Repository: incubator-ranger Updated Branches: refs/heads/master 06fe51834 -> 7dea10875
RANGER-397 - Configuration changes to install.properties Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/b8fe3e97 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/b8fe3e97 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/b8fe3e97 Branch: refs/heads/master Commit: b8fe3e97b9e33c009e5cbade757f41ad8504e12c Parents: 06fe518 Author: Don Bosco Durai <[email protected]> Authored: Sun Apr 26 22:08:18 2015 -0700 Committer: Don Bosco Durai <[email protected]> Committed: Sun Apr 26 22:08:18 2015 -0700 ---------------------------------------------------------------------- .../audit/destination/SolrAuditDestination.java | 176 +++++++++++++++++++ .../audit/provider/AuditProviderFactory.java | 4 +- .../ranger/audit/provider/BaseAuditHandler.java | 53 ++++-- .../apache/ranger/audit/provider/MiscUtil.java | 8 +- .../ranger/audit/queue/AuditBatchQueue.java | 2 +- .../ranger/audit/queue/AuditFileSpool.java | 30 ++-- .../ranger/audit/queue/AuditSummaryQueue.java | 2 +- .../plugin/audit/RangerDefaultAuditHandler.java | 12 ++ hbase-agent/conf/ranger-hbase-audit-changes.cfg | 17 ++ hbase-agent/scripts/install.properties | 31 ++++ hdfs-agent/conf/ranger-hdfs-audit-changes.cfg | 15 ++ hdfs-agent/scripts/install.properties | 27 +++ hive-agent/conf/ranger-hive-audit-changes.cfg | 15 ++ hive-agent/scripts/install.properties | 28 +++ kms/scripts/install.properties | 32 ++++ knox-agent/conf/ranger-knox-audit-changes.cfg | 15 ++ knox-agent/scripts/install.properties | 28 +++ .../conf/ranger-kafka-audit-changes.cfg | 17 ++ plugin-kafka/scripts/install.properties | 31 ++++ plugin-kms/conf/ranger-kms-audit-changes.cfg | 17 ++ plugin-solr/conf/ranger-solr-audit-changes.cfg | 18 ++ plugin-solr/scripts/install.properties | 31 ++++ plugin-yarn/conf/ranger-yarn-audit-changes.cfg | 15 ++ plugin-yarn/scripts/install.properties | 26 +++ storm-agent/conf/ranger-storm-audit-changes.cfg | 15 ++ storm-agent/scripts/install.properties | 28 +++ 26 files changed, 656 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java new file mode 100644 index 0000000..2164d9c --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java @@ -0,0 +1,176 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.audit.destination; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.audit.destination.AuditDestination; +import org.apache.ranger.audit.model.AuditEventBase; +import org.apache.ranger.audit.model.AuthzAuditEvent; +import org.apache.ranger.audit.provider.MiscUtil; +import org.apache.solr.client.solrj.SolrClient; +import org.apache.solr.client.solrj.impl.CloudSolrClient; +import org.apache.solr.client.solrj.impl.LBHttpSolrClient; +import org.apache.solr.client.solrj.response.UpdateResponse; +import org.apache.solr.common.SolrException; +import org.apache.solr.common.SolrInputDocument; + +public class SolrAuditDestination extends AuditDestination { + private static final Log LOG = LogFactory + .getLog(SolrAuditDestination.class); + + public static final String PROP_SOLR_URLS = "urls"; + public static final String PROP_SOLR_ZK = "zookeepers"; + + static final Object lock = new Object(); + SolrClient solrClient = null; + List<String> solrURLs = new ArrayList<String>(); + String zkHosts = null; + + public SolrAuditDestination() { + } + + @Override + public void init(Properties props, String propPrefix) { + LOG.info("init() called"); + super.init(props, propPrefix); + + String urls = MiscUtil.getStringProperty(props, propPrefix + "." + + PROP_SOLR_URLS); + if (urls != null && urls.equalsIgnoreCase("NONE")) { + urls = null; + } + solrURLs = MiscUtil.toArray(urls, ","); + zkHosts = MiscUtil.getStringProperty(props, propPrefix + "." + + PROP_SOLR_ZK); + if (zkHosts != null && zkHosts.equalsIgnoreCase("NONE")) { + zkHosts = null; + } + connect(); + } + + void connect() { + if (solrClient == null) { + synchronized (lock) { + + if (solrClient == null) { + try { + if (zkHosts != null && !zkHosts.isEmpty()) { + // Instantiate + solrClient = new CloudSolrClient(zkHosts); + } else if (solrURLs == null || !solrURLs.isEmpty()) { + LBHttpSolrClient lbSolrClient = new