #TODO: User array for forming command + #path = os.getcwd() + path = RANGER_KMS_HOME + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + return jisql_cmd + + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) + if output.strip('1 |'): + log("[I] connection success", "info") + return True + else: + log("[E] Can't establish connection", "error") + sys.exit(1) + + def import_db_file(self, db_name, db_user, db_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + log("[I] Importing db schema to database " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -input %s -c ;" %file_name + ret = subprocess.call(query) + if ret == 0: + log("[I] "+name + " DB schema imported successfully","info") + else: + log("[E] "+name + " DB schema import failed!","error") + sys.exit(1) + else: + log("[E] DB schema file " + name+ " not found","error") + sys.exit(1) + + + def check_table(self, db_name, db_user, db_password, TABLE_NAME): + log("[I] Verifying table " + TABLE_NAME +" in database " + db_name, "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\"" %(db_name , TABLE_NAME) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\" -c ;" %(db_name , TABLE_NAME) + output = check_output(query) + if output.strip(TABLE_NAME +" |"): + log("[I] Table " + TABLE_NAME +" already exists in database " + db_name, "info") + return True + else: + log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name, "info") return False -def import_properties_from_xml(xml_path, properties_from_xml=None): - xml = ET.parse(xml_path) - root = xml.getroot() - if properties_from_xml is None: - properties_from_xml = dict() - for child in root.findall('property'): - name = child.find("name").text.strip() - value = child.find("value").text.strip() if child.find("value").text is not None else "" - properties_from_xml[name] = value - return properties_from_xml +class SqlServerConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password, db_name): + #TODO: User array for forming command + #path = os.getcwd() + path = RANGER_KMS_HOME + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + return jisql_cmd -def main(): + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) + if output.strip('1 |'): + log("[I] Connection success", "info") + return True + else: + log("[E] Can't establish connection", "error") + sys.exit(1) + + def import_db_file(self, db_name, db_user, db_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + log("[I] Importing db schema to database " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(query) + if ret == 0: + log("[I] "+name + " DB schema imported successfully","info") + else: + log("[E] "+name + " DB Schema import failed!","error") + sys.exit(1) + else: + log("[I] DB Schema file " + name+ " not found","error") + sys.exit(1) + + def check_table(self, db_name, db_user, db_password, TABLE_NAME): + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\"" %(TABLE_NAME) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\" -c ;" %(TABLE_NAME) + output = check_output(query) + if output.strip(TABLE_NAME + " |"): + log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info") + return True + else: + log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info") + return False + + +def main(argv): populate_global_dict() - JAVA_BIN=globalDict['ranger.db.ks.java.bin'] - XA_DB_FLAVOR=globalDict['ranger.db.ks.database.flavor'] - XA_DB_FLAVOR.upper() - - xa_db_host = globalDict['ranger.db.host'] - mysql_core_file = globalDict['ranger.db.ks.core.file'] + FORMAT = '%(asctime)-15s %(message)s' + logging.basicConfig(format=FORMAT, level=logging.DEBUG) + + JAVA_BIN = globalDict['JAVA_BIN'] + XA_DB_FLAVOR = globalDict['DB_FLAVOR'] + XA_DB_FLAVOR = XA_DB_FLAVOR.upper() + + log("[I] DB FLAVOR :" + XA_DB_FLAVOR ,"info") + xa_db_host = globalDict['db_host'] + + mysql_core_file = globalDict['mysql_core_file'] + mysql_patches = os.path.join('db','mysql','patches') + + oracle_core_file = globalDict['oracle_core_file'] + oracle_patches = os.path.join('db','oracle','patches') + + postgres_core_file = globalDict['postgres_core_file'] + postgres_patches = os.path.join('db','postgres','patches') + + sqlserver_core_file = globalDict['sqlserver_core_file'] + sqlserver_patches = os.path.join('db','sqlserver','patches') + + db_name = globalDict['db_name'] + db_user = globalDict['db_user'] + db_password = globalDict['db_password'] + + x_db_version = 'x_db_version_h' + x_user = 'x_portal_user' - db_name = globalDict['ranger.db.ks.name'] - db_user = globalDict['ranger.db.ks.javax.persistence.jdbc.user'] - db_password = globalDict['ranger.db.ks.javax.persistence.jdbc.password'] - xa_db_root_user = globalDict['ranger.db.root.user'] - xa_db_root_password = globalDict['ranger.db.root.password'] if XA_DB_FLAVOR == "MYSQL": - MYSQL_CONNECTOR_JAR=globalDict['ranger.db.ks.sql.connector.jar'] - xa_sqlObj = MysqlConf(xa_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN) - xa_db_core_file_script = os.path.join(os.getcwd(),'scripts') - xa_db_core_file = os.path.join(xa_db_core_file_script,mysql_core_file) + MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(RANGER_KMS_HOME , mysql_core_file) + + elif XA_DB_FLAVOR == "ORACLE": + ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(RANGER_KMS_HOME ,oracle_core_file) + + elif XA_DB_FLAVOR == "POSTGRES": + POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] + xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(RANGER_KMS_HOME , postgres_core_file) + + elif XA_DB_FLAVOR == "SQLSERVER": + SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] + xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(RANGER_KMS_HOME , sqlserver_core_file) else: - log ("--------- NO SUCH FLAVOUR ---------", "info") + log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error") sys.exit(1) - # Methods Begin - log("\n--------- Creating kms user --------- \n","info") - xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password) - log("\n--------- Importing DB Core Database ---------\n","info") - xa_sqlObj.import_file_to_db(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, xa_db_core_file) - xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, True) +# ''' + + log("[I] --------- Verifying Ranger DB connection ---------","info") + xa_sqlObj.check_connection(db_name, db_user, db_password) + + if len(argv)==1: + + log("[I] --------- Verifying Ranger DB tables ---------","info") + if xa_sqlObj.check_table(db_name, db_user, db_password, x_user): + pass + else: + log("[I] --------- Importing Ranger Core DB Schema ---------","info") + xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file) -main() +main(sys.argv) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py new file mode 100644 index 0000000..68ac76e --- /dev/null +++ b/kms/scripts/dba_script.py @@ -0,0 +1,1046 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. See accompanying LICENSE file. +# + +import os +import re +import sys +import errno +import shlex +import logging +import platform +import subprocess +import fileinput +import getpass +from os.path import basename +from subprocess import Popen,PIPE +from datetime import date +globalDict = {} + +os_name = platform.system() +os_name = os_name.upper() + +def check_output(query): + if os_name == "LINUX": + p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE) + elif os_name == "WINDOWS": + p = subprocess.Popen(query, stdout=subprocess.PIPE, shell=True) + output = p.communicate ()[0] + return output + +def log(msg,type): + if type == 'info': + logging.info(" %s",msg) + if type == 'debug': + logging.debug(" %s",msg) + if type == 'warning': + logging.warning(" %s",msg) + if type == 'exception': + logging.exception(" %s",msg) + if type == 'error': + logging.error(" %s",msg) + +def populate_global_dict(): + global globalDict + read_config_file = open(os.path.join(os.getcwd(),'install.properties')) + for each_line in read_config_file.read().split('\n') : + if len(each_line) == 0 : continue + if re.search('=', each_line): + key , value = each_line.strip().split("=",1) + key = key.strip() + if 'PASSWORD' in key: + jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks') + statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get') + if statuscode == 1: + value = '' + value = value.strip() + globalDict[key] = value + +def logFile(msg): + if globalDict["dryMode"]==True: + logFileName=globalDict["dryModeOutputFile"] + if logFileName !="": + if os.path.isfile(logFileName): + if os.access(logFileName, os.W_OK): + with open(logFileName, "a") as f: + f.write(msg+"\n") + f.close() + else: + print("Unable to open file "+logFileName+" in write mode, Check file permissions.") + sys.exit() + else: + print(logFileName+" is Invalid input file name! Provide valid file path to write DBA scripts:") + sys.exit() + else: + print("Invalid input! Provide file path to write DBA scripts:") + sys.exit() + +class BaseDB(object): + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): + log("[I] ---------- Creating user ----------", "info") + + def check_connection(self, db_name, db_user, db_password): + log("[I] ---------- Verifying DB connection ----------", "info") + + def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): + log("[I] ---------- Verifying database ----------", "info") + + + +class MysqlConf(BaseDB): + # Constructor + def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password ,db_name): + #TODO: User array for forming command + path = os.getcwd() + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) + elif os_name == "WINDOWS": + self.JAVA_BIN = self.JAVA_BIN.strip("'") + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + return jisql_cmd + + def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode): + if dryMode == False: + log("[I] Verifying user " + db_user+ " for Host "+ host, "info") + if os_name == "LINUX": + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host) + output = check_output(query) + if output.strip(db_user + " |"): + return True + else: + return False + + def