RANGER-598: Update Ranger config migration script to work with Ranger 0.5
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3770fbd5 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3770fbd5 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3770fbd5 Branch: refs/heads/HDP-2.3.2-groupid Commit: 3770fbd543cbc5d0b737fe37562c648bdbb85fc1 Parents: fef11ab Author: Velmurugan Periasamy <[email protected]> Authored: Fri Aug 7 14:09:21 2015 -0400 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Aug 27 14:43:11 2015 -0700 ---------------------------------------------------------------------- .../bin/import_ranger_to_ambari.py | 1214 ++++++++++ .../bin/ranger_admin_install.properties | 33 + .../ambari2.0-hdp2.2-ranger0.40/doc/README.TXT | 74 + .../bin/import_ranger_to_ambari.py | 2253 ++++++++++++++++++ .../bin/ranger_admin_install.properties | 33 + .../ambari2.1-hdp2.3-ranger0.50/doc/README.TXT | 78 + migration-util/bin/import_ranger_to_ambari.py | 1214 ---------- .../bin/ranger_admin_install.properties | 33 - migration-util/doc/README.TXT | 74 - 9 files changed, 3685 insertions(+), 1321 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3770fbd5/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py ---------------------------------------------------------------------- diff --git a/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py new file mode 100755 index 0000000..7b99b2f --- /dev/null +++ b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/import_ranger_to_ambari.py @@ -0,0 +1,1214 @@ +import os +import sys +import urllib2 +import base64 +import httplib +import json +import time +from xml.etree import ElementTree as ET +import datetime +from subprocess import Popen, PIPE +import re + + +def port_ranger_installation_to_ambari(): + print('preparing advanged configurations for ranger') + flag_ranger_admin_present, ranger_admin_properties_from_file = get_ranger_admin_install_properties() + if flag_ranger_admin_present: + print('ranger admin service is installed, making configurations as required by ambari.') + if create_ranger_service_in_ambari(): + print('ranger service is added sucessfully in ambari') + if create_ranger_service_components_in_ambari('RANGER_ADMIN'): + print('ranger service component is added successfully in ambari') + if register_ranger_admin_host_in_ambari(): + print('ranger admin host is registered successfully in ambari') + if add_advanced_ranger_configurations(1, ranger_admin_properties_from_file): + print('ranger-admin advanced configurations added successfully in ambari, kindly run ranger-usersync to complete ranger service install') + else: + print('ranger advanced configurations added failed in ambari') + else: + print('ranger admin host registration failed in ambari') + else: + print('ranger service component add failed in ambari') + else: + print('ranger service add failed in ambari') + else: + print('ranger admin and usersync services are not installed, not importing configurations to ambari.') + + +def port_ranger_usersync_installation_to_ambari(): + print ('preparing configurations for ranger user-sync') + flag_ranger_usersync_present, ranger_usersync_properties_from_file = get_ranger_usersync_install_properties() + if flag_ranger_usersync_present: + print('ranger usersync service is installed, making configurations as required by ambari.') + if create_ranger_service_components_in_ambari('RANGER_USERSYNC'): + print('ranger service component is added successfully in ambari') + if register_ranger_usersync_host_in_ambari(): + print('ranger usersync host is registered successfully in ambari') + if add_advanced_ranger_configurations(2, ranger_usersync_properties_from_file): + print('ranger advanced configurations added successfully in ambari') + if call_ranger_installed(): + print('ranger service installed successfully in ambari.') + else: + print('ranger service install failed in ambari') + else: + print('ranger advanced configurations added failed in ambari') + else: + print('ranger usersync host registration failed in ambari') + else: + print('ranger service add failed in ambari') + else: + print('ranger admin and usersync services are not installed, not importing configurations to ambari.') + + +def create_ranger_service_in_ambari(): + print('creating ranger service in ambari') + ranger_create_url = ambari_service_url + '/' + ranger_service_name + request_result = call_ambari_api(ranger_create_url, 'POST', ambari_username_password, '') + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 201 and response is not None): + print('ranger service created successfully in ambari.') + return True + elif (response_code == 409 and response is not None): + print('ranger service is already created in ambari.') + return True + else: + print('ranger service creation failed in ambari.') + return False + +def create_ranger_service_components_in_ambari(ranger_service_component_name): + print('adding ranger servcie components in ambari') + ranger_service_components = '{"components":[{"ServiceComponentInfo":{"component_name":"' + ranger_service_component_name + '"}}]}' + print('creating ranger service in ambari') + ranger_service_component_create_url = ambari_service_url + '?ServiceInfo/service_name=' + ranger_service_name + request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, ranger_service_components) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 201 and response is not None): + print('ranger service component : ' + ranger_service_component_name + ', created successfully in ambari.') + return True + elif (response_code == 409 and response is not None): + print('ranger service component : ' + ranger_service_component_name + ', is already present in ambari.') + return True + else: + print('ranger service component creation for : ' + ranger_service_component_name + ', failed in ambari.') + return False + +def register_ranger_admin_host_in_ambari(): + print('adding ranger servcie components in ambari') + print('creating ranger admin service in ambari') + ranger_service_component_create_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + admin_component_name + request_result = call_ambari_api(ranger_service_component_create_url, 'POST', ambari_username_password, '') + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 201 and response is not None: + print('ranger admin host registered successfully in ambari.') + return True + elif (response_code == 409 and response is not None): + print('ranger admin host is already registered ambari.') + return True + else: + print('ranger admin host registration failed in ambari.') + return False + + +def register_ranger_usersync_host_in_ambari(): + print('adding ranger servcie components in ambari') + print('creating ranger admin service in ambari') + ranger_host_register_url = ambari_cluster_url + '/hosts/' + ranger_admin_fqdn + '/host_components/' + usersync_component_name + request_result = call_ambari_api(ranger_host_register_url, 'POST', ambari_username_password, '') + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 201 and response is not None): + print('ranger usersync host registered successfully in ambari.') + return True + elif (response_code == 409 and response is not None): + print('ranger usersync host is already registered ambari.') + return True + else: + print('ranger usersync host registration failed in ambari.') + return False + + +def add_advanced_ranger_configurations(add_admin_or_usersync, ranger_service_properties_from_file): + print('creating advanced configurations to be added to ambari.') + ranger_config_data = '' + advanced_admin_properties = dict() + advanced_ranger_site_properties = dict() + advanced_ranger_env_properties = dict() + advanced_user_sync_properties = dict() + date_time_stamp = getDateTimeNow() + + if (add_admin_or_usersync == 1): + if not ((str(ranger_service_properties_from_file['db_root_password']).strip() == '') or + (str(ranger_service_properties_from_file['db_root_user']).strip() == '' )) : + advanced_admin_properties['DB_FLAVOR'] = ranger_service_properties_from_file['DB_FLAVOR'] + advanced_admin_properties['SQL_COMMAND_INVOKER'] = ranger_service_properties_from_file['SQL_COMMAND_INVOKER'] + advanced_admin_properties['SQL_CONNECTOR_JAR'] = ranger_service_properties_from_file['SQL_CONNECTOR_JAR'] + advanced_admin_properties['db_root_user'] = ranger_service_properties_from_file['db_root_user'] + advanced_admin_properties['db_root_password'] = ranger_service_properties_from_file['db_root_password'] + advanced_admin_properties['db_host'] = ranger_service_properties_from_file['db_host'] + advanced_admin_properties['db_name'] = ranger_service_properties_from_file['db_name'] + advanced_admin_properties['db_user'] = ranger_service_properties_from_file['jdbc.user'] + advanced_admin_properties['db_password'] = ranger_service_properties_from_file['jdbc.password'] + advanced_admin_properties['audit_db_name'] = ranger_service_properties_from_file['audit_db_name'] + advanced_admin_properties['audit_db_user'] = ranger_service_properties_from_file['auditDB.jdbc.user'] + advanced_admin_properties['audit_db_password'] = ranger_service_properties_from_file['auditDB.jdbc.password'] + advanced_admin_properties['policymgr_external_url'] = ranger_service_properties_from_file['xa.webapp.url.root'] + advanced_admin_properties['policymgr_http_enabled'] = ranger_service_properties_from_file['http.enabled'] + advanced_admin_properties['authentication_method'] = get_authentication_method() + advanced_admin_properties['remoteLoginEnabled'] = ranger_service_properties_from_file.get('remoteLoginEnabled','false') + advanced_admin_properties['authServiceHostName'] = ranger_service_properties_from_file.get('authServiceHostName','localhost') + advanced_admin_properties['authServicePort'] = ranger_service_properties_from_file.get('authServicePort','5151') + advanced_admin_properties['xa_ldap_url'] = ranger_service_properties_from_file['xa_ldap_url'] + advanced_admin_properties['xa_ldap_userDNpattern'] = ranger_service_properties_from_file['xa_ldap_userDNpattern'] + advanced_admin_properties['xa_ldap_groupSearchBase'] = ranger_service_properties_from_file['xa_ldap_groupSearchBase'] + advanced_admin_properties['xa_ldap_groupSearchFilter'] = ranger_service_properties_from_file['xa_ldap_groupSearchFilter'] + advanced_admin_properties['xa_ldap_groupRoleAttribute'] = ranger_service_properties_from_file['xa_ldap_groupRoleAttribute'] + advanced_admin_properties['xa_ldap_ad_domain'] = ranger_service_properties_from_file['xa_ldap_ad_domain'] + advanced_admin_properties['xa_ldap_ad_url'] = ranger_service_properties_from_file['xa_ldap_ad_url'] + + advanced_ranger_site_properties['HTTP_SERVICE_PORT'] = ranger_service_properties_from_file['http.service.port'] + advanced_ranger_site_properties['HTTPS_SERVICE_PORT'] = ranger_service_properties_from_file['https.service.port'] + advanced_ranger_site_properties['HTTPS_KEYSTORE_FILE'] = ranger_service_properties_from_file['https.attrib.keystoreFile'] + advanced_ranger_site_properties['HTTPS_KEYSTORE_PASS'] = ranger_service_properties_from_file['https.attrib.keystorePass'] + advanced_ranger_site_properties['HTTPS_KEY_ALIAS'] = ranger_service_properties_from_file['https.attrib.keyAlias'] + advanced_ranger_site_properties['HTTPS_CLIENT_AUTH'] = ranger_service_properties_from_file['https.attrib.clientAuth'] + advanced_ranger_site_properties['HTTP_ENABLED'] = ranger_service_properties_from_file['http.enabled'] + + advanced_ranger_env_properties['ranger_user'] = 'ranger' + advanced_ranger_env_properties['ranger_group'] = 'ranger' + advanced_ranger_env_properties['ranger_admin_log_dir'] = '/var/log/ranger/admin' + advanced_ranger_env_properties['ranger_usersync_log_dir'] = '/var/log/ranger/usersync' + advanced_ranger_env_properties['ranger_admin_username'] = 'amb_ranger_admin' + advanced_ranger_env_properties['ranger_admin_password'] = 'ambari123' + advanced_ranger_env_properties['admin_password'] = 'admin' + + ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"admin-properties", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps( + advanced_admin_properties) + ', "properties_attributes": {"final": "true"}},{"type":"ranger-site", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps( + advanced_ranger_site_properties) + ', "properties_attributes": {"final": "false"}},{"type":"ranger-env", "service_config_version_note": "Initial configuration for Ranger Admin service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps(advanced_ranger_env_properties) + ', "properties_attributes": {"final": "false"}}]}}]' + + + print ('####################### admin_properties configuration :') + for each_key in advanced_admin_properties: + print str(each_key) + ' = ' + str(advanced_admin_properties[each_key]) + + print ('####################### ranger_site_properties configuration :') + for each_key in advanced_ranger_site_properties: + print str(each_key) + ' = ' + str(advanced_ranger_site_properties[each_key]) + + print ('####################### ranger_env_properties configuration :') + for each_key in advanced_ranger_env_properties: + print str(each_key) + ' = ' + str(advanced_ranger_env_properties[each_key]) + + + else: + print('either db_root_user or db_root_password value is missing from ranger_admin_install.properties file, please set appropriate value and run the script again.') + sys.exit(1) + + elif (add_admin_or_usersync == 2): + advanced_user_sync_properties['SYNC_SOURCE'] = ranger_service_properties_from_file['SYNC_SOURCE'] + advanced_user_sync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = ranger_service_properties_from_file['usergroupSync.unix.minUserId'] + advanced_user_sync_properties['SYNC_INTERVAL'] = ranger_service_properties_from_file['usergroupSync.sleepTimeInMillisBetweenSyncCycle'] + advanced_user_sync_properties['SYNC_LDAP_URL'] = ranger_service_properties_from_file['ldapGroupSync.ldapUrl'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + advanced_user_sync_properties['SYNC_LDAP_BIND_DN'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindDn'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + advanced_user_sync_properties['SYNC_LDAP_BIND_PASSWORD'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindPassword'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + advanced_user_sync_properties['CRED_KEYSTORE_FILENAME'] = ranger_service_properties_from_file['ldapGroupSync.ldapBindKeystore'] + advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchBase'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = ranger_service_properties_from_file['ldapGroupSync.userSearchScope'] + advanced_user_sync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = ranger_service_properties_from_file['ldapGroupSync.userObjectClass'] + advanced_user_sync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = ranger_service_properties_from_file['ldapGroupSync.userSearchFilter'] \ + if str(ranger_service_properties_from_file['SYNC_SOURCE']).strip().lower() == 