LBHttpSolrClient( + solrURLs.get(0)); + lbSolrClient.setConnectionTimeout(1000); + + for (int i = 1; i < solrURLs.size(); i++) { + lbSolrClient.addSolrServer(solrURLs.get(i)); + } + solrClient = lbSolrClient; + } + } catch (Throwable t) { + LOG.fatal("Can't connect to Solr server. URL=" + + solrURLs, t); + } + } + } + } + } + + @Override + public boolean log(Collection<AuditEventBase> events) { + try { + if (solrClient == null) { + connect(); + if (solrClient == null) { + // Solr is still not initialized. So need to throw error + return false; + } + } + + Collection<SolrInputDocument> docs = new ArrayList<SolrInputDocument>(); + for (AuditEventBase event : events) { + AuthzAuditEvent authzEvent = (AuthzAuditEvent) event; + // Convert AuditEventBase to Solr document + SolrInputDocument document = toSolrDoc(authzEvent); + docs.add(document); + } + try { + UpdateResponse response = solrClient.add(docs); + if (response.getStatus() != 0) { + logFailedEvent(events, response.toString()); + } + } catch (SolrException ex) { + logFailedEvent(events, ex); + } + } catch (Throwable t) { + logError("Error sending message to Solr", t); + return false; + } + return true; + } + + /* + * (non-Javadoc) + * + * @see org.apache.ranger.audit.provider.AuditProvider#flush() + */ + @Override + public void flush() { + + } + + SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) { + SolrInputDocument doc = new SolrInputDocument(); + doc.addField("id", auditEvent.getEventId()); + doc.addField("access", auditEvent.getAccessType()); + doc.addField("enforcer", auditEvent.getAclEnforcer()); + doc.addField("agent", auditEvent.getAgentId()); + doc.addField("repo", auditEvent.getRepositoryName()); + doc.addField("sess", auditEvent.getSessionId()); + doc.addField("reqUser", auditEvent.getUser()); + doc.addField("reqData", auditEvent.getRequestData()); + doc.addField("resource", auditEvent.getResourcePath()); + doc.addField("cliIP", auditEvent.getClientIP()); + doc.addField("logType", auditEvent.getLogType()); + doc.addField("result", auditEvent.getAccessResult()); + doc.addField("policy", auditEvent.getPolicyId()); + doc.addField("repoType", auditEvent.getRepositoryType()); + doc.addField("resType", auditEvent.getResourceType()); + doc.addField("reason", auditEvent.getResultReason()); + doc.addField("action", auditEvent.getAction()); + doc.addField("evtTime", auditEvent.getEventTime()); + doc.addField("seq_num", auditEvent.getSeqNum()); + doc.setField("event_count", auditEvent.getEventCount()); + doc.setField("event_dur_ms", auditEvent.getEventDurationMS()); + + return doc; + } + + public boolean isAsync() { + return true; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java index 7b2b52b..d6ef318 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java @@ -26,6 +26,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.audit.destination.FileAuditDestination; import org.apache.ranger.audit.destination.HDFSAuditDestination; +import org.apache.ranger.audit.destination.SolrAuditDestination; import org.apache.ranger.audit.provider.hdfs.HdfsAuditProvider; import org.apache.ranger.audit.provider.kafka.KafkaAuditProvider; import org.apache.ranger.audit.provider.solr.SolrAuditProvider; @@ -142,6 +143,7 @@ public class AuditProviderFactory { } String value = props.getProperty(propName); if (value.equalsIgnoreCase("enable") + || value.equalsIgnoreCase("enabled") || value.equalsIgnoreCase("true")) { destNameList.add(destName); LOG.info("Audit destination " + propName + " is set to " @@ -409,7 +411,7 @@ public class AuditProviderFactory { } else if (providerName.equalsIgnoreCase("hdfs")) { provider = new HDFSAuditDestination(); } else if (providerName.equals("solr")) { - provider = new SolrAuditProvider(); + provider = new SolrAuditDestination(); } else if (providerName.equals("kafka")) { provider = new KafkaAuditProvider(); } else if (providerName.equals("db")) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java index 601650e..dd44def 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java @@ -136,14 +136,11 @@ public abstract class BaseAuditHandler implements AuditHandler { */ @Override public boolean logJSON(Collection<String> events) { - boolean ret = true; + List<AuditEventBase> eventList = new