check_connection(self, db_name, db_user, db_password): + #log("[I] Checking connection..", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT version();\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT version();\" -c ;" + output = check_output(query) + if output.strip('Production |'): + #log("[I] Checking connection passed.", "info") + return True + else: + log("[E] Can't establish db connection.. Exiting.." ,"error") + sys.exit(1) + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): + if self.check_connection('mysql', root_user, db_root_password): + hosts_arr =["%", "localhost"] + for host in hosts_arr: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode): + if dryMode == False: + log("[I] MySQL user " + db_user + " already exists for host " + host, "info") + else: + if db_password == "": + if dryMode == False: + log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") + if os_name == "LINUX": + query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host) + ret = subprocess.call(query) + if ret == 0: + if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): + log("[I] MySQL user " + db_user +" created for host " + host ,"info") + else: + log("[E] Creating MySQL user " + db_user +" failed..","error") + sys.exit(1) + else: + logFile("create user '%s'@'%s';" %(db_user, host)) + else: + if dryMode == False: + log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") + if os_name == "LINUX": + query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\" -c ;" %(db_user, host, db_password) + ret = subprocess.call(query) + if ret == 0: + if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode): + log("[I] MySQL user " + db_user +" created for host " + host ,"info") + else: + log("[E] Creating MySQL user " + db_user +" failed..","error") + sys.exit(1) + else: + log("[E] Creating MySQL user " + db_user +" failed..","error") + sys.exit(1) + else: + logFile("create user '%s'@'%s' identified by '%s';" %(db_user, host,db_password)) + + + def verify_db(self, root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Verifying database " + db_name , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if os_name == "LINUX": + query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name) + output = check_output(query) + if output.strip(db_name + " |"): + return True + else: + return False + + + def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): + if self.verify_db(root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Database "+db_name + " already exists.","info") + else: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if os_name == "LINUX": + query = get_cmd + " -query \"create database %s;\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name) + if dryMode == False: + log("[I] Database does not exist, Creating database " + db_name,"info") + if os_name == "LINUX": + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + ret = subprocess.call(query) + if ret != 0: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + if self.verify_db(root_user, db_root_password, db_name,dryMode): + log("[I] Creating database " + db_name + " succeeded", "info") + return True + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + logFile("create database %s;" %(db_name)) + + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): + hosts_arr =["%", "localhost"] + ''' + if is_revoke: + for host in hosts_arr: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) + ret = subprocess.call(shlex.split(query)) + if ret == 0: + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.call(shlex.split(query)) + if ret != 0: + sys.exit(1) + else: + sys.exit(1) + ''' + + for host in hosts_arr: + if dryMode == False: + log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if os_name == "LINUX": + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host) + ret = subprocess.call(query) + if ret == 0: + log("[I] ---------- FLUSH PRIVILEGES ----------" , "info") + if os_name == "LINUX": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;" + ret = subprocess.call(query) + if ret == 0: + log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info") + else: + log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error") + sys.exit(1) + else: + log("[E] Granting privileges to '" +db_user+"' failed on '"+db_name+"'", "error") + sys.exit(1) + else: + logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;" %(db_name,db_user, host)) + + +class OracleConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password): + #TODO: User array for forming command + path = os.getcwd() + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password) + return jisql_cmd + + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select * from v$version;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select * from v$version;\" -c ;" + output = check_output(query) + if output.strip('Production |'): + log("[I] Connection success", "info") + return True + else: + log("[E] Can't establish connection,Change configuration or Contact Administrator!!", "error") + sys.exit(1) + + def