Repository: incubator-ranger Updated Branches: refs/heads/master 917833cd3 -> d6cce39bb
RANGER-247: combined setup of ranger-kms with kms-authz-plugin Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d6cce39b Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d6cce39b Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d6cce39b Branch: refs/heads/master Commit: d6cce39bbf626fad6150eb85c8766daf5b995917 Parents: 917833c Author: sneethiraj <[email protected]> Authored: Wed Apr 15 03:31:03 2015 -0400 Committer: sneethiraj <[email protected]> Committed: Wed Apr 15 03:31:03 2015 -0400 ---------------------------------------------------------------------- kms/scripts/db_setup.py | 2 +- kms/scripts/dba_script.py | 29 ++ kms/scripts/install.properties | 109 +++++- kms/scripts/kms-initd | 78 ---- kms/scripts/ranger-kms | 48 ++- kms/scripts/ranger-kms-services.sh | 4 +- kms/scripts/setup.sh | 61 +++- .../apache/hadoop/crypto/key/RangerKMSDB.java | 2 + .../crypto/key/RangerKeyStoreProvider.java | 12 +- plugin-kms/scripts/enable-kms-plugin.sh | 39 +- plugin-kms/scripts/install.properties | 112 ------ plugin-kms/scripts/install.sh | 364 ------------------- .../scripts/kms-plugin-install.properties | 23 -- plugin-kms/scripts/uninstall.sh | 70 ---- pom.xml | 2 +- src/main/assembly/kms.xml | 25 +- 16 files changed, 253 insertions(+), 727 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py index b022e08..f9a14e0 100644 --- a/kms/scripts/db_setup.py +++ b/kms/scripts/db_setup.py @@ -62,7 +62,7 @@ def populate_global_dict(): read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties')) elif os_name == "WINDOWS": read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties')) - library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*") + library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*") for each_line in read_config_file.read().split('\n') : if len(each_line) == 0 : continue http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py index 68ac76e..a69eea7 100644 --- a/kms/scripts/dba_script.py +++ b/kms/scripts/dba_script.py @@ -30,6 +30,30 @@ globalDict = {} os_name = platform.system() os_name = os_name.upper() +if os_name == "LINUX": + RANGER_KMS_HOME = os.getcwd() +elif os_name == "WINDOWS": + RANGER_KMS_HOME = os.getenv("RANGER_KMS_HOME") + +def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate): + finalLibPath = libpath.replace('\\','/').replace('//','/') + finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/') + if getorcreate == 'create': + commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath] + p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode + elif getorcreate == 'get': + commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath] + p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode, output + else: + print 'proper command not received for input need get or create' + + def check_output(query): if os_name == "LINUX": p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE) @@ -52,6 +76,11 @@ def log(msg,type): def populate_global_dict(): global globalDict + if os_name == "LINUX": + read_config_file = open(os.path.join(RANGER_KMS_HOME,'install.properties')) + elif os_name == "WINDOWS": + read_config_file = open(os.path.join(RANGER_KMS_HOME,'bin','install_config.properties')) + library_path = os.path.join(RANGER_KMS_HOME,"cred","lib","*") read_config_file = open(os.path.join(os.getcwd(),'install.properties')) for each_line in read_config_file.read().split('\n') : if len(each_line) == 0 : continue http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index 4884369..0b463b9 100644 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -14,7 +14,7 @@ # limitations under the License. # -# This file provides list of deployment variables for the Policy Manager Web Application +# This file provides list of deployment variables for the Ranger KMS Web Application # #------------------------- DB CONFIG - BEGIN ---------------------------------- @@ -55,24 +55,119 @@ db_root_password= db_host=localhost # -# DB UserId used for the Ranger schema +# DB UserId used for the Ranger KMS schema # -db_name=ranger -db_user=rangeradmin +db_name=rangerkms +db_user=rangerkms db_password= #------------------------- DB CONFIG - END ---------------------------------- +#------------------------- RANGER KMS Master Key Crypt Key ------------------ +KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd + # # ------- UNIX User CONFIG ---------------- # -unix_user=ranger -unix_group=ranger - +unix_user=kms +unix_group=kms # # ------- UNIX User CONFIG - END ---------------- # +# +# ------- +# + +# Location of Policy Manager URL +# +# Example: +# POLICY_MGR_URL=http://policymanager.xasecure.net:6080 +# +POLICY_MGR_URL= + +# +# This is the repository name created within policy manager +# +# Example: +# REPOSITORY_NAME=kmsdev +# +REPOSITORY_NAME=kms + +# +# AUDIT DB Configuration +# +# This information should match with the one you specified during the PolicyManager Installation +# +# Example: +# XAAUDIT.DB.IS_ENABLED=true +# XAAUDIT.DB.FLAVOUR=MYSQL +# XAAUDIT.DB.FLAVOUR=ORACLE +# XAAUDIT.DB.HOSTNAME=localhost +# XAAUDIT.DB.DATABASE_NAME=ranger_audit +# XAAUDIT.DB.USER_NAME=rangerlogger +# XAAUDIT.DB.PASSWORD=rangerlogger +# +XAAUDIT.DB.IS_ENABLED=true +XAAUDIT.DB.FLAVOUR=MYSQL +XAAUDIT.DB.HOSTNAME= +XAAUDIT.DB.DATABASE_NAME= +XAAUDIT.DB.USER_NAME= +XAAUDIT.DB.PASSWORD= + +# +# Audit to HDFS Configuration +# +# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens +# that start with __REPLACE__ with appropriate values +# XAAUDIT.HDFS.IS_ENABLED=true +# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit +# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive +# +# +# Example: +# XAAUDIT.HDFS.IS_ENABLED=true +# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/kms/audit +# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/kms/audit/archive +# +XAAUDIT.HDFS.IS_ENABLED=false +XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit +XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive + +XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log +XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900 +XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400 +XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60 +XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log +XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60 +XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600 +XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10 + +#Solr Audit Provder +XAAUDIT.SOLR.IS_ENABLED=false +XAAUDIT.SOLR.MAX_QUEUE_SIZE=1 +XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000 +XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits + +# +# SSL Client Certificate Information +# +# Example: +# SSL_KEYSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-keystore.jks +# SSL_KEYSTORE_PASSWORD=none +# SSL_TRUSTSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-truststore.jks +# SSL_TRUSTSTORE_PASSWORD=none +# +# You do not need use SSL between agent and security admin tool, please leave these sample value as it is. +# +SSL_KEYSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-keystore.jks +SSL_KEYSTORE_PASSWORD=myKeyFilePassword +SSL_TRUSTSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-truststore.jks +SSL_TRUSTSTORE_PASSWORD=changeit + # ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### # # --- These deployment variables are not to be modified unless you understand the full impact of the changes http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/kms-initd ---------------------------------------------------------------------- diff --git a/kms/scripts/kms-initd b/kms/scripts/kms-initd deleted file mode 100644 index b699f6a..0000000 --- a/kms/scripts/kms-initd +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -### BEGIN INIT INFO -# Provides: ranger-kms -# Required-Start: $local_fs $remote_fs $network $named $syslog $time -# Required-Stop: $local_fs $remote_fs $network $named $syslog $time -# Default-Start: 2 3 4 5 -# Default-Stop: -# Short-Description: Start/Stop Ranger KMS -### END INIT INFO - -LINUX_USER=ranger -BIN_PATH=/usr/bin -MOD_NAME=ranger-kms -pidf=/var/run/ranger/kms.pid -pid="" -if [ -f ${pidf} ] -then - pid=`cat $pidf` -fi - -case $1 in - start) - if [ "${pid}" != "" ] - then - echo "Ranger KMS Service is already running" - exit 1 - else - echo "Starting Ranger KMS." - /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" - fi - ;; - stop) - if [ "${pid}" != "" ] - then - echo "Stopping Ranger KMS." - /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" - else - echo "Ranger KMS Service is NOT running" - exit 1 - fi - ;; - restart) - if [ "${pid}" != "" ] - then - echo "Stopping Ranger KMS." - /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" - sleep 10 - fi - echo "Starting Ranger KMS." - /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" - ;; - status) - if [ "${pid}" != "" ] - then - echo "Ranger KMS Service is running [pid={$pid}]" - else - echo "Ranger KMS Service is NOT running." - fi - ;; - *) - echo "Invalid argument [$1]; Only start | stop | restart | status, are supported." - exit 1 - esac http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/ranger-kms ---------------------------------------------------------------------- diff --git a/kms/scripts/ranger-kms b/kms/scripts/ranger-kms index f049dd2..f3a79f5 100755 --- a/kms/scripts/ranger-kms +++ b/kms/scripts/ranger-kms @@ -21,28 +21,56 @@ # Required-Stop: $local_fs $remote_fs $network $named $syslog $time # Default-Start: 2 3 4 5 # Default-Stop: -# Short-Description: Start/Stop Ranger Kms +# Short-Description: Start/Stop Ranger kms ### END INIT INFO +LINUX_USER=kms BIN_PATH=/usr/bin MOD_NAME=ranger-kms +pid=`ps -ef | grep java | grep -- '-Dproc_rangerkms' | grep -v grep | awk '{ print $2 }'` + case $1 in start) - echo "Starting Apache Ranger Kms." - ${BIN_PATH}/${MOD_NAME} start + if [ "${pid}" != "" ] + then + echo "Ranger KMS Service is already running" + exit 1 + else + echo "Starting Apache Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" + fi ;; stop) - echo "Stopping Apache Ranger Kms." - ${BIN_PATH}/${MOD_NAME} stop + if [ "${pid}" != "" ] + then + echo "Stopping Apache Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" + else + echo "Ranger KMS Service is NOT running" + exit 1 + fi ;; restart) - echo "Stopping Apache Ranger Kms." - ${BIN_PATH}/${MOD_NAME} stop - echo "Starting Apache Ranger Kms." - ${BIN_PATH}/${MOD_NAME} start + if [ "${pid}" != "" ] + then + echo "Stopping Apache Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} stop" + sleep 10 + fi + echo "Starting Apache Ranger KMS." + /bin/su --login $LINUX_USER -c "${BIN_PATH}/${MOD_NAME} start" + ;; +status) + if [ "${pid}" != "" ] + then + echo "Ranger KMS Service is running [pid={$pid}]" + else + echo "Ranger KMS Service is NOT running." + + fi ;; *) - echo "Invalid argument [$1]; Only start|stop|restart are supported." + echo "Invalid argument [$1]; Only start|stop|restart|status are supported." exit 1 esac http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/ranger-kms-services.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/ranger-kms-services.sh b/kms/scripts/ranger-kms-services.sh index ce11e21..07c2910 100755 --- a/kms/scripts/ranger-kms-services.sh +++ b/kms/scripts/ranger-kms-services.sh @@ -32,7 +32,7 @@ RANGER_KMS_EWS_LIB_DIR="${RANGER_KMS_EWS_DIR}/lib" JAVA_OPTS=" ${JAVA_OPTS} -XX:MaxPermSize=256m -Xmx1024m -Xms1024m " -for custom_env_script in `find ${RANGER_KMS_DIR}/ews/conf/ -name "ranger-admin-env*"`; do +for custom_env_script in `find ${RANGER_KMS_DIR}/ews/conf/ -name "ranger-kms-env*"`; do if [ -f $custom_env_script ]; then . $custom_env_script fi @@ -86,7 +86,7 @@ elif [ "${action^^}" == "RESTART" ]; then echo "Restarting Apache Ranger KMS" java ${JAVA_OPTS} ${STOP_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_STOP_LOG_FILE} 2>&1 echo "Apache Ranger KMS has been stopped." - echo "Starting Apache Ranger Admin.." + echo "Starting Apache Ranger KMS." java -D${PROC_NAME} ${JAVA_OPTS} ${START_CLASS_NAME} ${KMS_CONFIG_FILENAME} > ${TOMCAT_LOG_FILE} 2>&1 & echo "Apache Ranger KMS has started successfully." exit http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh index fe9f60c..4fb12c0 100644 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -22,12 +22,14 @@ PROPFILE=$PWD/install.properties propertyValue='' -. $PROPFILE -if [ ! $? = "0" ];then - log "$PROPFILE file not found....!!"; +if [ ! -f ${PROPFILE} ] +then + echo "$PROPFILE file not found....!!"; exit 1; fi +eval `grep -v '^XAAUDIT.' ${PROPFILE} | grep -v '^$' | grep -v '^#'` + DB_HOST="${db_host}" usage() { @@ -131,12 +133,15 @@ init_logfiles () { init_variables(){ curDt=`date '+%Y%m%d%H%M%S'` - VERSION=`cat ${PWD}/version` + if [ -f ${PWD}/version ] + then + VERSION=`cat ${PWD}/version` + else + VERSION="0.5.0" + fi KMS_DIR=$PWD - RANGER_KMS_INITD=kms-initd - RANGER_KMS=ranger-kms INSTALL_DIR=${KMS_DIR} @@ -267,9 +272,15 @@ copy_db_connector(){ setup_kms(){ #copying ranger kms provider + oldP=${PWD} cd $PWD/ews/webapp log "[I] Adding ranger kms provider as services in hadoop-common jar" - jar -uf lib/hadoop-common*.jar META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory + for f in lib/hadoop-common*.jar + do + jar -uf ${f} META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory + chown ${unix_user}:${unix_group} ${f} + done + cd ${oldP} } update_properties() { @@ -355,16 +366,21 @@ update_properties() { echo "Starting configuration for XA DB credentials:" - db_password_alias=ranger.ks.jdbc.password + MK_CREDENTIAL_ATTR="ranger.db.encrypt.key.password" + DB_CREDENTIAL_ATTR="ranger.ks.jpa.jdbc.password" + + MK_CREDENTIAL_ALIAS="ranger.ks.masterkey.password" + DB_CREDENTIAL_ALIAS="ranger.ks.jpa.jdbc.credential.alias" if [ "${keystore}" != "" ] then mkdir -p `dirname "${keystore}"` - $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore + $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${DB_CREDENTIAL_ALIAS}" -value "$db_password" -provider jceks://file$keystore + $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${MK_CREDENTIAL_ALIAS}" -value "${KMS_MASTER_KEY_PASSWD}" -provider jceks://file$keystore propertyName=ranger.ks.jpa.jdbc.credential.alias - newPropertyValue="${db_password_alias}" + newPropertyValue="${DB_CREDENTIAL_ALIAS}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file propertyName=ranger.ks.jpa.jdbc.credential.provider.path @@ -375,9 +391,13 @@ update_properties() { newPropertyValue="_" updatePropertyToFilePy $propertyName $newPropertyValue $to_file else - propertyName=ranger.ks.jpa.jdbc.password + propertyName="${DB_CREDENTIAL_ATTR}" newPropertyValue="${db_password}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file + + propertyName="${MK_CREDENTIAL_ATTR}" + newPropertyValue="${KMS_MASTER_KEY_PASSWD}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file fi if test -f $keystore; then @@ -386,9 +406,14 @@ update_properties() { chmod 640 ${keystore} else #echo "$keystore not found. so clear text password" - propertyName=ranger.ks.jpa.jdbc.password + + propertyName="${DB_CREDENTIAL_ATTR}" newPropertyValue="${db_password}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file + + propertyName="${MK_CREDENTIAL_ATTR}" + newPropertyValue="${KMS_MASTER_KEY_PASSWD}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file fi ########### @@ -437,7 +462,7 @@ setup_install_files(){ if [ -d /etc/init.d ]; then log "[I] Setting up init.d" - cp ${INSTALL_DIR}/ews/${RANGER_KMS_INITD} /etc/init.d/${RANGER_KMS} + cp ${INSTALL_DIR}/${RANGER_KMS} /etc/init.d/${RANGER_KMS} chmod ug+rx /etc/init.d/${RANGER_KMS} @@ -500,6 +525,13 @@ setup_install_files(){ ln -sf ${INSTALL_DIR}/ranger-kms-services.sh /usr/bin/ranger-kms chmod ug+rx /usr/bin/ranger-kms fi + + if [ ! -d /var/log/ranger/kms ] + then + mkdir -p /var/log/ranger/kms + fi + chgrp ${unix_group} /var/log/ranger/kms + chmod g+rwx /var/log/ranger/kms } init_logfiles @@ -526,4 +558,7 @@ else log "[E] DB schema setup failed! Please contact Administrator." exit 1 fi + +./enable-kms-plugin.sh + echo "Installation of Ranger KMS is completed." http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java index e4490e0..0a31dca 100755 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKMSDB.java @@ -81,6 +81,7 @@ public class RangerKMSDB { //DB_PROPERTIES.list(System.out) ; + /* Set keys = DB_PROPERTIES.keySet(); for (Iterator i = keys.iterator(); i.hasNext();) { @@ -88,6 +89,7 @@ public class RangerKMSDB { String value = (String) DB_PROPERTIES.get(key); System.out.println(key + " = " + value); } + */ entityManagerFactory = Persistence.createEntityManagerFactory("persistence_ranger_server", DB_PROPERTIES); daoManager = new DaoManager(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java index 880f647..a0a082f 100755 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java @@ -77,7 +77,7 @@ public class RangerKeyStoreProvider extends KeyProvider{ RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager); dbStore = new RangerKeyStore(daoManager); String password = conf.get(ENCRYPTION_KEY); - System.out.println("RKSP Password = "+password); + // System.out.println("RKSP Password = "+password); if(password == null || password.trim().equals("") || password.trim().equals("_") || password.trim().equals("crypted")){ throw new IOException("Master Key Jceks does not exists"); } @@ -318,18 +318,18 @@ public class RangerKeyStoreProvider extends KeyProvider{ private void getFromJceks(Configuration conf, String path, String alias, String key){ //update credential from keystore - System.out.println("getFromJCEKS path = "+path+" alias = "+alias+" key = "+key); + // System.out.println("getFromJCEKS path = "+path+" alias = "+alias+" key = "+key); if(conf!=null){ String pathValue=conf.get(path); - System.out.println("path Value = "+pathValue); + // System.out.println("path Value = "+pathValue); String aliasValue=conf.get(alias); - System.out.println("alias Value = "+aliasValue); + // System.out.println("alias Value = "+aliasValue); if(pathValue!=null && aliasValue!=null){ String xaDBPassword=CredentialReader.getDecryptedString(pathValue.trim(),aliasValue.trim()); - System.out.println("xaDBPassword = "+xaDBPassword); + // System.out.println("xaDBPassword = "+xaDBPassword); if(xaDBPassword!=null&& !xaDBPassword.trim().isEmpty() && !xaDBPassword.trim().equalsIgnoreCase("none")){ - System.out.println("inside key = "+key+" xaDBaswword "+xaDBPassword); + // System.out.println("inside key = "+key+" xaDBaswword "+xaDBPassword); conf.set(key, xaDBPassword); }else{ logger.info("Credential keystore password not applied for KMS; clear text password shall be applicable"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/enable-kms-plugin.sh ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh index 1b6f52e..4e5789a 100644 --- a/plugin-kms/scripts/enable-kms-plugin.sh +++ b/plugin-kms/scripts/enable-kms-plugin.sh @@ -88,11 +88,6 @@ HCOMPONENT_NAME=`echo ${COMPONENT_NAME} | sed -e 's:-plugin::'` CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" -if [ "${HCOMPONENT_NAME}" = "hdfs" ] -then - HCOMPONENT_NAME="hadoop" -fi - # # Based on script name, identify if the action is enabled or disabled # @@ -111,14 +106,13 @@ fi # environment variables for enable|disable scripts # -PROJ_INSTALL_DIR1=`(cd ${basedir} ; pwd)` -PROJ_INSTALL_DIR=${PROJ_INSTALL_DIR1}/.. +PROJ_INSTALL_DIR=`(cd ${basedir} ; pwd)` SET_ENV_SCRIPT_NAME=set-${COMPONENT_NAME}-env.sh -SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/scripts/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME} -DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/scripts/install/conf.templates/default/configuration.xml +SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME} +DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/install/conf.templates/default/configuration.xml PROJ_LIB_DIR=${PROJ_INSTALL_DIR}/ews/plugin/lib -PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/scripts/install/lib" -INSTALL_ARGS="${PROJ_INSTALL_DIR}/ews/webapp/config/plugin-install.properties" +PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/install/lib" +INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties" COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/ews/webapp/config/${COMPONENT_NAME}-install.properties" JAVA=$JAVA_HOME/bin/java @@ -290,7 +284,7 @@ fi # Run, the enable|disable ${COMPONENT} configurations # -if [ -d "${PROJ_INSTALL_DIR}/scripts/install/conf.templates/${action}" ] +if [ -d "${PROJ_INSTALL_DIR}/install/conf.templates/${action}" ] then INSTALL_CP="${PROJ_INSTALL_LIB_DIR}/*" if [ "${action}" = "enable" ] @@ -298,17 +292,20 @@ then echo "<ranger>\n<enabled>`date`</enabled>\n</ranger>" > ${HCOMPONENT_CONF_DIR}/ranger-security.xml chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/ranger-security.xml chmod a+r ${HCOMPONENT_CONF_DIR}/ranger-security.xml - for cf in ${PROJ_INSTALL_DIR}/scripts/install/conf.templates/${action}/*.xml + for cf in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.xml do - cfb=`basename ${cf}` - if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ] + if [ -f "${cf}" ] then - log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..." - cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} + cfb=`basename ${cf}` + if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ] + then + log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..." + cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} + fi + cp ${cf} ${HCOMPONENT_CONF_DIR}/ + chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb} + chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb} fi - cp ${cf} ${HCOMPONENT_CONF_DIR}/ - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb} - chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb} done else if [ -f ${HCOMPONENT_CONF_DIR}/ranger-security.xml ] @@ -364,7 +361,7 @@ then fi - for f in ${PROJ_INSTALL_DIR}/scripts/install/conf.templates/${action}/*.cfg + for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg do if [ -f "${f}" ] then http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/install.properties b/plugin-kms/scripts/install.properties deleted file mode 100755 index 93cf4a1..0000000 --- a/plugin-kms/scripts/install.properties +++ /dev/null @@ -1,112 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Location of Policy Manager URL -# -# Example: -# POLICY_MGR_URL=http://policymanager.xasecure.net:6080 -# -POLICY_MGR_URL= - -# -# Location of db client library (please check the location of the jar file) -# -# Example: -# SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar -# SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar -# -SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar - -# -# This is the repository name created within policy manager -# -# Example: -# REPOSITORY_NAME=kmsdev -# -REPOSITORY_NAME= - -# -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - -# -# Audit to HDFS Configuration -# -# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens -# that start with __REPLACE__ with appropriate values -# XAAUDIT.HDFS.IS_ENABLED=true -# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% -# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit -# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive -# -# Example: -# XAAUDIT.HDFS.IS_ENABLED=true -# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd% -# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/kms/audit -# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/kms/audit/archive -# -XAAUDIT.HDFS.IS_ENABLED=false -XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% -XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit -XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive - -XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log -XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900 -XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400 -XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60 -XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log -XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60 -XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600 -XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10 - -#Solr Audit Provder -XAAUDIT.SOLR.IS_ENABLED=false -XAAUDIT.SOLR.MAX_QUEUE_SIZE=1 -XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000 -XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits - -# -# SSL Client Certificate Information -# -# Example: -# SSL_KEYSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-keystore.jks -# SSL_KEYSTORE_PASSWORD=none -# SSL_TRUSTSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-truststore.jks -# SSL_TRUSTSTORE_PASSWORD=none -# -# You do not need use SSL between agent and security admin tool, please leave these sample value as it is. -# -SSL_KEYSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-keystore.jks -SSL_KEYSTORE_PASSWORD=myKeyFilePassword -SSL_TRUSTSTORE_FILE_PATH=/etc/kms/conf/ranger-plugin-truststore.jks -SSL_TRUSTSTORE_PASSWORD=changeit http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/install.sh ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/install.sh b/plugin-kms/scripts/install.sh deleted file mode 100755 index d88dadf..0000000 --- a/plugin-kms/scripts/install.sh +++ /dev/null @@ -1,364 +0,0 @@ -#!