group (cherry-picked commit 9cb055fc1a2f568f5b5fa9ab8ca0db43c56cf096)

vel Thu, 10 Dec 2015 21:20:13 -0800

RANGER-173: Applied review feedback to use variables for user/group 
(cherry-picked commit 9cb055fc1a2f568f5b5fa9ab8ca0db43c56cf096)


Signed-off-by: Velmurugan Periasamy <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f48ad91b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f48ad91b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f48ad91b

Branch: refs/heads/ranger-0.5
Commit: f48ad91b84bee57ef083246d1f8c51fa4ffbb484
Parents: 8e74e5a
Author: Don Bosco Durai <[email protected]>
Authored: Mon Oct 5 21:44:03 2015 -0700
Committer: Velmurugan Periasamy <[email protected]>
Committed: Fri Dec 11 00:18:22 2015 -0500

----------------------------------------------------------------------
 .../create_hdfs_folders_for_audit_non_secure.sh | 42 ++++++++++++-------
 .../create_hdfs_folders_for_audit_secure.sh     | 44 +++++++++++++-------
 2 files changed, 55 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f48ad91b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
----------------------------------------------------------------------
diff --git 
a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
 
b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
index eec3a08..ade46a7 100755
--- 
a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
+++ 
b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_non_secure.sh
@@ -14,53 +14,65 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#Usage: Run this script as user hdfs. 
-#Creating folders required for Apache Ranger auditing to HDFS. 
-#Note 1: Use this script only for non-secure/kerberos environment
-#
+#Usage: Run this script as user hdfs or the HDFS admin user. 
+#This script creates the folders in HDFS required by Apache Ranger for writing 
Audit records
+#Note 1: Use this script only for non-kerberos environment. In non-kerberos 
environment, Ranger KMS writes the audit logs as user "kms"
+#Note 2: Please update the below variables according to your environment
+
+HBASE_USER_GROUP=hbase:hbase
+HDFS_USER_GROUP=hdfs:hdfs
+HIVE_USER_GROUP=hive:hive
+KAFKA_USER_GROUP=kafka:kafka
+KMS_USER_GROUP=kms:kms
+KNOX_USER_GROUP=knox:knox
+SOLR_USER_GROUP=solr:solr
+STORM_USER_GROUP=storm:storm
+YARN_USER_GROUP=yarn:yarn
 
 set -x
+#Create parent folder with rx permission
 hdfs dfs -mkdir -p /ranger/audit
-hdfs dfs -chown hdfs:hdfs /ranger/audit
+hdfs dfs -chown $HDFS_USER_GROUP /ranger/audit
 hdfs dfs -chmod 755 /ranger
 hdfs dfs -chmod 755 /ranger/audit
 
 hdfs dfs -mkdir -p /ranger/audit/hbaseMaster
-hdfs dfs -chown hbase:hbase /ranger/audit/hbaseMaster
+hdfs dfs -chown $HBASE_USER_GROUP /ranger/audit/hbaseMaster
 hdfs dfs -chmod -R 0700 /ranger/audit/hbaseMaster
 
 hdfs dfs -mkdir -p /ranger/audit/hbaseRegional
-hdfs dfs -chown hbase:hbase /ranger/audit/hbaseRegional
+hdfs dfs -chown $HBASE_USER_GROUP /ranger/audit/hbaseRegional
 hdfs dfs -chmod -R 0700 /ranger/audit/hbaseRegional
 
 hdfs dfs -mkdir -p /ranger/audit/hdfs
-hdfs dfs -chown hdfs:hdfs /ranger/audit/hdfs
+hdfs dfs -chown $HDFS_USER_GROUP /ranger/audit/hdfs
 hdfs dfs -chmod -R 0700 /ranger/audit/hdfs
 
 hdfs dfs -mkdir -p /ranger/audit/hiveServer2
-hdfs dfs -chown hive:hive /ranger/audit/hiveServer2
+hdfs dfs -chown $HIVE_USER_GROUP /ranger/audit/hiveServer2
 hdfs dfs -chmod -R 0700 /ranger/audit/hiveServer2
 
 hdfs dfs -mkdir -p /ranger/audit/kafka
-hdfs dfs -chown kafka:kafka /ranger/audit/kafka
+hdfs dfs -chown $KAFKA_USER_GROUP /ranger/audit/kafka
 hdfs dfs -chmod -R 0700 /ranger/audit/kafka
 
 hdfs dfs -mkdir -p /ranger/audit/kms
-hdfs dfs -chown kms:kms /ranger/audit/kms
+hdfs dfs -chown $KMS_USER_GROUP /ranger/audit/kms
 hdfs dfs -chmod -R 0700 /ranger/audit/kms
 
 hdfs dfs -mkdir -p /ranger/audit/knox
-hdfs dfs -chown knox:knox /ranger/audit/knox
+hdfs dfs -chown $KNOX_USER_GROUP /ranger/audit/knox
 hdfs dfs -chmod -R 0700 /ranger/audit/knox
 
 hdfs dfs -mkdir -p /ranger/audit/solr
-hdfs dfs -chown solr:solr /ranger/audit/solr
+hdfs dfs -chown $SOLR_USER_GROUP /ranger/audit/solr
 hdfs dfs -chmod -R 0700 /ranger/audit/solr
 
 hdfs dfs -mkdir -p /ranger/audit/storm
-hdfs dfs -chown storm:storm /ranger/audit/storm
+hdfs dfs -chown $STORM_USER_GROUP /ranger/audit/storm
 hdfs dfs -chmod -R 0700 /ranger/audit/storm
 
 hdfs dfs -mkdir -p /ranger/audit/yarn
-hdfs dfs -chown yarn:yarn /ranger/audit/yarn
+hdfs dfs -chown $YARN_USER_GROUP /ranger/audit/yarn
 hdfs dfs -chmod -R 0700 /ranger/audit/yarn
+