verify_user(self, root_user, db_user, db_root_password,dryMode): + if dryMode == False: + log("[I] Verifying user " + db_user ,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select username from all_users where upper(username)=upper('%s');\" -c ;" %(db_user) + output = check_output(query) + if output.strip(db_user + " |"): + return True + else: + return False + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): + if self.check_connection(self, root_user, db_root_password): + if self.verify_user(root_user, db_user, db_root_password,dryMode): + if dryMode == False: + log("[I] Oracle user " + db_user + " already exists.", "info") + else: + if dryMode == False: + log("[I] User does not exists, Creating user : " + db_user, "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password) + ret = subprocess.call(query) + if ret == 0: + if self.verify_user(root_user, db_user, db_root_password,dryMode): + log("[I] User " + db_user + " created", "info") + log("[I] Granting permission to " + db_user, "info") + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) + if ret == 0: + log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info") + else: + log("[E] Granting permissions to Oracle user '" + db_user + "' failed..", "error") + sys.exit(1) + else: + log("[E] Creating Oracle user '" + db_user + "' failed..", "error") + sys.exit(1) + else: + log("[E] Creating Oracle user '" + db_user + "' failed..", "error") + sys.exit(1) + else: + logFile("create user %s identified by \"%s\";" %(db_user, db_password)) + + + def verify_tablespace(self, root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Verifying tablespace " + db_name, "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\" -c ;" %(db_name) + output = check_output(query) + if output.strip(db_name+' |'): + return True + else: + return False + + def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): + if self.verify_tablespace(root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Tablespace " + db_name + " already exists.","info") + if self.verify_user(root_user, db_user, db_root_password,dryMode): + get_cmd = self.get_jisql_cmd(db_user ,db_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;" + output = check_output(query).strip() + db_name = db_name.upper() +' |' + if output == db_name: + log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info") + else: + log("[E] "+db_user + " user already assigned some other tablespace , give some other DB name.","error") + sys.exit(1) + #status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, False) + #return status + else: + if dryMode == False: + log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name) + ret = subprocess.call(query) + if ret == 0: + if self.verify_tablespace(root_user, db_root_password, db_name,dryMode): + log("[I] Creating tablespace "+db_name+" succeeded", "info") + status=True + status = self.assign_tablespace(root_user, db_root_password, db_user, db_password, db_name, status,dryMode) + return status + else: + log("[E] Creating tablespace "+db_name+" failed..", "error") + sys.exit(1) + else: + log("[E] Creating tablespace "+db_name+" failed..", "error") + sys.exit(1) + else: + logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) + + def assign_tablespace(self, root_user, db_root_password, db_user, db_password, db_name, status,dryMode): + if dryMode == False: + log("[I] Assign default tablespace " +db_name + " to " + db_user, "info") + # Assign default tablespace db_name + get_cmd = self.get_jisql_cmd(root_user , db_root_password) + if os_name == "LINUX": + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name) + ret = subprocess.call(query) + if ret == 0: + log("[I] Granting permission to " + db_user, "info") + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) + if ret == 0: + log("[I] Granting Oracle user '" + db_user + "' done", "info") + return status + else: + log("[E] Granting Oracle user '" + db_user + "' failed..", "error") + sys.exit(1) + else: + log("[E] Assigning default tablespace to user '" + db_user + "' failed..", "error") + sys.exit(1) + else: + logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password, db_name)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode): + if dryMode == False: + get_cmd = self.get_jisql_cmd(root_user ,db_root_password) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) + if ret == 0: + log("[I] Granted permission to " + db_user, "info") + return True + else: + log("[E] Granting Oracle user '" + db_user + "' failed..", "error") + sys.exit(1) + else: + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + + + +class PostgresConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password, db_name): + #TODO: User array for forming command + path = os.getcwd() + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + return jisql_cmd + + def verify_user(self, root_user, db_root_password, db_user,dryMode): + if dryMode == False: + log("[I] Verifying user " + db_user , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\" -c ;" %(db_user) + output = check_output(query) + if output.strip(db_user + " |"): + return True + else: + return False + + def check_connection(self, db_name, db_user, db_password): + #log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) + if output.strip('1 |'): + #log("[I] connection success", "info") + return True + else: + log("[E] Can't establish connection, Please check connection settings or contact Administrator", "error") + sys.exit(1) + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): + if self.check_connection('postgres', root_user, db_root_password): + if self.verify_user(root_user, db_root_password, db_user,dryMode): + if dryMode == False: + log("[I] Postgres user " + db_user + " already exists.", "info") + else: + if dryMode == False: + log("[I] User does not exists, Creating user : " + db_user, "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') + if os_name == "LINUX": + query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) + ret = subprocess.call(query) + if ret == 0: + if self.verify_user(root_user, db_root_password, db_user,dryMode): + log("[I] Postgres user " + db_user + " created", "info") + else: + log("[E] Postgres user " +db_user+" creation failed..", "error") + sys.exit(1) + else: + log("[E] Postgres user " +db_user+" creation failed..", "error") + sys.exit(1) + else: + logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) + + def verify_db(self, root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Verifying database " + db_name , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\" -c ;" %(db_name) + output = check_output(query) + if output.strip(db_name + " |"): + return True + else: + return False + + + def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): + if self.verify_db(root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Database "+db_name + " already exists.", "info") + else: + if dryMode == False: + log("[I] Database does not exist, Creating database : " + db_name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') + if os_name == "LINUX": + query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user) + ret = subprocess.call(query) + if ret != 0: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + if self.verify_db(root_user, db_root_password, db_name,dryMode): + log("[I] Creating database " + db_name + " succeeded", "info") + return True + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user)) + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke,dryMode): + if dryMode == False: + log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user) + ret = subprocess.call(query) + if ret != 0: + log("[E] Granting all privileges on database "+db_name+" to user "+db_user+" failed..", "error") + sys.exit(1) + + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user) + ret = subprocess.call(query) + if ret != 0: + log("[E] Granting all privileges on schema public to user "+db_user+" failed..", "error") + sys.exit(1) + + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\"" + output = check_output(query) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\" -c ;" + output = check_output(query) + for each_line in output.split('\n'): + if len(each_line) == 0 : continue + if re.search(' |', each_line): + tablename , value = each_line.strip().split(" |",1) + tablename = tablename.strip() + if os_name == "LINUX": + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user) + ret = subprocess.call(shlex.split(query1)) + if ret != 0: + log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error") + sys.exit(1) + elif os_name == "WINDOWS": + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user) + ret = subprocess.call(query1) + if ret != 0: + log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error") + sys.exit(1) + + + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\"" + output = check_output(query) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\" -c ;" + output = check_output(query) + for each_line in output.split('\n'): + if len(each_line) == 0 : continue + if re.search(' |', each_line): + sequence_name , value = each_line.strip().split(" |",1) + sequence_name = sequence_name.strip() + if os_name == "LINUX": + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user) + ret = subprocess.call(shlex.split(query1)) + if ret != 0: + log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error") + sys.exit(1) + elif os_name == "WINDOWS": + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user) + ret = subprocess.call(query1) + if ret != 0: + log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error") + sys.exit(1) + + log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info") + else: + logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %( db_user)) + logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;" %(db_user)) + + + +class SqlServerConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password, db_name): + #TODO: User array for forming command + path = os.getcwd() + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + return jisql_cmd + + def verify_user(self, root_user, db_root_password, db_user,dryMode): + if dryMode == False: + log("[I] Verifying user " + db_user , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select loginname from master.dbo.syslogins where loginname = '%s';\" -c ;" %(db_user) + output = check_output(query) + if output.strip(db_user + " |"): + return True + else: + return False + + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) + if output.strip('1 |'): + log("[I] Connection success", "info") + return True + else: + log("[E] Can't establish connection", "error") + sys.exit(1) + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): + if self.check_connection('msdb', root_user, db_root_password): + if self.verify_user(root_user, db_root_password, db_user,dryMode): + if dryMode == False: + log("[I] SQL Server user " + db_user + " already exists.", "info") + else: + if dryMode == False: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + log("[I] User does not exists, Creating Login user " + db_user, "info") + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\" -c ;" %(db_user,db_password) + ret = subprocess.call(query) + if ret == 0: + if self.verify_user(root_user, db_root_password, db_user,dryMode): + log("[I] SQL Server user " + db_user + " created", "info") + else: + log("[E] SQL Server user " +db_user+" creation failed..", "error") + sys.exit(1) + else: + log("[E] SQL Server user " +db_user+" creation failed..", "error") + sys.exit(1) + else: + logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(db_user,db_password)) + + def verify_db(self, root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Verifying database " + db_name, "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT name from sys.databases where name='%s';\" -c ;" %(db_name) + output = check_output(query) + if output.strip(db_name + " |"): + return True + else: + return False + + def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): + if self.verify_db(root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Database " + db_name + " already exists.","info") + else: + if dryMode == False: + log("[I] Database does not exist. Creating database : " + db_name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name) + ret = subprocess.call(query) + if ret != 0: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + if self.verify_db(root_user, db_root_password, db_name,dryMode): + self.create_user(root_user, db_name ,db_user, db_password, db_root_password,dryMode) + log("[I] Creating database " + db_name + " succeeded", "info") + return True + # self.import_db_file(db_name, root_user, db_user, db_password, db_root_password, file_name) + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + logFile("create database %s;" %(db_name)) + + def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode): + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name, db_user) + output = check_output(query) + if output.strip(db_user + " |"): + if dryMode == False: + log("[I] User "+db_user+" exist ","info") + else: + if dryMode == False: + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"USE %s CREATE USER %s for LOGIN %s;\" -c ;" %(db_name ,db_user, db_user) + ret = subprocess.call(query) + if ret == 0: + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name ,db_user) + output = check_output(query) + if output.strip(db_user + " |"): + log("[I] User "+db_user+" exist ","info") + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + logFile("USE %s CREATE USER %s for LOGIN %s;" %(db_name ,db_user, db_user)) + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): + if dryMode == False: + log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\" -c ;" %(db_user, db_name) + ret = subprocess.call(query) + if ret != 0: + sys.exit(1) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user) +# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_name, db_user) +# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + ret = subprocess.call(query) + if ret != 0: + sys.exit(1) + else: + logFile("ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];" %(db_user, db_name)) + logFile("USE %s EXEC sp_addrolemember N'db_owner', N'%s';" %(db_name, db_user)) + + +def main(argv): + + FORMAT = '%(asctime)-15s %(message)s' + logging.basicConfig(format=FORMAT, level=logging.DEBUG) + DBA_MODE = 'TRUE' + + quiteMode = False + dryMode=False + is_revoke=False + + if len(argv) > 1: + for i in range(len(argv)): + if str(argv[i]) == "-q": + quiteMode = True + populate_global_dict() + if str(argv[i]) == "-d": + index=i+1 + try: + dba_sql_file=str(argv[index]) + if dba_sql_file == "": + log("[E] Invalid input! Provide file path to write DBA scripts:","error") + sys.exit(1) + except IndexError: + log("[E] Invalid input! Provide file path to write DBA scripts:","error") + sys.exit(1) + + if not dba_sql_file == "": + if not os.path.exists(dba_sql_file): + log("[I] Creating File:"+dba_sql_file,"info") + open(dba_sql_file, 