'ldap' else ' ' + advanced_user_sync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userNameAttribute'] + advanced_user_sync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = ranger_service_properties_from_file['ldapGroupSync.userGroupNameAttribute'] + advanced_user_sync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.username.caseConversion'] + advanced_user_sync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = ranger_service_properties_from_file['ldapGroupSync.groupname.caseConversion'] + advanced_user_sync_properties['logdir'] = ranger_service_properties_from_file['logdir'] + + ranger_config_data = '[{"Clusters":{"desired_config":[{"type":"usersync-properties", "service_config_version_note": "Initial configuration for Ranger Usersync service" ,"tag":"' + str( + date_time_stamp) + '","properties":' + json.dumps(advanced_user_sync_properties) + ', "properties_attributes": {"final": "false"}}]}}]' + + print ('####################### user_sync_properties configuration :') + for each_key in advanced_user_sync_properties: + print str(each_key) + ' = ' + str(advanced_user_sync_properties[each_key]) + + else: + print ('invalid option for to add configuration to ranger.') + sys.exit(1) + + + confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('input registered as ' + str(confirm_configurations)) + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(ranger_config_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('ranger advanced configuration added successfully in ambari.') + return True + else: + print('ranger advanced configuration add failed in ambari.') + return False + else: + print('ranger advanced configuration add failed in ambari.') + return False + else: + print ('exiting installation without configuration !') + sys.exit(0) + + +def call_ranger_installed(): + print('changing state of ranger services from init to installed.') + ranger_state_change_request = '{"RequestInfo":{"context":"Install Ranger Service","operation_level":{"level":"CLUSTER","cluster_name":"' + str( + cluster_name) + '"}},"Body":{"ServiceInfo":{"state":"INSTALLED"}}}' + ranger_state_change_url = ambari_service_url + '?ServiceInfo/state=INIT' + request_result = call_ambari_api(ranger_state_change_url, 'PUT', ambari_username_password, ranger_state_change_request) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if (response_code == 200 and response is not None): + print('ranger state changed to install successfully in ambari.') + return True + if (response_code == 409 and response is not None): + print('ranger is already installed in ambari.') + return True + if response_code == 202 and response is not None: + print('ranger state changed to install posted in ambari, checking for updated status waiting for 30 seconds') + parsed_response = json.loads(response) + response_href_url = parsed_response['href'] + response_request_id = parsed_response['Requests']['id'] + response_status = parsed_response['Requests']['status'] + if response_status != 'Installed': + print('Received response but status is not installed, verifying installation to be successful.') + flag_ranger_installed = True + time.sleep(30) + while flag_ranger_installed: + print('checking request status') + ambari_request_url = ambari_cluster_url + '/requests/' + str(response_request_id) + request_status_result = call_ambari_api(ambari_request_url, 'GET', ambari_username_password, '') + if request_status_result is not None: + response_code = request_status_result.getcode() + response_status = json.loads(json.JSONEncoder().encode(request_status_result.read())) + if (response_code == 200 and 'FAILED' in response_status): + print('ranger install failed in ambari.') + flag_ranger_installed = True + if (response_code == 200 ): + print('ranger install is pending in ambari.') + flag_ranger_installed = True + if (response_code == 200 and ('PENDING' in response_status or 'INTERNAL_REQUEST' in response_status)): + print('ranger install is pending in ambari.') + flag_ranger_installed = True + if (response_code == 200 and 'COMPLETED' in response_status): + print('ranger installed successfully in ambari.') + flag_ranger_installed = False + else: + flag_ranger_installed = True + return not flag_ranger_installed + else: + print('ranger state changed to install failed in ambari.') + return False + + +def get_ranger_usersync_install_properties(): + print('preparing advanced configurations for ranger User-sync') + flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir) + flag_ranger_usersync_present = False + ranger_usersync_current_dir = os.path.join(hdp_current_dir, 'ranger-usersync') + ranger_usersync_properties_from_file = dict() + print('checking for ranger-usersync service to be present') + flag_ranger_usersync_present, ranger_usersync__installed_version = check_ranger_usersync_install(ranger_usersync_current_dir) + if flag_ranger_usersync_present: + print('ranger usersync is installed, getting existing properties for