/bin/bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - - -function create_jceks() -{ - -alias=$1 -pass=$2 -jceksFile=$3 - -ret=`hadoop credential create ${alias} -value ${pass} -provider jceks://file${jceksFile} 2>&1` -res=`echo $ret | grep 'already exist'` - -if ! [ "${res}" == "" ] -then - echo "Credential file already exists,recreating the file..." - hadoop credential delete ${alias} -provider jceks://file${jceksFile} - hadoop credential create ${alias} -value ${pass} -provider jceks://file${jceksFile} -fi -} - -#Update Properties to File -#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName -updatePropertyToFile(){ - sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3 - #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation - validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation - #echo 'V1:'$validate - if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi - echo "[I] File $3 Updated successfully : {'$1'}" -} - -kms_dir=/usr/hdp/current/kms -kms_lib_dir=${kms_dir}/lib -kms_conf_dir=/etc/kms/conf - -hdp_dir=/usr/hdp/current/hadoop -hdp_lib_dir=${hdp_dir}/lib -hdp_conf_dir=/etc/hadoop/conf - -export CONFIG_FILE_OWNER="kms:hadoop" - - -if [ ! -d "${hdp_dir}" ] -then - echo "ERROR: Invalid HADOOP HOME Directory: [${hdp_dir}]. Exiting ..." - exit 1 -fi - -#echo "Hadoop Configuration Path: ${hdp_conf_dir}" - -if [ ! -f ${hdp_conf_dir}/hadoop-env.sh ] -then - echo "ERROR: Invalid HADOOP CONF Directory: [${hdp_conf_dir}]." - echo "ERROR: Unable to locate: hadoop-env.sh. Exiting ..." - exit 1 -fi - -install_dir=`dirname $0` - -[ "${install_dir}" = "." ] && install_dir=`pwd` - -#echo "Current Install Directory: [${install_dir}]" - -#verify sql-connector path is valid -SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR' ${install_dir}/install.properties | awk -F= '{ print $2 }'` -echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR" -if test -f "$SQL_CONNECTOR_JAR"; then - echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found" -else - echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1; -fi -#copying sql connector jar file to lib directory -cp $SQL_CONNECTOR_JAR ${install_dir}/lib - - -# -# --- Backup current configuration for backup - START -# - -COMPONENT_NAME=kms - -XASECURE_VERSION=`cat ${install_dir}/version` - -CFG_DIR=${kms_conf_dir} -XASECURE_ROOT=/etc/xasecure/${COMPONENT_NAME} -BACKUP_TYPE=pre -CUR_VERSION_FILE=${XASECURE_ROOT}/.current_version -CUR_CFG_DIR_FILE=${XASECURE_ROOT}/.config_dir -PRE_INSTALL_CONFIG=${XASECURE_ROOT}/${BACKUP_TYPE}-${XASECURE_VERSION} - -backup_dt=`date '+%Y%m%d%H%M%S'` - -if [ -d "${PRE_INSTALL_CONFIG}" ] -then - PRE_INSTALL_CONFIG="${PRE_INSTALL_CONFIG}.${backup_dt}" -fi - -if [ -d ${CFG_DIR} ] -then - ( cd ${CFG_DIR} ; find . -print | cpio -pdm ${PRE_INSTALL_CONFIG} ) - [ -f ${CUR_VERSION_FILE} ] && mv ${CUR_VERSION_FILE} ${CUR_VERSION_FILE}-${backup_dt} - echo ${XASECURE_VERSION} > ${CUR_VERSION_FILE} - echo ${CFG_DIR} > ${CUR_CFG_DIR_FILE} -else - echo "ERROR: Unable to find configuration directory: [${CFG_DIR}]" - exit 1 -fi - -cp -f ${install_dir}/uninstall.sh ${XASECURE_ROOT}/ - -# -# --- Backup current configuration for backup - END - -dt=`date '+%Y%m%d%H%M%S'` -for f in ${install_dir}/conf/* -do - if [ -f ${f} ] - then - fn=`basename $f` - if [ ! -f ${kms_conf_dir}/${fn} ] - then - echo "+cp ${f} ${kms_conf_dir}/${fn}" - cp ${f} ${kms_conf_dir}/${fn} - else - echo "WARN: ${fn} already exists in the ${kms_conf_dir} - Using existing configuration ${fn}" - fi - fi -done - -#echo "Hadoop XASecure Library Path: ${hdp_lib_dir}" - -if [ ! -d ${kms_lib_dir} ] -then - echo "+mkdir -p ${kms_lib_dir}" - mkdir -p ${kms_lib_dir} -fi - -for f in ${install_dir}/dist/*.jar -do - if [ -f ${f} ] - then - fn=`basename $f` - echo "+cp ${f} ${kms_lib_dir}/${fn}" - cp ${f} ${kms_lib_dir}/${fn} - fi -done - - -for f in ${install_dir}/dist/*.jar -do - if [ -f ${f} ] - then - fn=`basename $f` - echo "+cp ${f} ${kms_lib_dir}/${fn}" - cp ${f} ${kms_lib_dir}/${fn} - fi -done - -if [ -d ${install_dir}/lib ] -then - for f in ${install_dir}/lib/*.jar - do - if [ -f ${f} ] - then - fn=`basename $f` - if [ -f ${kms_lib_dir}/${fn} ] - then - cdt=`date '+%s'` - echo "+mv ${kms_lib_dir}/${fn} ${kms_lib_dir}/.${fn}.${cdt}" - mv ${kms_lib_dir}/${fn} ${kms_lib_dir}/.${fn}.${cdt} - fi - echo "+cp ${f} ${kms_lib_dir}/${fn}" - cp ${f} ${kms_lib_dir}/${fn} - fi - done -fi - - -CredFile=`grep '^CREDENTIAL_PROVIDER_FILE' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - -if ! [ `echo ${CredFile} | grep '^/.