Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 ba0d2e38c -> 262da5a45
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/setup.sh b/security-admin/contrib/solr_for_audit_setup/setup.sh new file mode 100755 index 0000000..11d5501 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/setup.sh @@ -0,0 +1,421 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#This script downloads Solr (optional) and sets up Solr for Ranger Audit Server +curr_dir=`pwd` + +. ./install.properties + +#Current timestamp +ts=$(date +"%m%d%y%H%M%S") + +#Validate all variables +check_java_version() { + #Check for JAVA_HOME + if [ "${JAVA_HOME}" == "" ]; then + echo "Error: JAVA_HOME environment property not defined, aborting installation." + exit 1 + fi + + export JAVA_BIN=${JAVA_HOME}/bin/java + + if [ ! -x ${JAVA_BIN} ]; then + echo "Error: '${JAVA_BIN}' command not found" + exit 1; + fi + + version=$("$JAVA_BIN" -version 2>&1 | awk -F '"' '/version/ {print $2}') + major=`echo ${version} | cut -d. -f1` + minor=`echo ${version} | cut -d. -f2` + if [[ "${major}" == 1 && "${minor}" < 7 ]] ; then + echo "Error: Java 1.7 or above is required, current java version is $version" + exit 1; + fi +} + +#Check Java version. Minimum JDK 1.7 is needed +check_java_version + +if [ "$SOLR_INSTALL_FOLDER" = "" ]; then + echo "Error: SOLR_INSTALL_FOLDER not set" + exit 1 +fi + +if [ "$SOLR_RANGER_HOME" = "" ]; then + echo "Error: SOLR_RANGER_HOME not set" + exit 1 +fi + +if [ "$SOLR_RANGER_PORT" = "" ]; then + echo "Error: SOLR_RANGER_PORT not set" + exit 1 +fi + +if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then + if [ "$SOLR_RANGER_DATA_FOLDER" = "" ]; then + echo "Error: SOLR_RANGER_DATA_FOLDER not set" + exit 1 + fi +else + if [ "$SOLR_ZK" = "" ]; then + echo "Error: SOLR_ZK not set" + exit 1 + fi +fi + +if [ "$SOLR_USER" = "" ]; then + SOLR_USER=solr +fi + +if [ "$SOLR_RANGER_COLLECTION" = "" ]; then + SOLR_RANGER_COLLECTION=ranger_audits +fi + +curr_user=`whoami` +is_root=0 +if [ -w /etc/passwd ]; then + is_root=1 +fi + + +if [ "$SOLR_INSTALL" = "true" -a $is_root -eq 0 ]; then + echo "Error: Solr will be installed only if run as root. Please download and install before continuing" + exit 1 +fi + +if [ "$SOLR_INSTALL" = "true" -a "$SOLR_DOWNLOAD_URL" = "" ]; then + echo "Error: If SOLR_INSTALL=true, then SOLR_DOWNLOAD_URL can't be empty" + exit 1 +fi + +if [ "$SOLR_LOG_FOLDER" = "logs" ]; then + NEW_SOLR_LOG_FOLDER=$SOLR_INSTALL/server/${$SOLR_LOG_FOLDER} + echo "`date`|INFO|Changing SOLR_LOG_FOLDER from $SOLR_LOG_FOLDER to $NEW_SOLR_LOG_FOLDER" + SOLR_LOG_FOLDER=$NEW_SOLR_LOG_FOLDER +fi + +function run_root_usage { + echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER" + echo "sudo mkdir -p $SOLR_RANGER_HOME" + echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME" + if [ "$SOLR_LOG_FOLDER" != "logs" ]; then + echo "sudo mkdir -p $SOLR_LOG_FOLDER" + echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_LOG_FOLDER" + fi +} + +if [ $is_root -ne 1 ]; then + if [ "$SOLR_USER" != "$curr_user" ]; then + echo "`date`|ERROR|You need to run this script as root or as user $SOLR_USER" + echo "If you need to run as $SOLR_USER, then first execute the following commands as root or sudo" + id $SOLR_USER 2>&1 > /dev/null + if [ $? -ne 0 ]; then + echo "sudo adduser $SOLR_USER" + fi + run_root_usage + exit 1 + fi + + #Let's make $curr_user has permission to write to $SOLR_RANGER_HOME and also chown + mkdir -p $SOLR_RANGER_HOME 2> /dev/null + if [ ! -d $SOLR_RANGER_HOME ]; then + echo "`date`|ERROR|Solr Ranger Home folder <$SOLR_RANGER_HOME> could not be created. Current user is $curr_user" + run_root_usage + exit 1 + fi + + test_file=${SOLR_RANGER_HOME}/testfile_${ts}.txt + touch $test_file 2> /dev/null + if [ $? -ne 0 ]; then + echo "`date`|ERROR|User $curr_user doesn't have permission to write to $SOLR_RANGER_HOME." + run_root_usage + exit 1 + fi + + chown $SOLR_USER:$SOLR_USER $test_file 2> /dev/null + if [ $? -ne 0 ]; then + echo "`date`|ERROR|User $curr_user doesn't have permission chown to $SOLR_USER in $SOLR_RANGER_HOME" + run_root_usage + exit 1 + fi + rm -f $test_file + + #Solr on first time startup, it creates the webapp folder. So the $SOLR_USER needs permission to create webapp + test_file=$SOLR_INSTALL_FOLDER/testfile_${ts}.txt + touch $test_file 2> /dev/null + if [ $? -ne 0 ]; then + echo "`date`|ERROR|User $curr_user doesn't have write permission to $SOLR_INSTALL_FOLDER" + run_root_usage + exit 1 + fi + rm -f $test_file + + #Let's make $curr_user has permission to write to logs folder + mkdir -p $SOLR_LOG_FOLDER 2> /dev/null + if [ ! -d $SOLR_LOG_FOLDER ]; then + echo "`date`|ERROR|Log folder <$SOLR_LOG_FOLDER> could not be created. Current user is $curr_user" + run_root_usage + exit 1 + fi + + test_file=$SOLR_LOG_FOLDER/testfile_${ts}.txt + touch $test_file 2> /dev/null + if [ $? -ne 0 ]; then + echo "`date`|ERROR|User $curr_user doesn't have permission to write to log folder $SOLR_LOG_FOLDER" + run_root_usage + exit 1 + fi + rm -f $test_file +fi + + +if [ -d $SOLR_RANGER_HOME ]; then + #echo "`date`|WARN|Solr Ranger Home <$SOLR_RANGER_HOME> exists. Moving to ${SOLR_RANGER_HOME}.bk.${ts}" + echo "`date`|INFO|Solr Ranger Home <$SOLR_RANGER_HOME> exists. Will overwrite configurations" + #mv $SOLR_RANGER_HOME ${SOLR_RANGER_HOME}.bk.${ts} +fi + + +#Download and install Solr if needed +if [ "$SOLR_INSTALL" = "true" ]; then + if [ ! -x `which wget 2> /dev/null` ]; then + echo "Error: wget is not found in the path. Please install wget" + exit + fi + + if [ -d $SOLR_INSTALL_FOLDER ]; then + echo "`date`|WARN|$SOLR_INSTALL_FOLDER exists. This script will overwrite some files" + fi + + echo "`date`|INFO|Downloading solr from $SOLR_DOWNLOAD_URL" + #Temporary create a folder to untar the folder + tmp_folder=/tmp/solr_untar_${ts} + mkdir -p ${tmp_folder} + cd ${tmp_folder} + wget $SOLR_DOWNLOAD_URL + #Assuming this is a new folder and there will be only one file + tgz_file=`ls *z` + if [ ! -f $tgz_file ]; then + echo "`date`|ERROR|Downloaded file <`pwd`/$tgz_file> not found" + exit 1 + fi + + mkdir tmp + tar xfz $tgz_file -C tmp + cd tmp + + #Assuming there will only one folder begining with "s" + solr_folder=`ls | grep "^solr"` + + if [ ! -d $solr_folder ]; then + echo "`date`|ERROR|Solr temporary folder `pwd`/<$solr_folder> not found" + exit 1 + fi + + if [ -d $SOLR_INSTALL_FOLDER ]; then + echo "`date`|WARN|$SOLR_INSTALL_FOLDER exists. Moving to ${SOLR_INSTALL_FOLDER}.bk.${ts}" + mv $SOLR_INSTALL_FOLDER ${SOLR_INSTALL_FOLDER}.bk.${ts} + fi + + mv $solr_folder $SOLR_INSTALL_FOLDER + rm -rf $tmp_folder + echo "`date`|INFO|Installed Solr in $SOLR_INSTALL_FOLDER" +fi + +if [ ! -d $SOLR_INSTALL_FOLDER ]; then + echo "`date`|ERROR|$SOLR_INSTALL_FOLDER not found. Check \$SOLR_INSTALL_FOLDER" + exit 1 +fi + +if [ ! -x $SOLR_INSTALL_FOLDER/bin/solr ]; then + echo "`date`|ERROR|Solr doesn't seem to be installed properly. $SOLR_INSTALL_FOLDER/bin/solr doesn't exist. Please check $SOLR_INSTALL_FOLDER" + exit 1 +fi + +########## At this point, we have the Solr installed folder #### + +######### Copy the Solr config file for Ranger ###### +cd $curr_dir + +mkdir -p $SOLR_RANGER_HOME/resources +cp -r resources/* $SOLR_RANGER_HOME/resources + +if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then + echo "`date`|INFO|Configuring standalone instance" + echo "`date`|INFO|Copying Ranger Audit