Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 a5ea6e3c6 -> 5a626203b
RANGER-741 : Fix installation script to skip Audit DB password check if audit source is SOLR Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/5a626203 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/5a626203 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/5a626203 Branch: refs/heads/ranger-0.5 Commit: 5a626203b93db7bfeb76ad1d0c96aafab624868c Parents: a5ea6e3 Author: Gautam Borad <[email protected]> Authored: Wed Nov 25 09:29:04 2015 +0530 Committer: Gautam Borad <[email protected]> Committed: Fri Nov 27 11:54:05 2015 +0530 ---------------------------------------------------------------------- kms/scripts/dba_script.py | 8 ++--- security-admin/scripts/dba_script.py | 26 +++++++-------- security-admin/scripts/setup.sh | 54 ++++++++++++++++++++----------- 3 files changed, 53 insertions(+), 35 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a626203/kms/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py index 06a6a8c..1e039e5 100755 --- a/kms/scripts/dba_script.py +++ b/kms/scripts/dba_script.py @@ -492,11 +492,11 @@ class OracleConf(BaseDB): # Assign default tablespace db_name get_cmd = self.get_jisql_cmd(root_user , db_root_password) if os_name == "LINUX": - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) + query = get_cmd +" -c \; -query 'alter user %s DEFAULT Tablespace %s;'" %(db_user, db_name) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name) + query = get_cmd +" -query \"alter user %s DEFAULT Tablespace %s;\" -c ;" %(db_user, db_name) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -519,7 +519,7 @@ class OracleConf(BaseDB): log("[E] Assigning default tablespace to user '" + db_user + "' failed..", "error") sys.exit(1) else: - logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password, db_name)) + logFile("alter user %s DEFAULT Tablespace %s;" %(db_user, db_name)) logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) @@ -548,7 +548,7 @@ class OracleConf(BaseDB): logFile('create user %s identified by "%s";'%(db_user, db_password)) logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user)) logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) - logFile('alter user %s identified by "%s" DEFAULT Tablespace %s;'%(db_user, db_password, db_name)) + logFile('alter user %s DEFAULT Tablespace %s;'%(db_user, db_name)) logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user)) class PostgresConf(BaseDB): http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a626203/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 5564737..66b2848 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -519,11 +519,11 @@ class OracleConf(BaseDB): # Assign default tablespace db_name get_cmd = self.get_jisql_cmd(root_user , db_root_password) if os_name == "LINUX": - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) + query = get_cmd +" -c \; -query 'alter user %s DEFAULT Tablespace %s;'" %(db_user, db_name) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name) + query = get_cmd +" -query \"alter user %s DEFAULT Tablespace %s;\" -c ;" %(db_user, db_name) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -546,7 +546,7 @@ class OracleConf(BaseDB): log("[E] Assigning default tablespace to user '" + db_user + "' failed..", "error") sys.exit(1) else: - logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(db_user, db_password, db_name)) + logFile("alter user %s DEFAULT Tablespace %s;" %(db_user, db_name)) logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) @@ -609,11 +609,11 @@ class OracleConf(BaseDB): # Assign default tablespace db_name get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) if os_name == "LINUX": - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name) + query = get_cmd +" -c \; -query 'alter user %s DEFAULT Tablespace %s;'" %(audit_db_user, db_name) jisql_log(query, audit_db_root_password) ret1 = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, db_name) + query = get_cmd +" -query \"alter user %s DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, db_name) jisql_log(query, audit_db_root_password) ret1 = subprocess.call(query) @@ -621,11 +621,11 @@ class OracleConf(BaseDB): # Assign default tablespace audit_db_name get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) if os_name == "LINUX": - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name) + query = get_cmd +" -c \; -query 'alter user %s DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_name) jisql_log(query, audit_db_root_password) ret2 = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, audit_db_name) + query = get_cmd +" -query \"alter user %s DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_name) jisql_log(query, audit_db_root_password) ret2 = subprocess.call(query) @@ -647,8 +647,8 @@ class OracleConf(BaseDB): else: return False else: - logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, db_name)) - logFile("alter user %s identified by \"%s\" DEFAULT Tablespace %s;" %(audit_db_user, audit_db_password, audit_db_name)) + logFile("alter user %s DEFAULT Tablespace %s;" %(audit_db_user, db_name)) + logFile("alter user %s DEFAULT Tablespace %s;" %(audit_db_user, audit_db_name)) logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode): @@ -762,12 +762,12 @@ class OracleConf(BaseDB): logFile('create user %s identified by "%s";'%(db_user, db_password)) logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user)) logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) - logFile('alter user %s identified by "%s" DEFAULT tablespace %s;'%(db_user, db_password, db_name)) + logFile('alter user %s DEFAULT tablespace %s;'%(db_user, db_name)) if not db_user == audit_db_user: logFile('create user %s identified by "%s";'%(audit_db_user, audit_db_password)) logFile('GRANT CREATE SESSION TO %s;' %(audit_db_user)) logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name)) - logFile('alter user %s identified by "%s" DEFAULT tablespace %s;' %(audit_db_user, audit_db_password, audit_db_name)) + logFile('alter user %s DEFAULT tablespace %s;' %(audit_db_user, audit_db_name)) logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user)) class PostgresConf(BaseDB): @@ -1781,8 +1781,6 @@ def main(argv): password_validation(xa_db_root_password,"DBA root"); log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info") password_validation(db_password,"admin"); - log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info") - password_validation(audit_db_password,"audit"); # Methods Begin if DBA_MODE == "TRUE" : if (dryMode==True): @@ -1800,6 +1798,8 @@ def main(argv): xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same if audit_store == "db": + log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info") + password_validation(audit_db_password,"audit"); log("[I] ---------- Verifying/Creating audit user --------- ","info") audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info") http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/5a626203/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 36696a0..a213b33 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -345,9 +345,12 @@ update_properties() { newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${db_name}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.url - newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + if [ "${audit_store}" == "db" ] + then + propertyName=ranger.jpa.audit.jdbc.url + newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi propertyName=ranger.jpa.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" @@ -379,8 +382,11 @@ update_properties() { fi updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.url - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + if [ "${audit_store}" == "db" ] + then + propertyName=ranger.jpa.audit.jdbc.url + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi propertyName=ranger.jpa.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" @@ -409,9 +415,12 @@ update_properties() { newPropertyValue="jdbc:postgresql://${DB_HOST}/${db_name}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.url - newPropertyValue="jdbc:postgresql://${DB_HOST}/${audit_db_name}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + if [ "${audit_store}" == "db" ] + then + propertyName=ranger.jpa.audit.jdbc.url + newPropertyValue="jdbc:postgresql://${DB_HOST}/${audit_db_name}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi propertyName=ranger.jpa.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform" @@ -436,9 +445,12 @@ update_properties() { newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${db_name}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.url - newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${audit_db_name}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + if [ "${audit_store}" == "db" ] + then + propertyName=ranger.jpa.audit.jdbc.url + newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${audit_db_name}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi propertyName=ranger.jpa.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform" @@ -463,9 +475,12 @@ update_properties() { newPropertyValue="jdbc:sqlanywhere:database=${db_name};host=${DB_HOST}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.url - newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + if [ "${audit_store}" == "db" ] + then + propertyName=ranger.jpa.audit.jdbc.url + newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi propertyName=ranger.jpa.jdbc.dialect newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform" @@ -507,9 +522,12 @@ update_properties() { newPropertyValue="${db_user}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.user - newPropertyValue="${audit_db_user}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + if [ "${audit_store}" == "db" ] + then + propertyName=ranger.jpa.audit.jdbc.user + newPropertyValue="${audit_db_user}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi ########## keystore="${cred_keystore_filename}" @@ -555,7 +573,7 @@ update_properties() { fi ########### - if [ "${audit_store}" != "solr" ] + if [ "${audit_store}" == "db" ] then audit_db_password_alias=ranger.auditdb.password