ambari import') + print('got ranger usersync values from install.properties file, need to configure ambari for ranger service.') + ranger_usersync_properties_from_file = get_additional_properties_for_usersync(ranger_usersync_properties_from_file) + return flag_ranger_usersync_present, ranger_usersync_properties_from_file + + +def get_ranger_admin_install_properties(): + ranger_admin_current_dir = os.path.join(hdp_current_dir, 'ranger-admin') + flag_hadoop_present = check_hadoop_dir_present(hdp_current_dir) + flag_ranger_admin_present = False + ranger_admin_properties_from_file = dict() + + if flag_hadoop_present: + print('hadoop directory is present, checking ranger admin installation.') + flag_ranger_admin_present, ranger_admin_installed_version = check_ranger_admin_install(ranger_admin_current_dir) + + if flag_ranger_admin_present: + print('ranger admin is present.getting existing configurations to port to ambari.') + if os.path.isfile("ranger_admin_install.properties"): + print('ranger_install_properties_path exists, getting existing properties for ambari port') + ranger_admin_properties_from_file = import_properties_from_file("ranger_admin_install.properties") + if not (ranger_admin_properties_from_file['db_root_user'] == '' or ranger_admin_properties_from_file['db_root_password'] == ''): + print 'db_root_username and db_root_password are not blank.' + print 'value for db_root_user = ' + str(ranger_admin_properties_from_file['db_root_user']) + print 'value for db_root_password = ' + str(ranger_admin_properties_from_file['db_root_password']) + else: + print 'db_root_username or db_root_password are blank, please provide proper values in ranger_admin_install.properties. exiting installation without any changes.' + sys.exit(1) + + print('got ranger admin values from ranger_admin_install.properties file, need to configure ambari for ranger service.') + print('getting additional properties required by ranger services') + ranger_admin_properties_from_file = get_additional_properties_for_admin(ranger_admin_properties_from_file) + + return flag_ranger_admin_present, ranger_admin_properties_from_file + + +def check_hadoop_dir_present(hdp_current_dir_path): + flag_hadoop_dir_present = False + if os.path.isdir(hdp_current_dir_path): + print('hadoop is installed.') + flag_hadoop_dir_present = True + return flag_hadoop_dir_present + + +def check_ranger_admin_install(ranger_admin_current_dir): + flag_ranger_dir_present = False + ranger_current_installed_version = '' + print('checking ranger service path folder') + if os.path.isdir(ranger_admin_current_dir): + print('ranger admin is installed.') + if os.path.islink(ranger_admin_current_dir): + flag_ranger_dir_present = True + print('ranger admin link found getting current version from link.') + ranger_home_path = os.path.realpath(ranger_admin_current_dir) + ranger_current_installed_version = ranger_home_path.split('/')[4] + return flag_ranger_dir_present, ranger_current_installed_version + + +def check_ranger_usersync_install(ranger_usersync_current_dir): + flag_ranger_dir_present = False + ranger_current_installed_version = '' + print('checking ranger service path folder') + if os.path.isdir(ranger_usersync_current_dir): + print('ranger user-sync is installed.') + if os.path.islink(ranger_usersync_current_dir): + flag_ranger_dir_present = True + print('ranger admin link found getting current version from link.') + ranger_home_path = os.path.realpath(ranger_usersync_current_dir) + ranger_current_installed_version = ranger_home_path.split('/')[4] + return flag_ranger_dir_present, ranger_current_installed_version + + +def get_additional_properties_for_admin(ranger_admin_properties_from_file): + ranger_conf_path = '/etc/ranger/admin/conf' + ranger_webserver_properties_path = os.path.join(ranger_conf_path, 'ranger_webserver.properties') + ranger_ldap_properties_path = os.path.join(ranger_conf_path, 'xa_ldap.properties') + ranger_system_properties_path = os.path.join(ranger_conf_path, 'xa_system.properties') + ranger_unixauth_properties_path = os.path.join(ranger_conf_path, 'ranger_jaas', 'unixauth.properties') + try: + ranger_admin_properties_from_file = import_properties_from_file(ranger_webserver_properties_path, ranger_admin_properties_from_file) + ranger_admin_properties_from_file = import_properties_from_file(ranger_ldap_properties_path, ranger_admin_properties_from_file) + ranger_admin_properties_from_file = import_properties_from_file(ranger_system_properties_path, ranger_admin_properties_from_file) + ranger_admin_properties_from_file = import_properties_from_file(ranger_unixauth_properties_path, ranger_admin_properties_from_file) + except Exception, e: + print "Error loading property files: ", str(e) + + print('getting db flavor, library and command invoker') + xa_system_properties_db_dialect = ranger_admin_properties_from_file['jdbc.dialect'] + print('xa_system_properties_db_dialect = ' + xa_system_properties_db_dialect) + xa_system_properties_url = ranger_admin_properties_from_file['jdbc.url'] + print('xa_system_properties_url = ' + xa_system_properties_url) + if ('mysql'.lower() in xa_system_properties_db_dialect.lower() and 'mysql'.lower() in xa_system_properties_url.lower()): + print('db dialect and jdbc url are set as MYSQL setting db_flavour and sql command invoker as mysql') + ranger_admin_properties_from_file['DB_FLAVOR'] = 'MYSQL' + ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'mysql' + ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/mysql-connector-java.jar' + elif ('oracle'.lower() in xa_system_properties_db_dialect and 'oracle'.lower() in xa_system_properties_url.lower()): + print('db dialect and jdbc url are set as Oracle setting db_flavour and sql command invoker as oracle') + ranger_admin_properties_from_file['DB_FLAVOR'] = 'ORACLE' + ranger_admin_properties_from_file['SQL_COMMAND_INVOKER'] = 'sqlplus' + ranger_admin_properties_from_file['SQL_CONNECTOR_JAR'] = '/usr/share/java/ojdbc6.jar' + else: + print('found unsupported DB_FLAVOUR, please configure as MYSQL or ORACLE, which are supported for now.exitting for now') + sys.exit(1) + + xa_system_properties_jdbc_url = ranger_admin_properties_from_file['jdbc.url'] + print('found jdbc url configured as : ' + str(xa_system_properties_jdbc_url) + ' , getting db host from configured jdbc url') + xa_database_host_name = xa_system_properties_jdbc_url.split(':') + xa_database_host = xa_database_host_name[3].split('/')[2] + xa_database_name = xa_database_host_name[3].split('/')[3] + print('found db host as : ' + str(xa_database_host)) + print('found db name as : ' + str(xa_database_name)) + ranger_admin_properties_from_file['db_host'] = xa_database_host + ranger_admin_properties_from_file['db_name'] = xa_database_name + + xa_system_properties_audit_jdbc_url = ranger_admin_properties_from_file['auditDB.jdbc.url'] + print('found audit jdbc url configured as : ' + str(xa_system_properties_audit_jdbc_url) + ' , getting db host from configured jdbc url') + xa_audit_database_host_name = xa_system_properties_audit_jdbc_url.split(':') + + xa_audit_database_host = xa_audit_database_host_name[3].split('/')[2] + xa_audit_database_name = xa_audit_database_host_name[3].split('/')[3] + print('found xa_audit_database_name as : ' + str(xa_audit_database_name)) + ranger_admin_properties_from_file['audit_db_host'] = xa_audit_database_host + ranger_admin_properties_from_file['audit_db_name'] = xa_audit_database_name + + xa_db_password = '' + xa_audit_db_password = '' + + libpath = os.path.join(hdp_version_dir, 'ranger-admin', 'cred', 'lib', '*') + aliasKey = 'policydb.jdbc.password' + aliasValue = '' + filepath = os.path.join(hdp_version_dir, 'ranger-admin', 'ews', 'webapp', 'WEB-INF', 'classes', 'conf', '.jceks', 'rangeradmin.jceks') + + getorcreateorlist = 'get' + + statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) + if statuscode == 0: + xa_db_password = value.strip() + + aliasKey = 'auditdb.jdbc.password' + statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) + if statuscode == 0: + xa_audit_db_password = value.strip() + + ranger_admin_properties_from_file['jdbc.password'] = xa_db_password + ranger_admin_properties_from_file['auditDB.jdbc.password'] = xa_audit_db_password + return ranger_admin_properties_from_file + + +def get_additional_properties_for_usersync(ranger_usersync_properties_from_file): + ranger_conf_path = '/etc/ranger/usersync/conf' + unix_auth_properties_path = os.path.join(ranger_conf_path, 'unixauthservice.properties') + ranger_usersync_properties_from_file = import_properties_from_file(unix_auth_properties_path, ranger_usersync_properties_from_file) + if (('unix'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()): + print('sync_source is unix') + ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'unix' + if (('ldap'.lower()) in str(ranger_usersync_properties_from_file['usergroupSync.source.impl.class']).lower()): + print('sync source is ldap') + ranger_usersync_properties_from_file['SYNC_SOURCE'] = 'ldap' + return ranger_usersync_properties_from_file + + +def port_ranger_hdfs_plugin_to_ambari(): + print('Trying to add ranger hdfs plugin.') + flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties = get_hdfs_plugin_configuration() + if flag_hdfs_plugin_installed and hdfs_plugin_install_properties is not None and hdfs_site_xml_properties is not None: + hdfs_site_xml_properties['dfs.permissions.enabled'] = 'true' + print('hdfs plugin is installed and enabled, adding to configurations') + advanced_ranger_hdfs_plugin_properties = dict() + + advanced_ranger_hdfs_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_hdfs_plugin_properties['hadoop.rpc.protection'] = '-' + advanced_ranger_hdfs_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_hdfs_plugin_properties['ranger-hdfs-plugin-enabled'] = 