Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 4568ff592 -> 72961093e
RANGER-673 : Setup changes to allow Ranger service to installed using custom service user Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/72961093 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/72961093 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/72961093 Branch: refs/heads/ranger-0.5 Commit: 72961093e55888b1148db3e4b8432fb9ffabd523 Parents: 4568ff5 Author: Gautam Borad <[email protected]> Authored: Tue Oct 6 17:07:10 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Sat Oct 10 12:04:14 2015 -0400 ---------------------------------------------------------------------- agents-common/scripts/enable-agent.sh | 28 +++++++++++++++++++++++++++- hbase-agent/scripts/install.properties | 13 +++++++++++++ hdfs-agent/scripts/install.properties | 13 +++++++++++++ hive-agent/scripts/install.properties | 13 +++++++++++++ kms/scripts/setup.sh | 7 ++++++- knox-agent/scripts/install.properties | 14 ++++++++++++++ plugin-kafka/scripts/install.properties | 14 ++++++++++++++ plugin-kms/scripts/enable-kms-plugin.sh | 28 +++++++++++++++++++++++++++- plugin-solr/scripts/install.properties | 14 ++++++++++++++ plugin-yarn/scripts/install.properties | 13 +++++++++++++ security-admin/scripts/set_globals.sh | 6 ++++++ security-admin/scripts/setup.sh | 11 +++++++++++ storm-agent/scripts/install.properties | 13 +++++++++++++ unixauthservice/scripts/set_globals.sh | 5 +++++ unixauthservice/scripts/setup.py | 20 ++++++++++++++++---- 15 files changed, 205 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/agents-common/scripts/enable-agent.sh ---------------------------------------------------------------------- diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh index 55130a5..f3db125 100755 --- a/agents-common/scripts/enable-agent.sh +++ b/agents-common/scripts/enable-agent.sh @@ -23,7 +23,7 @@ function getInstallProperty() { do if [ -f "${file}" ] then - propertyValue=`grep "^${propertyName}" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'` + propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'` if [ "${propertyValue}" != "" ] then break @@ -123,6 +123,32 @@ JAVA=$JAVA_HOME/bin/java HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME') + +CUSTOM_USER=$(getInstallProperty 'CUSTOM_USER') +CUSTOM_USER=${CUSTOM_USER// } + +CUSTOM_GROUP=$(getInstallProperty 'CUSTOM_GROUP') +CUSTOM_GROUP=${CUSTOM_GROUP// } + + + +if [ ! -z "${CUSTOM_USER}" ] && [ ! -z "${CUSTOM_GROUP}" ] +then + echo "Custom user and group is available, using custom user and group." + CFG_OWNER_INF="${CUSTOM_USER}:${CUSTOM_GROUP}" +elif [ ! -z "${CUSTOM_USER}" ] && [ -z "${CUSTOM_GROUP}" ] +then + echo "Custom user is available, using custom user and default group." + CFG_OWNER_INF="${CUSTOM_USER}:${HCOMPONENT_NAME}" +elif [ -z "${CUSTOM_USER}" ] && [ ! -z "${CUSTOM_GROUP}" ] +then + echo "Custom group is available, using default user and custom group." + CFG_OWNER_INF="${HCOMPONENT_NAME}:${CUSTOM_GROUP}" +else + echo "Custom user and group are not available, using default user and group." + CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" +fi + if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ] then HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/hbase-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties index 5df518a..795ea3e 100644 --- a/hbase-agent/scripts/install.properties +++ b/hbase-agent/scripts/install.properties @@ -161,3 +161,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit # UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false # UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=hbase + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=hadoop http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/hdfs-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties index fa21949..b4dda13 100644 --- a/hdfs-agent/scripts/install.properties +++ b/hdfs-agent/scripts/install.properties @@ -149,3 +149,16 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks SSL_KEYSTORE_PASSWORD=myKeyFilePassword SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks SSL_TRUSTSTORE_PASSWORD=changeit + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=hdfs + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=hadoop \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/hive-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties index 2e41a37..6b71a85 100644 --- a/hive-agent/scripts/install.properties +++ b/hive-agent/scripts/install.properties @@ -158,3 +158,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit # UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false # UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=hive + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=hadoop http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/kms/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh index e0c3136..96bf6a0 100755 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -538,7 +538,9 @@ setup_install_files(){ if [ -d /etc/init.d ]; then log "[I] Setting up init.d" cp ${INSTALL_DIR}/${RANGER_KMS}-initd /etc/init.d/${RANGER_KMS} - + if [ "${unix_user}" != "kms" ]; then + sed 's/LINUX_USER=kms/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_KMS} + fi chmod ug+rx /etc/init.d/${RANGER_KMS} if [ -d /etc/rc2.d ] @@ -584,6 +586,9 @@ setup_install_files(){ chown -R ${unix_user} ${KMS_DIR}/ews/logs fi + if [ -d ${KMS_DIR}/ews/logs ]; then + chown -R ${unix_user} ${KMS_DIR}/ews/logs + fi log "[I] Setting up installation files and directory DONE"; if [ ! -f ${INSTALL_DIR}/rpm ]; then http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/knox-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties index 506c53c..1febd49 100644 --- a/knox-agent/scripts/install.properties +++ b/knox-agent/scripts/install.properties @@ -152,3 +152,17 @@ SSL_KEYSTORE_FILE_PATH=/etc/knox/conf/ranger-plugin-keystore.jks SSL_KEYSTORE_PASSWORD=myKeyFilePassword SSL_TRUSTSTORE_FILE_PATH=/etc/knox/conf/ranger-plugin-truststore.jks SSL_TRUSTSTORE_PASSWORD=changeit + + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=knox + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=knox \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/plugin-kafka/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties index bc6481b..79ea6db 100644 --- a/plugin-kafka/scripts/install.properties +++ b/plugin-kafka/scripts/install.properties @@ -155,3 +155,17 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks SSL_KEYSTORE_PASSWORD=myKeyFilePassword SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks SSL_TRUSTSTORE_PASSWORD=changeit + + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=kafka + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=hadoop \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/plugin-kms/scripts/enable-kms-plugin.sh ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh index 53187f7..468d39e 100755 --- a/plugin-kms/scripts/enable-kms-plugin.sh +++ b/plugin-kms/scripts/enable-kms-plugin.sh @@ -23,7 +23,7 @@ function getInstallProperty() { do if [ -f "${file}" ] then - propertyValue=`grep "^${propertyName}" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'` + propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'` if [ "${propertyValue}" != "" ] then break @@ -118,6 +118,32 @@ JAVA=$JAVA_HOME/bin/java HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME') +unix_user=$(getInstallProperty 'unix_user') +unix_user=${unix_user// } + +unix_group=$(getInstallProperty 'unix_group') +unix_group=${unix_group// } + + + +if [ ! -z "${unix_user}" ] && [ ! -z "${unix_group}" ] +then + echo "Custom user and group is available, using custom user and group." + CFG_OWNER_INF="${unix_user}:${unix_group}" +elif [ ! -z "${unix_user}" ] && [ -z "${unix_group}" ] +then + echo "Custom user is available, using custom user and default group." + CFG_OWNER_INF="${unix_user}:${HCOMPONENT_NAME}" +elif [ -z "${unix_user}" ] && [ ! -z "${unix_group}" ] +then + echo "Custom group is available, using default user and custom group." + CFG_OWNER_INF="${HCOMPONENT_NAME}:${unix_group}" +else + echo "Custom user and group are not available, using default user and group." + CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" +fi + + if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ] then HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/plugin-solr/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index 9bc305b..a3d9887 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -155,3 +155,17 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks SSL_KEYSTORE_PASSWORD=myKeyFilePassword SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks SSL_TRUSTSTORE_PASSWORD=changeit + + + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=solr + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=solr \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/plugin-yarn/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties index 01f733d..3780068 100644 --- a/plugin-yarn/scripts/install.properties +++ b/plugin-yarn/scripts/install.properties @@ -147,3 +147,16 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks SSL_KEYSTORE_PASSWORD=myKeyFilePassword SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks SSL_TRUSTSTORE_PASSWORD=changeit + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=yarn + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=hadoop http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/security-admin/scripts/set_globals.