*'` ] -then - echo "ERROR:Please enter the Credential File Store with proper file path" - exit 1 -fi - -dirno=`echo ${CredFile}| awk -F"/" '{ print NF}'` - -if [ ${dirno} -gt 2 ]; -then - pardir=`echo ${CredFile} | awk -F'/[^/]*$' '{ print $1 }'` - if [ ! -d ${pardir} ]; - then - mkdir -p ${pardir} - if [ $? -eq 0 ]; - then - chmod go+rx ${pardir} - else - echo "ERROR: Unable to create credential store file path" - fi - fi -fi - - -# -# Generate Credential Provider file and Credential for Audit DB access. -# - - -auditCredAlias="auditDBCred" - -auditdbCred=`grep '^XAAUDIT.DB.PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - -create_jceks ${auditCredAlias} ${auditdbCred} ${CredFile} - - -# -# Generate Credential Provider file and Credential for SSL KEYSTORE AND TRUSTSTORE -# - - -sslkeystoreAlias="sslKeyStore" - -sslkeystoreCred=`head -1 /etc/xasecure/ssl/certs/${repoName}.maze` - -create_jceks ${sslkeystoreAlias} ${sslkeystoreCred} ${CredFile} - - - -ssltruststoreAlias="sslTrustStore" - -ssltruststoreCred=`grep '^SSL_TRUSTSTORE_PASSWORD' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - -create_jceks ${ssltruststoreAlias} ${ssltruststoreCred} ${CredFile} - -chmod go+rx ${pardir} -chmod go+r ${CredFile} -chown ${CONFIG_FILE_OWNER} ${CredFile} - -PROP_ARGS="-p ${install_dir}/install.properties" -to_file="${install_dir}/install.properties" -DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR' ${install_dir}/install.properties | awk -F= '{ print $2 }'` -DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'` -if [ "${DB_FLAVOR}" == "" ] -then - $DB_FLAVOR="MYSQL" -fi -echo "[I] Updating install.properites setting for : $DB_FLAVOR" - -if [ "${DB_FLAVOR}" == "MYSQL" ] -then - audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - propertyName=XAAUDIT.DB.JDBC_URL - newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}" - updatePropertyToFile $propertyName $newPropertyValue $to_file - - propertyName=XAAUDIT.DB.JDBC_DRIVER - newPropertyValue="com.mysql.jdbc.Driver" - updatePropertyToFile $propertyName $newPropertyValue $to_file -fi - -if [ "${DB_FLAVOR}" == "ORACLE" ] -then - audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - propertyName=XAAUDIT.DB.JDBC_URL - newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}" - updatePropertyToFile $propertyName $newPropertyValue $to_file - - propertyName=XAAUDIT.DB.JDBC_DRIVER - newPropertyValue="oracle.jdbc.OracleDriver" - updatePropertyToFile $propertyName $newPropertyValue $to_file -fi - -if [ "${DB_FLAVOR}" == "POSTGRES" ] -then - audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - propertyName=XAAUDIT.DB.JDBC_URL - newPropertyValue="jdbc:postgresql://${audit_db_hostname}/${audit_db_name}" - updatePropertyToFile $propertyName $newPropertyValue $to_file - propertyName=XAAUDIT.DB.JDBC_DRIVER - newPropertyValue="org.postgresql.Driver" - updatePropertyToFile $propertyName $newPropertyValue $to_file -fi -if [ "${DB_FLAVOR}" == "SQLSERVER" ] -then - audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` - propertyName=XAAUDIT.DB.JDBC_URL - newPropertyValue="jdbc:sqlserver://${audit_db_hostname};databaseName=${audit_db_name}" - updatePropertyToFile $propertyName $newPropertyValue $to_file - - propertyName=XAAUDIT.DB.JDBC_DRIVER - newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver" - updatePropertyToFile $propertyName $newPropertyValue $to_file -fi -for f in ${install_dir}/installer/conf/*-changes.cfg -do - if [ -f ${f} ] - then - fn=`basename $f` - orgfn=`echo $fn | sed -e 's:-changes.cfg:.xml:'` - fullpathorgfn="${kms_conf_dir}/${orgfn}" - if [ ! -f ${fullpathorgfn} ] - then - echo "ERROR: Unable to find ${fullpathorgfn}" - exit 1 - fi - archivefn="${kms_conf_dir}/.${orgfn}.${dt}" - newfn="${kms_conf_dir}/.${orgfn}-new.${dt}" - cp ${fullpathorgfn} ${archivefn} - if [ $? -eq 0 ] - then - cp="${install_dir}/installer/lib/*:${hdp_dir}/*:${hdp_lib_dir}/*" - java -cp "${cp}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} ${PROP_ARGS} - if [ $? -eq 0 ] - then - diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1 - if [ $? -ne 0 ] - then - #echo "Changing config file: ${fullpathorgfn} with following changes:" - #echo "===============================================================" - #diff -w ${newfn} ${fullpathorgfn} - #echo "===============================================================" - echo "NOTE: Current config file: ${fullpathorgfn} is being saved as ${archivefn}" - #echo "===============================================================" - cp ${newfn} ${fullpathorgfn} - fi - else - echo "ERROR: Unable to make changes to config. file: ${fullpathorgfn}" - echo "exiting ...." - exit 1 - fi - else - echo "ERROR: Unable to save config. file: ${fullpathorgfn} to ${archivefn}" - echo "exiting ...." - exit 1 - fi - fi -done - -chmod go-rwx ${kms_conf_dir}/xasecure-policymgr-ssl.xml - -chown ${CONFIG_FILE_OWNER} ${kms_conf_dir}/xasecure-policymgr-ssl.xml - -exit 0 http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/kms-plugin-install.properties ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/kms-plugin-install.properties b/plugin-kms/scripts/kms-plugin-install.properties deleted file mode 100755 index b79d529..0000000 --- a/plugin-kms/scripts/kms-plugin-install.properties +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# installation properties for this plugin - -# -# Name of the directory where the component's lib and conf directory exist. -# This location should be relative to the parent of the directory containing -# the plugin installation files. -# -COMPONENT_INSTALL_DIR_NAME=ranger-kms http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/plugin-kms/scripts/uninstall.sh ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/uninstall.sh b/plugin-kms/scripts/uninstall.sh deleted file mode 100755 index e0d3584..0000000 --- a/plugin-kms/scripts/uninstall.