ArrayList<AuditEventBase>(); for (String event : events) { - ret = logJSON(event); - if (!ret) { - break; - } + eventList.add(MiscUtil.fromJson(event, AuthzAuditEvent.class)); } - return ret; + return log(eventList); } public void setName(String name) { @@ -155,10 +152,6 @@ public abstract class BaseAuditHandler implements AuditHandler { return providerName; } - public void logFailedEvent(AuditEventBase event) { - logFailedEvent(event, null); - } - public void logError(String msg) { long currTimeMS = System.currentTimeMillis(); if (currTimeMS - lastErrorLogMS > errorLogIntervalMS) { @@ -198,6 +191,10 @@ public abstract class BaseAuditHandler implements AuditHandler { return String.format("%03d milli-seconds", mSeconds); } + public void logFailedEvent(AuditEventBase event) { + logFailedEvent(event, ""); + } + public void logFailedEvent(AuditEventBase event, Throwable excp) { long now = System.currentTimeMillis(); @@ -228,12 +225,47 @@ public abstract class BaseAuditHandler implements AuditHandler { } } + public void logFailedEvent(Collection<AuditEventBase> events) { + logFailedEvent(events, ""); + } + public void logFailedEvent(Collection<AuditEventBase> events, Throwable excp) { for (AuditEventBase event : events) { logFailedEvent(event, excp); } } + public void logFailedEvent(AuditEventBase event, String message) { + long now = System.currentTimeMillis(); + + long timeSinceLastReport = now - mFailedLogLastReportTime.get(); + long countSinceLastReport = mFailedLogCountSinceLastReport + .incrementAndGet(); + long countLifeTime = mFailedLogCountLifeTime.incrementAndGet(); + + if (timeSinceLastReport >= mLogFailureReportMinIntervalInMs) { + mFailedLogLastReportTime.set(now); + mFailedLogCountSinceLastReport.set(0); + + LOG.warn("failed to log audit event: " + MiscUtil.stringify(event) + + ", errorMessage=" + message); + + if (countLifeTime > 1) { // no stats to print for the 1st failure + LOG.warn("Log failure count: " + countSinceLastReport + + " in past " + + formatIntervalForLog(timeSinceLastReport) + "; " + + countLifeTime + " during process lifetime"); + } + } + } + + public void logFailedEvent(Collection<AuditEventBase> events, + String errorMessage) { + for (AuditEventBase event : events) { + logFailedEvent(event, errorMessage); + } + } + public void logFailedEventJSON(String event, Throwable excp) { long now = System.currentTimeMillis(); @@ -267,5 +299,4 @@ public abstract class BaseAuditHandler implements AuditHandler { } } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java index 487da5a..f5b07be 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java @@ -369,9 +369,11 @@ public class MiscUtil { */ public static List<String> toArray(String destListStr, String delim) { List<String> list = new ArrayList<String>(); - StringTokenizer tokenizer = new StringTokenizer(destListStr, delim); - while (tokenizer.hasMoreTokens()) { - list.add(tokenizer.nextToken()); + if (destListStr != null && !destListStr.isEmpty()) { + StringTokenizer tokenizer = new StringTokenizer(destListStr, delim); + while (tokenizer.hasMoreTokens()) { + list.add(tokenizer.nextToken()); + } } return list; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java index 8ed07bd..8316c2b 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditBatchQueue.java @@ -294,7 +294,7 @@ public class AuditBatchQueue extends AuditQueue implements Runnable { isDestActive = false; } else { // We need to drop this event - logFailedEvent(localBatchBuffer, null); + logFailedEvent(localBatchBuffer); } } else { isDestActive = true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java index a1c32b9..1b9a921 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java @@ -213,7 +213,10 @@ public class AuditFileSpool implements Runnable { fileNamePrefix = queueProvider.getName() + "_" + consumerProvider.getName(); } - indexFileName = "index_" + fileNamePrefix + ".json"; + indexFileName = "index_" + fileNamePrefix + "_" + "%app-type%" + + ".json"; + indexFileName = MiscUtil.replaceTokens(indexFileName, + System.currentTimeMillis()); } indexFile = new File(logFolder, indexFileName); @@ -607,6 +610,11 @@ public class AuditFileSpool implements Runnable { } } saveIndexFile(); + // If there are