'Yes' + advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hadoop' + advanced_ranger_hdfs_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hadoop' + advanced_ranger_hdfs_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hdfs_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_hdfs_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hdfs_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_hdfs_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] + advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_hdfs_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hdfs_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hdfs-site", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str( + json.dumps(hdfs_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hdfs-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HDFS plugin" , "tag": "' + str( + date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hdfs_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + print ('####################### hdfs_site_xml configuration :') + for each_key in hdfs_site_xml_properties: + print str(each_key) + ' = ' + str(hdfs_site_xml_properties[each_key]) + + print ('####################### ranger_hdfs_plugin_properties configuration :') + for each_key in advanced_ranger_hdfs_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_hdfs_plugin_properties[each_key]) + + confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('ranger hdfs plugin configuration added successfully in ambari.') + return True + else: + print('ranger hdfs plugin configuration add failed in ambari.') + return False + else: + print('ranger hdfs plugin configuration add failed in ambari.') + return False + else: + print ('exiting installation without configuration !') + sys.exit(0) + else: + print('ranger hdfs plugin configuration add failed in ambari.') + return False + + + +def port_ranger_hive_plugin_to_ambari(): + print('Trying to add ranger hive plugin.') + flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties = get_hive_plugin_configuration() + if flag_hive_plugin_installed and hive_plugin_install_properties is not None and hive_server2_xml_properties is not None: + hive_server2_xml_properties['hive.security.authorization.enabled'] = 'true' + hive_server2_xml_properties['hive.security.authorization.manager'] = 'com.xasecure.authorization.hive.authorizer.XaSecureHiveAuthorizerFactory' + hive_server2_xml_properties['hive.security.authenticator.manager'] = 'org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator' + hive_server2_xml_properties['hive.conf.restricted.list'] = 'hive.security.authorization.enabled, hive.security.authorization.manager,hive.security.authenticator.manager' + print('hive plugin is installed and enabled, adding to configurations') + advanced_ranger_hive_plugin_properties = dict() + + advanced_ranger_hive_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_hive_plugin_properties['jdbc.driverClassName'] = 'org.apache.hive.jdbc.HiveDriver' + advanced_ranger_hive_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_hive_plugin_properties['ranger-hive-plugin-enabled'] = 'Yes' + advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hive' + advanced_ranger_hive_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hive' + advanced_ranger_hive_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hive_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hive_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hive_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_hive_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hive_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_hive_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] + advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_hive_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hive_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] + advanced_ranger_hive_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hive_plugin_install_properties['xasecure.hive.update.xapolicies.on.grant.revoke'] + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hiveserver2-site", "service_config_version_note": "Initial configuration for Ranger HIVE plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str( + json.dumps(hive_server2_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hive-plugin-properties", "service_config_version_note": "Initial configuration for Ranger HIVE plugin" ,"tag":"' + str( + date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hive_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + + print ('####################### hive_server2_xml configuration :') + for each_key in hive_server2_xml_properties: + print str(each_key) + ' = ' + str(hive_server2_xml_properties[each_key]) + + print ('####################### ranger_hive_plugin_properties configuration :') + for each_key in advanced_ranger_hive_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_hive_plugin_properties[each_key]) + + confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('ranger hive plugin configuration added successfully in ambari.') + return True + else: + print('ranger