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -COMPONENT_NAME=hbase -CFG_DIR=/etc/${COMPONENT_NAME}/conf -XASECURE_ROOT=/etc/xasecure/${COMPONENT_NAME} -BACKUP_TYPE=pre -CUR_VERSION_FILE=${XASECURE_ROOT}/.current_version -CUR_CFG_DIR_FILE=${XASECURE_ROOT}/.config_dir -if [ -f ${CUR_VERSION_FILE} ] -then - XASECURE_VERSION=`cat ${CUR_VERSION_FILE}` - PRE_INSTALL_CONFIG=${XASECURE_ROOT}/${BACKUP_TYPE}-${XASECURE_VERSION} - dt=`date '+%Y%m%d%H%M%S'` - if [ -d "${PRE_INSTALL_CONFIG}" ] - then - if [ -f ${CUR_CFG_DIR_FILE} ] - then - CFG_DIR=`cat ${CUR_CFG_DIR_FILE}` - fi - [ -d ${CFG_DIR} ] && mv ${CFG_DIR} ${CFG_DIR}-${dt} - ( cd ${PRE_INSTALL_CONFIG} ; find . -print | cpio -pdm ${CFG_DIR} ) - [ -f ${CUR_VERSION_FILE} ] && mv ${CUR_VERSION_FILE} ${CUR_VERSION_FILE}-uninstalled-${dt} - echo "XASecure version - ${XASECURE_VERSION} has been uninstalled successfully." - else - echo "ERROR: Unable to find pre-install configuration directory: [${PRE_INSTALL_CONFIG}]" - exit 1 - fi -else - cd ${CFG_DIR} - saved_files=`find . -type f -name '.*' | sort | grep -v -- '-new.' | grep '[0-9]*$' | grep -v -- '-[0-9]*$' | sed -e 's:\.[0-9]*$::' | sed -e 's:^./::' | sort -u` - dt=`date '+%Y%m%d%H%M%S'` - if [ "${saved_files}" != "" ] - then - for f in ${saved_files} - do - oldf=`ls ${f}.[0-9]* | sort | head -1` - if [ -f "${oldf}" ] - then - nf=`echo ${f} | sed -e 's:^\.::'` - if [ -f "${nf}" ] - then - echo "+cp -p ${nf} .${nf}-${dt}" - cp -p ${nf} .${nf}-${dt} - echo "+cp ${oldf} ${nf}" - cp ${oldf} ${nf} - else - echo "ERROR: ${nf} not found to save. However, old file is being recovered." - echo "+cp -p ${oldf} ${nf}" - cp -p ${oldf} ${nf} - fi - fi - done - echo "XASecure configuration has been uninstalled successfully." - fi -fi http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index acdf66f..55fa6e4 100644 --- a/pom.xml +++ b/pom.xml @@ -96,7 +96,7 @@ <module>unixauthclient</module> <module>unixauthservice</module> <module>ranger-util</module> - <!--<module>plugin-kms</module>--> + <module>plugin-kms</module> </modules> <properties> <javac.source.version>1.7</javac.source.version> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d6cce39b/src/main/assembly/kms.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/kms.xml b/src/main/assembly/kms.xml index 50a684d..28b0a27 100644 --- a/src/main/assembly/kms.xml +++ b/src/main/assembly/kms.xml @@ -192,7 +192,7 @@ </includes> </dependencySet> <dependencySet> - <outputDirectory>/scripts/install/lib</outputDirectory> + <outputDirectory>/install/lib</outputDirectory> <unpack>false</unpack> <directoryMode>755</directoryMode> <fileMode>644</fileMode> @@ -224,13 +224,12 @@ <include>security_plugins.ranger-plugins-common:ranger-plugins-common</include> <include>security_plugins.ranger-kms-plugin:ranger-kms-plugin</include> <include>org.apache.ranger:credentialbuilder</include> - <include>org.apache.ranger:ranger-kms-plugin</include> </includes> </moduleSet> <moduleSet> <binaries> <includeDependencies>false</includeDependencies> - <outputDirectory>/scripts/install/lib</outputDirectory> + <outputDirectory>/install/lib</outputDirectory> <unpack>false</unpack> </binaries> <includes> @@ -316,7 +315,7 @@ <!-- Plugin --> <!-- conf.templates for enable --> <fileSet> - <outputDirectory>/scripts/install/conf.templates/enable</outputDirectory> + <outputDirectory>/install/conf.templates/enable</outputDirectory> <directory>plugin-kms/conf</directory> <excludes> <exclude>*.sh</exclude> @@ -324,12 +323,12 @@ <fileMode>700</fileMode> </fileSet> <fileSet> - <outputDirectory>/scripts/install/conf.templates/disable</outputDirectory> + <outputDirectory>/install/conf.templates/disable</outputDirectory> <directory>plugin-kms/disable-conf</directory> <fileMode>700</fileMode> </fileSet> <fileSet> - <outputDirectory>/scripts/install/conf.templates/default</outputDirectory> + <outputDirectory>/install/conf.templates/default</outputDirectory> <directory>plugin-kms/template</directory> <fileMode>700</fileMode> </fileSet> @@ -346,21 +345,9 @@ <files> <file> <source>plugin-kms/scripts/enable-kms-plugin.sh</source> - <outputDirectory>/scripts</outputDirectory> + <outputDirectory>/</outputDirectory> <destName>enable-kms-plugin.sh</destName> <fileMode>755</fileMode> </file> - <file> - <source>plugin-kms/scripts/install.properties</source> - <outputDirectory>/ews/webapp/config</outputDirectory> - <destName>plugin-install.properties</destName> - <fileMode>755</fileMode> - </file> - <file> - <source>plugin-kms/scripts/kms-plugin-install.properties</source> - <outputDirectory>/ews/webapp/config</outputDirectory> - <destName>kms-plugin-install.properties</destName> - <fileMode>755</fileMode> - </file> </files> </assembly>