'w').close() + else: + log("[I] File "+dba_sql_file+ " is available.","info") + + if os.path.isfile(dba_sql_file): + dryMode=True + globalDict["dryMode"]=True + globalDict["dryModeOutputFile"]=dba_sql_file + else: + log("[E] Invalid file Name! Unable to find file:"+dba_sql_file,"error") + sys.exit(1) + + log("[I] Running DBA setup script. QuiteMode:" + str(quiteMode),"info") + if (quiteMode): + JAVA_BIN=globalDict['JAVA_BIN'] + else: + if os.environ['JAVA_HOME'] == "": + log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") + sys.exit(1) + JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') + if os_name == "WINDOWS" : + JAVA_BIN = JAVA_BIN+'.exe' + if os.path.isfile(JAVA_BIN): + pass + else : + while os.path.isfile(JAVA_BIN) == False: + log("Enter java executable path: :","info") + JAVA_BIN=raw_input() + log("[I] Using Java:" + str(JAVA_BIN),"info") + + if (quiteMode): + XA_DB_FLAVOR=globalDict['DB_FLAVOR'] + else: + XA_DB_FLAVOR='' + while XA_DB_FLAVOR == "": + log("Enter db flavour{MYSQL|ORACLE|POSTGRES|SQLSERVER} :","info") + XA_DB_FLAVOR=raw_input() + + XA_DB_FLAVOR = XA_DB_FLAVOR.upper() + log("[I] DB FLAVOR:" + str(XA_DB_FLAVOR),"info") + + if (quiteMode): + CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + else: + if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "SQLSERVER": + log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info") + CONNECTOR_JAR=raw_input() + while os.path.isfile(CONNECTOR_JAR) == False: + log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error") + CONNECTOR_JAR=raw_input() + else: + log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") + sys.exit(1) + + if (quiteMode): + xa_db_host = globalDict['db_host'] + else: + xa_db_host='' + while xa_db_host == "": + log("Enter DB Host :","info") + xa_db_host=raw_input() + log("[I] DB Host:" + str(xa_db_host),"info") + + if (quiteMode): + xa_db_root_user = globalDict['db_root_user'] + xa_db_root_password = globalDict['db_root_password'] + else: + xa_db_root_user='' + while xa_db_root_user == "": + log("Enter db root user:","info") + xa_db_root_user=raw_input() + log("Enter db root password:","info") + xa_db_root_password = getpass.getpass("Enter db root password:") + + if (quiteMode): + db_name = globalDict['db_name'] + else: + db_name = '' + while db_name == "": + log("Enter DB Name :","info") + db_name=raw_input() + + if (quiteMode): + db_user = globalDict['db_user'] + else: + db_user='' + while db_user == "": + log("Enter db user name:","info") + db_user=raw_input() + + if (quiteMode): + db_password = globalDict['db_password'] + else: + db_password='' + while db_password == "": + log("Enter db user password:","info") + db_password = getpass.getpass("Enter db user password:") + + #mysql_core_file = globalDict['mysql_core_file'] + mysql_core_file = os.path.join('db','mysql','xa_core_db.sql') + + #oracle_core_file = globalDict['oracle_core_file'] + oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql') + + #postgres_core_file = globalDict['postgres_core_file'] + postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql') + + #sqlserver_core_file = globalDict['sqlserver_core_file'] + sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql') + + x_db_version = 'x_db_version_h' + x_user = 'x_portal_user' + + if XA_DB_FLAVOR == "MYSQL": + MYSQL_CONNECTOR_JAR=CONNECTOR_JAR + xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file) + + elif XA_DB_FLAVOR == "ORACLE": + ORACLE_CONNECTOR_JAR=CONNECTOR_JAR + if os_name == "LINUX": + xa_db_root_user = xa_db_root_user+" AS SYSDBA" + elif os_name == "WINDOWS": + xa_db_root_user = xa_db_root_user + xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file) + + elif XA_DB_FLAVOR == "POSTGRES": + POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR + xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(os.getcwd(),postgres_core_file) + + elif XA_DB_FLAVOR == "SQLSERVER": + SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR + xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN) + xa_db_core_file = os.path.join(os.getcwd(),sqlserver_core_file) + else: + log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") + sys.exit(1) + + + # Methods Begin + if DBA_MODE == "TRUE" : + if (dryMode==True): + log("[I] Dry run mode:"+str(dryMode),"info") + log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info") + logFile("===============================================\n") + xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode) + xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode) + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + logFile("===============================================\n") + if (dryMode==False): + log("[I] ---------- Creating Ranger Admin db user ---------- ","info") + xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode) + log("[I] ---------- Creating Ranger Admin database ----------","info") + xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode) + log("[I] ---------- Granting permission to Ranger Admin db user ----------","info") + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same + log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info") +main(sys.argv) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties new file mode 100644 index 0000000..4884369 --- /dev/null +++ b/kms/scripts/install.properties @@ -0,0 +1,100 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# This file provides list of deployment variables for the Policy Manager Web Application +# + +#------------------------- DB CONFIG - BEGIN ---------------------------------- +# Uncomment the below if the DBA steps need to be run separately +#setup_mode=SeparateDBA + +PYTHON_COMMAND_INVOKER=python + +#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|SQLSERVER +DB_FLAVOR=MYSQL +# +# The executable path to be used to invoke command-line MYSQL +# +#SQL_COMMAND_INVOKER='mysql' +#SQL_COMMAND_INVOKER='sqlplus' +SQL_COMMAND_INVOKER='mysql' + +# +# Location of DB client library (please check the location of the jar file) +# +#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar +#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar +#SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar +#SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar +SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar + + +# +# DB password for the DB admin user-id +# ************************************************************************** +# ** If the password is left empty or not-defined here, +# ** it will be prompted to enter the password during installation process +# ************************************************************************** +# +#db_root_user=root|SYS|postgres|sa +db_root_user=root +db_root_password= +db_host=localhost + +# +# DB UserId used for the Ranger schema +# +db_name=ranger +db_user=rangeradmin +db_password= + +#------------------------- DB CONFIG - END ---------------------------------- + +# +# ------- UNIX User CONFIG ---------------- +# +unix_user=ranger +unix_group=ranger + +# +# ------- UNIX User CONFIG - END ---------------- +# + +# ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### +# +# --- These deployment variables are not to be modified unless you understand the full impact of the changes +# +################################################################################ + +KMS_DIR=$PWD +app_home=$PWD/ews/webapp +TMPFILE=$PWD/.fi_tmp +LOGFILE=$PWD/logfile +LOGFILES="$LOGFILE" + +JAVA_BIN='java' +JAVA_VERSION_REQUIRED='1.7' +JAVA_ORACLE='Java(TM) SE Runtime Environment' + +mysql_core_file=db/mysql/kms_core_db.sql + +oracle_core_file=db/oracle/xa_core_db_oracle.sql + +postgres_core_file=db/postgres/xa_core_db_postgres.sql + +sqlserver_core_file=db/sqlserver/xa_core_db_sqlserver.sql + +cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/scripts/kms-initd ---------------------------------------------------------------------- diff --git a/kms/scripts/kms-initd b/kms/scripts/kms-initd new file mode 100644 index 0000000..b699f6a --- /dev/null +++ b/kms/scripts/kms-initd @@ -0,0 +1,78 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +### BEGIN INIT INFO +# Provides: ranger-kms +# Required-Start: $local_fs $remote_fs $network $named $syslog $time +# Required-Stop: $local_fs $remote_fs $network $named $syslog $time +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Start/Stop Ranger KMS +### END INIT INFO + +LINUX_USER=ranger +BIN_PATH=/usr/bin +MOD_NAME=ranger-kms +pidf=/var/run/ranger/kms.pid +pid="" +if [ -f ${pidf} ] +then + pid=`cat $pidf` +fi + +case $1 in + start) + if [ "${pid}" != "" ] + then + echo "Ranger KMS Service is already running" + exit 1 + else + echo "Starting Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" + fi + ;; + stop) + if [ "${pid}" != "" ] + then + echo "Stopping Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" + else + echo "Ranger KMS Service is NOT running" + exit 1 + fi + ;; + restart) + if [ "${pid}" != "" ] + then + echo "Stopping Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" + sleep 10 + fi + echo "Starting Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" + ;; + status) + if [ "${pid}" != "" ] + then + echo "Ranger KMS Service is running [pid={$pid}]" + else + echo "Ranger KMS Service is NOT running." + fi + ;; + *) + echo "Invalid argument [$1]; Only start | stop | restart | status, are supported." + exit 1 + esac http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/917833cd/kms/scripts/ranger-kms-services.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/ranger-kms-services.sh b/kms/scripts/ranger-kms-services.sh index 8677c64..ce11e21 100755 --- a/kms/scripts/ranger-kms-services.sh +++ b/kms/scripts/ranger-kms-services.sh @@ -25,7 +25,7 @@ action=$1 realScriptPath=`readlink -f $0` realScriptDir=`dirname $realScriptPath` -RANGER_KMS_DIR=`(cd $realScriptDir/..; pwd)` +RANGER_KMS_DIR=`(cd $realScriptDir; pwd)` RANGER_KMS_EWS_DIR=${RANGER_KMS_DIR}/ews RANGER_KMS_EWS_CONF_DIR="${RANGER_KMS_EWS_DIR}/conf" RANGER_KMS_EWS_LIB_DIR="${RANGER_KMS_EWS_DIR}/lib"