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f48ad91b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
----------------------------------------------------------------------
diff --git 
a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
 
b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
index b15beee..12a4c93 100755
--- 
a/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
+++ 
b/security-admin/contrib/audit_hdfs_folders/create_hdfs_folders_for_audit_secure.sh
@@ -14,54 +14,66 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#Usage: Run this script as user hdfs. 
-#Creating folders required for Apache Ranger auditing to HDFS. 
-#Note 1: Use this script only for non-secure/kerberos environment
-#
+#Usage: Run this script as user hdfs or the HDFS admin user. 
+#This script creates the folders in HDFS required by Apache Ranger for writing 
Audit records
+#Note 1: Use this script only for non-kerberos environment. In non-kerberos 
environment, Ranger KMS writes the audit logs as user "HTTP"
+#Note 2: Please update the below variables according to your environment
+
+HBASE_USER_GROUP=hbase:hbase
+HDFS_USER_GROUP=hdfs:hdfs
+HIVE_USER_GROUP=hive:hive
+KAFKA_USER_GROUP=kafka:kafka
+KMS_USER_GROUP=HTTP:HTTP
+KNOX_USER_GROUP=knox:knox
+SOLR_USER_GROUP=solr:solr
+STORM_USER_GROUP=storm:storm
+YARN_USER_GROUP=yarn:yarn
 
 set -x
+
+#Create parent folder with rx permission
 hdfs dfs -mkdir -p /ranger/audit
-hdfs dfs -chown hdfs:hdfs /ranger/audit
+hdfs dfs -chown $HDFS_USER_GROUP /ranger/audit
 hdfs dfs -chmod 755 /ranger
 hdfs dfs -chmod 755 /ranger/audit
 
-
 hdfs dfs -mkdir -p /ranger/audit/hbaseMaster
-hdfs dfs -chown hbase:hbase /ranger/audit/hbaseMaster
+hdfs dfs -chown $HBASE_USER_GROUP /ranger/audit/hbaseMaster
 hdfs dfs -chmod -R 0700 /ranger/audit/hbaseMaster
 
 hdfs dfs -mkdir -p /ranger/audit/hbaseRegional
-hdfs dfs -chown hbase:hbase /ranger/audit/hbaseRegional
+hdfs dfs -chown $HBASE_USER_GROUP /ranger/audit/hbaseRegional
 hdfs dfs -chmod -R 0700 /ranger/audit/hbaseRegional
 
 hdfs dfs -mkdir -p /ranger/audit/hdfs
-hdfs dfs -chown hdfs:hdfs /ranger/audit/hdfs
+hdfs dfs -chown $HDFS_USER_GROUP /ranger/audit/hdfs
 hdfs dfs -chmod -R 0700 /ranger/audit/hdfs
 
 hdfs dfs -mkdir -p /ranger/audit/hiveServer2
-hdfs dfs -chown hive:hive /ranger/audit/hiveServer2
+hdfs dfs -chown $HIVE_USER_GROUP /ranger/audit/hiveServer2
 hdfs dfs -chmod -R 0700 /ranger/audit/hiveServer2
 
 hdfs dfs -mkdir -p /ranger/audit/kafka
-hdfs dfs -chown kafka:kafka /ranger/audit/kafka
+hdfs dfs -chown $KAFKA_USER_GROUP /ranger/audit/kafka
 hdfs dfs -chmod -R 0700 /ranger/audit/kafka
 
 hdfs dfs -mkdir -p /ranger/audit/kms
-hdfs dfs -chown HTTP:HTTP /ranger/audit/kms
+hdfs dfs -chown $KMS_USER_GROUP /ranger/audit/kms
 hdfs dfs -chmod -R 0700 /ranger/audit/kms
 
 hdfs dfs -mkdir -p /ranger/audit/knox
-hdfs dfs -chown knox:knox /ranger/audit/knox
+hdfs dfs -chown $KNOX_USER_GROUP /ranger/audit/knox
 hdfs dfs -chmod -R 0700 /ranger/audit/knox
 
 hdfs dfs -mkdir -p /ranger/audit/solr
-hdfs dfs -chown solr:solr /ranger/audit/solr
+hdfs dfs -chown $SOLR_USER_GROUP /ranger/audit/solr
 hdfs dfs -chmod -R 0700 /ranger/audit/solr
 
 hdfs dfs -mkdir -p /ranger/audit/storm
-hdfs dfs -chown storm:storm /ranger/audit/storm
+hdfs dfs -chown $STORM_USER_GROUP /ranger/audit/storm
 hdfs dfs -chmod -R 0700 /ranger/audit/storm
 
 hdfs dfs -mkdir -p /ranger/audit/yarn
-hdfs dfs -chown yarn:yarn /ranger/audit/yarn
+hdfs dfs -chown $YARN_USER_GROUP /ranger/audit/yarn
 hdfs dfs -chmod -R 0700 /ranger/audit/yarn
+

[5/8] incubator-ranger git commit: RANGER-173: Applied review feedback to use variables for user/group (cherry-picked commit 9cb055fc1a2f568f5b5fa9ab8ca0db43c56cf096)

Reply via email to