Server configuration to $SOLR_RANGER_HOME" + cp -r solr_standalone/* $SOLR_RANGER_HOME + mkdir -p $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/conf + cp -r conf/* $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/conf + sed "s#__RANGER_AUDITS_DATA_FOLDER__#$SOLR_RANGER_DATA_FOLDER#g" $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/core.properties.template > $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/core.properties + sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_MAX_MEM__#$SOLR_MAX_MEM#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_RANGER_HOME__#$SOLR_RANGER_HOME#g" -e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/scripts/start_solr.sh.template > $SOLR_RANGER_HOME/scripts/start_solr.sh + +else + + echo "`date`|INFO|Configuring SolrCloud instance" + cp -r solr_cloud/* $SOLR_RANGER_HOME + mkdir -p $SOLR_RANGER_HOME/conf + cp -r conf/* $SOLR_RANGER_HOME/conf + + #Get the first ZooKeeper host:port/path + FIRST_SOLR_ZK=$(IFS="," ; set -- $SOLR_ZK ; echo $1) + + sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_MAX_MEM__#$SOLR_MAX_MEM#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_RANGER_HOME__#$SOLR_RANGER_HOME#g" -e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" -e "s#__SOLR_ZK__#$SOLR_ZK#g" -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/scripts/start_solr.sh.template > $SOLR_RANGER_HOME/scripts/start_solr.sh + + sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_RANGER_HOME__#$SOLR_RANGER_HOME#g" -e "s#__SOLR_ZK__#$FIRST_SOLR_ZK#g" $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh.template > $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh + sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_ZK__#$SOLR_ZK#g" -e "s#__SOLR_HOST_URL__#$SOLR_HOST_URL#g" -e "s#__SOLR_SHARDS__#$SOLR_SHARDS#g" -e "s#__SOLR_REPLICATION__#$SOLR_REPLICATION#g" $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh.template > $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh + sed -e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" $SOLR_RANGER_HOME/solr.xml.template > $SOLR_RANGER_HOME/solr.xml +fi + +#Common overrides +sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/scripts/stop_solr.sh.template > $SOLR_RANGER_HOME/scripts/stop_solr.sh +sed -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/resources/log4j.properties.template > $SOLR_RANGER_HOME/resources/log4j.properties + + +#Let's make all ownership is given to $SOLR_USER +if [ $is_root -eq 1 ]; then + #Let's see if $SOLR_USER exists. + id $SOLR_USER 2>&1 > /dev/null + if [ $? -ne 0 ]; then + echo "`date`|INFO|Creating user $SOLR_USER" + adduser $SOLR_USER + fi + + chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER + mkdir -p $SOLR_RANGER_HOME + chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME + mkdir -p $SOLR_LOG_FOLDER + chown -R $SOLR_USER:$SOLR_USER $SOLR_LOG_FOLDER +else + chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME +fi +chmod a+x $SOLR_RANGER_HOME/scripts/*.sh + +SOLR_INSTALL_NOTES=$SOLR_RANGER_HOME/install_notes.txt +echo "Solr installation notes for Ranger Audits." > $SOLR_INSTALL_NOTES + +cat > $SOLR_INSTALL_NOTES <<EOF +Solr installation notes for Ranger Audits. + +Note: Don't edit this file. It will be over written if you run $0 again. + +EOF + +if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then +cat >> $SOLR_INSTALL_NOTES <<EOF +You have installed Solr in standalone mode. + +Note: In production deployment, it is recommended to run in SolrCloud mode with at least 2 nodes and replication factor 2 + +EOF +else + +cat >> $SOLR_INSTALL_NOTES <<EOF +You have installed Solr in SolrCloud mode. You will have to do additional steps to create