no more files in the index, then let's assume the + // destination is now available + if (indexRecords.size() == 0) { + isPending = false; + } } synchronized void saveIndexFile() throws FileNotFoundException, IOException { @@ -743,6 +751,7 @@ public class AuditFileSpool implements Runnable { */ @Override public void run() { + // boolean isResumed = false; while (true) { try { // Let's pause between each iteration @@ -778,7 +787,6 @@ public class AuditFileSpool implements Runnable { int startLine = currentConsumerIndexRecord.linePosition; String line; int currLine = 0; - boolean isResumed = false; List<String> lines = new ArrayList<String>(); while ((line = br.readLine()) != null) { currLine++; @@ -791,15 +799,6 @@ public class AuditFileSpool implements Runnable { currentConsumerIndexRecord, currLine); if (!ret) { throw new Exception("Destination down"); - } else { - if (!isResumed) { - logger.info("Started writing to destination. file=" - + currentConsumerIndexRecord.filePath - + ", queueName=" - + queueProvider.getName() - + ", consumer=" - + consumerProvider.getName()); - } } lines.clear(); } @@ -809,15 +808,6 @@ public class AuditFileSpool implements Runnable { currentConsumerIndexRecord, currLine); if (!ret) { throw new Exception("Destination down"); - } else { - if (!isResumed) { - logger.info("Started writing to destination. file=" - + currentConsumerIndexRecord.filePath - + ", queueName=" - + queueProvider.getName() - + ", consumer=" - + consumerProvider.getName()); - } } lines.clear(); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java index 3e1940b..7922312 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditSummaryQueue.java @@ -208,7 +208,7 @@ public class AuditSummaryQueue extends AuditQueue implements Runnable { boolean ret = consumer.log(auditSummary.event); if (!ret) { // We need to drop this event - logFailedEvent(auditSummary.event, null); + logFailedEvent(auditSummary.event); } } summaryMap.clear(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java index 28796dd..9f9bd39 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java @@ -27,6 +27,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.audit.model.AuthzAuditEvent; import org.apache.ranger.audit.provider.AuditProviderFactory; +import org.apache.ranger.audit.provider.MiscUtil; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.policyengine.RangerAccessRequest; import org.apache.ranger.plugin.policyengine.RangerAccessResult; @@ -151,6 +152,17 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler { } if(auditEvent != null) { + if (auditEvent.getAgentHostname() == null || auditEvent.getAgentHostname().isEmpty()) { + auditEvent.setAgentHostname(MiscUtil.getHostname()); + } + + if (auditEvent.getLogType() == null || auditEvent.getLogType().isEmpty()) { + auditEvent.setLogType("RangerAudit"); + } + + if (auditEvent.getEventId() == null || auditEvent.getEventId().isEmpty()) { + auditEvent.setEventId(MiscUtil.generateUniqueId()); + } AuditProviderFactory.getAuditProvider().log(auditEvent); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/hbase-agent/conf/ranger-hbase-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/hbase-agent/conf/ranger-hbase-audit-changes.cfg b/hbase-agent/conf/ranger-hbase-audit-changes.cfg index 221d20a..b540e18 100644 --- a/hbase-agent/conf/ranger-hbase-audit-changes.cfg +++ b/hbase-agent/conf/ranger-hbase-audit-changes.cfg @@ -43,3 +43,20 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.provider.summary.enabled %XAAUDIT.SUMMARY.ENABLE% mod create-if-not-exists + +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/hbase-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties index 7ff29c9..9170f41 100644 --- a/hbase-agent/scripts/install.properties +++ b/hbase-agent/scripts/install.properties @@ -38,6 +38,37 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# AUDIT configuration with V3 properties + +#Should audit be summarized at source +XAAUDIT.SUMMARY.ENABLE=true + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hbase/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hbase/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hbase/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hbase/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg index 8d31016..93e7b86 100644 --- a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg +++ b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg @@ -42,3 +42,18 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/hdfs-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties index 2e1b61a..289117b 100644 --- a/hdfs-agent/scripts/install.properties +++ b/hdfs-agent/scripts/install.properties @@ -38,6 +38,33 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# AUDIT configuration with V3 properties +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/hive-agent/conf/ranger-hive-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/hive-agent/conf/ranger-hive-audit-changes.cfg b/hive-agent/conf/ranger-hive-audit-changes.cfg index 2d6d414..daa8b74 100644 --- a/hive-agent/conf/ranger-hive-audit-changes.cfg +++ b/hive-agent/conf/ranger-hive-audit-changes.cfg @@ -43,3 +43,18 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/hive-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties index 75b1b5d..9370600 100644 --- a/hive-agent/scripts/install.properties +++ b/hive-agent/scripts/install.properties @@ -38,6 +38,34 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# AUDIT configuration with V3 properties + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index b54f30f..0785ade 100644 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -94,6 +94,38 @@ POLICY_MGR_URL= # REPOSITORY_NAME=kmsdev +# AUDIT configuration with V3 properties + +#Should audit be summarized at source +XAAUDIT.SUMMARY.ENABLE=false + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/hdfs/spool + +# End of V3 properties + + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/knox-agent/conf/ranger-knox-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/knox-agent/conf/ranger-knox-audit-changes.cfg b/knox-agent/conf/ranger-knox-audit-changes.cfg index f97d10f..57858f7 100644 --- a/knox-agent/conf/ranger-knox-audit-changes.cfg +++ b/knox-agent/conf/ranger-knox-audit-changes.cfg @@ -43,3 +43,18 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/knox-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties index ecd9813..2fee7ee 100644 --- a/knox-agent/scripts/install.properties +++ b/knox-agent/scripts/install.properties @@ -41,6 +41,34 @@ REPOSITORY_NAME= # KNOX_HOME directory, would contain conf/, ext/ subdirectories KNOX_HOME= +# AUDIT configuration with V3 properties + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/knox/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/knox/audit/hdfs/spool + +# End of V3 properties + # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-kafka/conf/ranger-kafka-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg index 7c0c430..0445576 100644 --- a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg +++ b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg @@ -34,3 +34,20 @@ xasecure.audit.hdfs.config.local.archive.max.file.count %XAAUDIT.HDFS xasecure.audit.solr.is.enabled %XAAUDIT.SOLR.IS_ENABLED% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.provider.summary.enabled %XAAUDIT.SUMMARY.ENABLE% mod create-if-not-exists + +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-kafka/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties index 506c638..4e8cbf9 100644 --- a/plugin-kafka/scripts/install.properties +++ b/plugin-kafka/scripts/install.properties @@ -38,6 +38,37 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# AUDIT configuration with V3 properties + +#Should audit be summarized at source +XAAUDIT.SUMMARY.ENABLE=true + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/kafka/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/kafka/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-kms/conf/ranger-kms-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-kms/conf/ranger-kms-audit-changes.cfg b/plugin-kms/conf/ranger-kms-audit-changes.cfg index 2d6d414..f7d3543 100644 --- a/plugin-kms/conf/ranger-kms-audit-changes.cfg +++ b/plugin-kms/conf/ranger-kms-audit-changes.cfg @@ -43,3 +43,20 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.provider.summary.enabled %XAAUDIT.SUMMARY.ENABLE% mod create-if-not-exists + +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-solr/conf/ranger-solr-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg index 7c0c430..7e77a30 100644 --- a/plugin-solr/conf/ranger-solr-audit-changes.cfg +++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg @@ -34,3 +34,21 @@ xasecure.audit.hdfs.config.local.archive.max.file.count %XAAUDIT.HDFS xasecure.audit.solr.is.enabled %XAAUDIT.SOLR.IS_ENABLED% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + + +#V3 configuration +xasecure.audit.provider.summary.enabled %XAAUDIT.SUMMARY.ENABLE% mod create-if-not-exists + +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-solr/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index 6a84c19..6070968 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -38,6 +38,37 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# AUDIT configuration with V3 properties + +#Should audit be summarized at source +XAAUDIT.SUMMARY.ENABLE=true + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/solr/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/solr/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/solr/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/solr/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-yarn/conf/ranger-yarn-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg index e0dbea2..bfc2cd8 100644 --- a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg +++ b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg @@ -43,3 +43,18 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/plugin-yarn/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties index bbe9f7f..9358033 100644 --- a/plugin-yarn/scripts/install.properties +++ b/plugin-yarn/scripts/install.properties @@ -38,6 +38,32 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/storm-agent/conf/ranger-storm-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/storm-agent/conf/ranger-storm-audit-changes.cfg b/storm-agent/conf/ranger-storm-audit-changes.cfg index e0dbea2..bfc2cd8 100644 --- a/storm-agent/conf/ranger-storm-audit-changes.cfg +++ b/storm-agent/conf/ranger-storm-audit-changes.cfg @@ -43,3 +43,18 @@ xasecure.audit.solr.is.enabled %XAAUDIT.SOLR. xasecure.audit.solr.async.max.queue.size %XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists xasecure.audit.solr.async.max.flush.interval.ms %XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists + +#V3 configuration +xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists +xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists +xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists +xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists +xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists +xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists + +xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists +xasecure.audit.destination.hdfs.batch.filespool.dir %XAAUDIT.HDFS.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists + +#xasecure.audit.destination.file %XAAUDIT.FILE.ENABLE% mod create-if-not-exists +#xasecure.audit.destination.file.dir %XAAUDIT.FILE.DIR% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b8fe3e97/storm-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties index 0e476d6..0cee655 100644 --- a/storm-agent/scripts/install.properties +++ b/storm-agent/scripts/install.properties @@ -38,6 +38,34 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # REPOSITORY_NAME= +# AUDIT configuration with V3 properties + +# Enable audit logs to Solr +#Example +#XAAUDIT.SOLR.ENABLE=true +#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits +#XAAUDIT.SOLR.ZOOKEEPER= +#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/storm/audit/solr/spool + +XAAUDIT.SOLR.ENABLE=false +XAAUDIT.SOLR.URL=NONE +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/storm/audit/solr/spool + +# Enable audit logs to HDFS +#Example +#XAAUDIT.HDFS.ENABLE=true +#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit +#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/storm/audit/hdfs/spool + +XAAUDIT.HDFS.ENABLE=false +XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/storm/audit/hdfs/spool + +# End of V3 properties + # # AUDIT DB Configuration #