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/set_globals.sh b/security-admin/scripts/set_globals.sh index 2c00aed..9a4159c 100755 --- a/security-admin/scripts/set_globals.sh +++ b/security-admin/scripts/set_globals.sh @@ -91,5 +91,11 @@ if [ ! -d /var/log/ranger/admin ]; then chmod 755 /var/log/ranger/admin chown -R $unix_user:$unix_group /var/log/ranger fi + +if [ -d /var/log/ranger/admin ]; then + chown -R $unix_user:$unix_group /var/log/ranger/admin +fi + + mv -f ews/logs ews/webapp/logs.$curDt 2> /dev/null ln -sf /var/log/ranger/admin ews/logs http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 71c424c..9710706 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -1516,6 +1516,10 @@ setup_install_files(){ chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf fi + if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then + chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf + fi + if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib" mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib @@ -1525,6 +1529,9 @@ setup_install_files(){ if [ -d /etc/init.d ]; then log "[I] Setting up init.d" cp ${INSTALL_DIR}/ews/${RANGER_ADMIN_INITD} /etc/init.d/${RANGER_ADMIN} + if [ "${unix_user}" != "ranger" ]; then + sed 's/LINUX_USER=ranger/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN} + fi chmod ug+rx /etc/init.d/${RANGER_ADMIN} @@ -1571,6 +1578,10 @@ setup_install_files(){ chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs fi + if [ -d ${XAPOLICYMGR_DIR}/ews/logs ]; then + chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs + fi + log "[I] Setting up installation files and directory DONE"; if [ ! -f ${INSTALL_DIR}/rpm ]; then http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/storm-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties index 82f17af..f2aa5c4 100644 --- a/storm-agent/scripts/install.properties +++ b/storm-agent/scripts/install.properties @@ -149,3 +149,16 @@ SSL_KEYSTORE_FILE_PATH=/etc/storm/conf/ranger-plugin-keystore.jks SSL_KEYSTORE_PASSWORD=myKeyFilePassword SSL_TRUSTSTORE_FILE_PATH=/etc/storm/conf/ranger-plugin-truststore.jks SSL_TRUSTSTORE_PASSWORD=changeit + +# +# Custom component user +# CUSTOM_COMPONENT_USER=<custom-user> +# keep blank if component user is default +CUSTOM_USER=storm + + +# +# Custom component group +# CUSTOM_COMPONENT_GROUP=<custom-group> +# keep blank if component group is default +CUSTOM_GROUP=hadoop http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/unixauthservice/scripts/set_globals.sh ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/set_globals.sh b/unixauthservice/scripts/set_globals.sh index c77fbf9..c92dfdc 100755 --- a/unixauthservice/scripts/set_globals.sh +++ b/unixauthservice/scripts/set_globals.sh @@ -89,5 +89,10 @@ if [ ! -d /var/log/ranger/usersync ]; then chmod 755 /var/log/ranger/usersync chown -R $unix_user:$unix_group /var/log/ranger fi + +if [ -d /var/log/ranger/usersync ]; then + chown -R $unix_user:$unix_group /var/log/ranger/usersync +fi + mv -f logs logs.$curDt 2> /dev/null ln -sf /var/log/ranger/usersync logs http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/72961093/unixauthservice/scripts/setup.py ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py index 5ba50d3..31c486e 100755 --- a/unixauthservice/scripts/setup.py +++ b/unixauthservice/scripts/setup.py @@ -232,13 +232,25 @@ def createGroup(groupname): print "ERROR: Unable to create a new group: %s" % (groupname,e) sys.exit(1) -def initializeInitD(): +def initializeInitD(ownerName): if (os.path.isdir(initdDirName)): fn = join(installPropDirName,initdProgramName) initdFn = join(initdDirName,initdProgramName) shutil.copy(fn, initdFn) - os.chmod(initdFn,0550) - rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ] + if (ownerName != 'ranger'): + f = open(initdFn,'r') + filedata = f.read() + f.close() + find_str = "LINUX_USER=ranger" + replace_str = "LINUX_USER="+ ownerName + newdata = filedata.replace(find_str,replace_str) + + f = open(initdFn,'w') + f.write(newdata) + f.close() + + os.chmod(initdFn,0550) + rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ] for rcDir in rcDirList: if (os.path.isdir(rcDir)): for prefix in initPrefixList: @@ -365,7 +377,7 @@ def main(): os.chown(pidFolderName,ownerId,groupId) os.chown(rangerBaseDirName,ownerId,groupId) - initializeInitD() + initializeInitD(ownerName) # # Add password to crypt path