the collections for Ranger Audit. See below for instructions: +EOF + + if [ "$SOLR_REPLICATION" = "1" ]; then +cat >> $SOLR_INSTALL_NOTES <<EOF + +Note: In production deployment, it is recommended to run in SolrCloud mode with at least 2 nodes with replication factor 2 +EOF + fi + +cat >> $SOLR_INSTALL_NOTES <<EOF + +*** IMPORTANT *** +For configuring SolrCloud, you need to do the following: +EOF + +if [ "$SOLR_REPLICATION" != "1" ]; then + cat >> $SOLR_INSTALL_NOTES <<EOF +1. Using $0 script install and configure Solr for Ranger Audits on all other nodes also (don't start it yet) +2. Execute $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh (only once from any node) +3. Start Solr on all nodes: $SOLR_RANGER_HOME/scripts/start_solr.sh +4. Create Ranger Audit collection: $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh (only once from any node) + +EOF +else + cat >> $SOLR_INSTALL_NOTES <<EOF +1. Add Ranger Audit config to ZooKeeper: $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh +2. Start Solr: $SOLR_RANGER_HOME/scripts/start_solr.sh +3. Create Ranger Audit collection: $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh + +EOF + +fi +fi + +cat >> $SOLR_INSTALL_NOTES <<EOF +Start and Stoping Solr: +EOF + +if [ "$SOLR_USER" != "root" ]; then + cat >> $SOLR_INSTALL_NOTES <<EOF +Login as user $SOLR_USER or root and the run the below commands to start or stop Solr: +EOF +else + cat >> $SOLR_INSTALL_NOTES <<EOF +Login as root and the run the below commands to start or stop Solr: +EOF + +fi + +cat >> $SOLR_INSTALL_NOTES <<EOF + +To start Solr run: $SOLR_RANGER_HOME/scripts/start_solr.sh +To stop Solr run: $SOLR_RANGER_HOME/scripts/stop_solr.sh + +After starting Solr for RangerAudit, Solr will listen at $SOLR_RANGER_PORT. E.g http://`hostname -f`:$SOLR_RANGER_PORT + +Configure Ranger to use the following URL http://`hostname -f`:$SOLR_RANGER_PORT/solr/${SOLR_RANGER_COLLECTION} + +Solr HOME for Ranger Audit is $SOLR_RANGER_HOME + +EOF + +if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then +cat >> $SOLR_INSTALL_NOTES <<EOF +DATA FOLDER: $SOLR_RANGER_DATA_FOLDER + +Make sure you have enough disk space for index. In production, it is recommended to have at least 1TB free. +`df -h $SOLR_RANGER_DATA_FOLDER` +EOF +else +cat >> $SOLR_INSTALL_NOTES <<EOF +SOLR_REPLICATION: $SOLR_REPLICATION +SOLR_SHARDS: $SOLR_SHARDS +DATA FOLDERS: $SOLR_RANGER_HOME/ranger_audits_shard* + +Make sure you have enough disk space for index. In production, it is recommended to have at least 1TB free. +`df -h $SOLR_RANGER_HOME` +EOF +fi + +echo "`date`|INFO|Done configuring Solr for Apache Ranger Audit" +echo "`date`|INFO|Solr HOME for Ranger Audit is $SOLR_RANGER_HOME" +if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then + echo "`date`|INFO|Data folder for Audit logs is $SOLR_RANGER_DATA_FOLDER" +fi +echo "`date`|INFO|To start Solr run $SOLR_RANGER_HOME/scripts/start_solr.sh" +echo "`date`|INFO|To stop Solr run $SOLR_RANGER_HOME/scripts/stop_solr.sh" +echo "`date`|INFO|After starting Solr for RangerAudit, it will listen at $SOLR_RANGER_PORT. E.g http://`hostname -f`:$SOLR_RANGER_PORT" +echo "`date`|INFO|Configure Ranger to use the following URL http://`hostname -f`:$SOLR_RANGER_PORT/solr/${SOLR_RANGER_COLLECTION}" +if [ "$SOLR_DEPLOYMENT" = "solrcloud" ]; then + echo "`date`|INFO|Please refer to $SOLR_INSTALL_NOTES for instructions for setting up collections in SolrCloud" +fi +echo "########## Done ###################" +echo "Created file $SOLR_INSTALL_NOTES with instructions to start and stop" +echo "###################################" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template new file mode 100755 index 0000000..3d70106 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template @@ -0,0 +1,63 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#This scripts add the ranger_audit configuration with schema to zookeeper + +function usage { + echo "Error: The following properties need to be set in the script SOLR_ZK, SOLR_INSTALL_DIR and SOLR_RANGER_HOME" + exit 1 +} + +JAVA_HOME=__JAVA_HOME__ +SOLR_USER=__SOLR_USER__ +SOLR_ZK=__SOLR_ZK__ +SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__ +SOLR_RANGER_HOME=__SOLR_RANGER_HOME__ + +if [ "`whoami`" != "$SOLR_USER" ]; then + if [ -w /etc/passwd ]; then + echo "Running this script as $SOLR_USER..." + su $SOLR_USER $0 + else + echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running it as `whoami`" + fi + + exit 1 +fi + +if [ "$SOLR_ZK" = "" ]; then + usage +fi + +if [ "$SOLR_INSTALL_DIR" = "" ]; then + usage +fi + +if [ "$SOLR_RANGER_HOME" = "" ]; then + usage +fi + +SOLR_RANGER_CONFIG_NAME=ranger_audits +SOLR_RANGER_CONFIG_LOCAL_PATH=${SOLR_RANGER_HOME}/conf +ZK_CLI=$SOLR_INSTALL_DIR/server/scripts/cloud-scripts/zkcli.sh + + +if [ ! -x $ZK_CLI ]; then + echo "Error: $ZK_CLI is not found or you don't have permission to execute it." + exit 1 +fi +set -x +$ZK_CLI -cmd upconfig -zkhost $SOLR_ZK -confname $SOLR_RANGER_CONFIG_NAME -confdir $SOLR_RANGER_CONFIG_LOCAL_PATH http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template new file mode 100755 index 0000000..c44255c --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template @@ -0,0 +1,33 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +SOLR_HOST_URL=__SOLR_HOST_URL__ +SOLR_ZK=__SOLR_ZK__ +SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__ +SHARDS=__SOLR_SHARDS__ +REPLICATION=__SOLR_REPLICATION__ + +CONF_NAME=ranger_audits +COLLECTION_NAME=ranger_audits + +which curl 2>&1 > /dev/null +if [ $? -ne 0 ]; then + echo "curl is not fould. Please install it for creating the collection" + exit 1 +fi + +set -x +curl --negotiate -u : "${SOLR_HOST_URL}/solr/admin/collections?action=CREATE&name=${COLLECTION_NAME}&numShards=${SHARDS}&replicationFactor=${REPLICATION}&collection.configName=$CONF_NAME&maxShardsPerNode=100" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template new file mode 100755 index 0000000..f5a327e --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template @@ -0,0 +1,39 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +JAVA_HOME=__JAVA_HOME__ +SOLR_USER=__SOLR_USER__ +SOLR_ZK=__SOLR_ZK__ +SOLR_MEMORY=__SOLR_MAX_MEM__ +SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__ +SOLR_RANGER_HOME=__SOLR_RANGER_HOME__ +SOLR_PORT=__SOLR_PORT__ +SOLR_LOG4J_FILEPATH=$SOLR_RANGER_HOME/resources/log4j.properties + +export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__ + +if [ "`whoami`" != "$SOLR_USER" ]; then + if [ -w /etc/passwd ]; then + echo "Running this script as $SOLR_USER..." + su $SOLR_USER $0 + else + echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running it as `whoami`" + fi + + exit 1 +fi + +$SOLR_INSTALL_DIR/bin/solr start -p $SOLR_PORT -d $SOLR_INSTALL_DIR/server -m $SOLR_MEMORY -s $SOLR_RANGER_HOME -Dlog4j.configuration=file://$SOLR_LOG4J_FILEPATH -c -z $SOLR_ZK http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template new file mode 100755 index 0000000..5b85c25 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template @@ -0,0 +1,35 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +JAVA_HOME=__JAVA_HOME__ +SOLR_USER=__SOLR_USER__ +SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__ +SOLR_PORT=__SOLR_PORT__ + +export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__ + +if [ "`whoami`" != "$SOLR_USER" ]; then + if [ -w /etc/passwd ]; then + echo "Running this script as $SOLR_USER..." + su $SOLR_USER $0 + else + echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running it as `whoami`" + fi + + exit 1 +fi + +$SOLR_INSTALL_DIR/bin/solr stop -p $SOLR_PORT http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template b/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template new file mode 100644 index 0000000..2fab751 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<solr> + <solrcloud> + <str name="host">${host:}</str> + <int name="hostPort">${jetty.port:__SOLR_PORT__}</int> + <str name="hostContext">${hostContext:solr}</str> + <int name="zkClientTimeout">${zkClientTimeout:15000}</int> + <bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool> + </solrcloud> +</solr> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template b/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template new file mode 100644 index 0000000..f2d3205 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template @@ -0,0 +1,20 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name=ranger_audits +config=solrconfig.xml +schema=schema.xml +dataDir=__RANGER_AUDITS_DATA_FOLDER__ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template new file mode 100755 index 0000000..2a4bb38 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template @@ -0,0 +1,38 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +JAVA_HOME=__JAVA_HOME__ +SOLR_USER=__SOLR_USER__ +SOLR_MEMORY=__SOLR_MAX_MEM__ +SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__ +SOLR_RANGER_HOME=__SOLR_RANGER_HOME__ +SOLR_PORT=__SOLR_PORT__ +SOLR_LOG4J_FILEPATH=$SOLR_RANGER_HOME/resources/log4j.properties + +export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__ + +if [ "`whoami`" != "$SOLR_USER" ]; then + if [ -w /etc/passwd ]; then + echo "Running this script as $SOLR_USER..." + su $SOLR_USER $0 + else + echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running it as `whoami`" + fi + + exit 1 +fi + +$SOLR_INSTALL_DIR/bin/solr start -p $SOLR_PORT -d $SOLR_INSTALL_DIR/server -m $SOLR_MEMORY -s $SOLR_RANGER_HOME -Dlog4j.configuration=file://$SOLR_LOG4J_FILEPATH http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template new file mode 100755 index 0000000..5b85c25 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template @@ -0,0 +1,35 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +JAVA_HOME=__JAVA_HOME__ +SOLR_USER=__SOLR_USER__ +SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__ +SOLR_PORT=__SOLR_PORT__ + +export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__ + +if [ "`whoami`" != "$SOLR_USER" ]; then + if [ -w /etc/passwd ]; then + echo "Running this script as $SOLR_USER..." + su $SOLR_USER $0 + else + echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running it as `whoami`" + fi + + exit 1 +fi + +$SOLR_INSTALL_DIR/bin/solr stop -p $SOLR_PORT http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml b/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml new file mode 100644 index 0000000..4720e05 --- /dev/null +++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<solr> +</solr> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/b205c086/src/main/assembly/admin-web.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml index 4f34ef6..7a8dca0 100644 --- a/src/main/assembly/admin-web.xml +++ b/src/main/assembly/admin-web.xml @@ -361,6 +361,13 @@ <directory>security-admin/db</directory> <fileMode>544</fileMode> </fileSet> + + <fileSet> + <outputDirectory>/contrib</outputDirectory> + <directory>security-admin/contrib</directory> + <fileMode>544</fileMode> + </fileSet> + <fileSet> <outputDirectory>/</outputDirectory> <directory>security-admin/scripts</directory>