hive plugin configuration add failed in ambari.') + return False + else: + print('ranger hive plugin configuration add failed in ambari.') + return False + else: + print ('exiting installation without configuration !') + sys.exit(0) + else: + print('ranger hive plugin configuration add failed in ambari.') + return False + + + +def port_ranger_hbase_plugin_to_ambari(): + print('Trying to add ranger Hbase plugin.') + flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties = get_hbase_plugin_configuration() + if flag_hbase_plugin_installed and hbase_plugin_install_properties is not None and hbase_site_xml_properties is not None: + print('Hbase plugin is installed and enabled, adding to configurations') + advanced_ranger_hbase_plugin_properties = dict() + + advanced_ranger_hbase_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_hbase_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_hbase_plugin_properties['ranger-hbase-plugin-enabled'] = 'Yes' + advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'hbase' + advanced_ranger_hbase_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'hbase' + advanced_ranger_hbase_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = hbase_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = hbase_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = hbase_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_hbase_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = hbase_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_hbase_plugin_properties['SSL_KEYSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] + advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_hbase_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = hbase_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] + advanced_ranger_hbase_plugin_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = hbase_plugin_install_properties['xasecure.hbase.update.xapolicies.on.grant.revoke'] + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type":"hbase-site", "service_config_version_note": "Initial configuration for Ranger HBASE plugin" ,"tag":"' + str(date_time_stamp) + '","properties":' + str( + json.dumps(hbase_site_xml_properties)) + ', "properties_attributes": {"final": "false"}},{"type": "ranger-hbase-plugin-properties","service_config_version_note": "Initial configuration for Ranger HBASE plugin" ,"tag":"' + str( + date_time_stamp) + '", "properties":' + json.dumps(advanced_ranger_hbase_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + print ('####################### hbase_site_xml configuration :') + for each_key in hbase_site_xml_properties: + print str(each_key) + ' = ' + str(hbase_site_xml_properties[each_key]) + + print ('####################### ranger_hbase_plugin_properties configuration :') + for each_key in advanced_ranger_hbase_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_hbase_plugin_properties[each_key]) + + confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('ranger hbase plugin configuration added successfully in ambari.') + return True + else: + print('ranger hbase plugin configuration add failed in ambari.') + return False + else: + print ('ranger hbase plugin configuration add failed in ambari.') + return False + else: + print ('exiting installation without configuration !') + sys.exit(0) + else: + print ('ranger hbase plugin configuration add failed in ambari.') + return False + + + +def port_ranger_knox_plugin_to_ambari(): + print('trying to add ranger knox plugin.') + flag_knox_plugin_installed, knox_plugin_install_properties = get_knox_plugin_configuration() + if flag_knox_plugin_installed and knox_plugin_install_properties is not None: + print('Knox plugin is installed and enabled, adding to configurations') + advanced_ranger_knox_plugin_properties = dict() + + advanced_ranger_knox_plugin_properties['policy_user'] = 'ambari-qa' + advanced_ranger_knox_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_knox_plugin_properties['ranger-knox-plugin-enabled'] = 'Yes' + advanced_ranger_knox_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = 'admin' + advanced_ranger_knox_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'admin-password' + advanced_ranger_knox_plugin_properties['KNOX_HOME'] = '/usr/hdp/current/knox-server' + advanced_ranger_knox_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = knox_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = knox_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = knox_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = knox_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = knox_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_knox_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = knox_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + + knox_ssl_keystore_password = '' + knox_ssl_truststore_password = '' + + libpath = os.path.join(hdp_version_dir, 'ranger-knox-plugin', 'install', 'lib', '*') + aliasKey = 'sslkeystore' + aliasValue = '' + filepath = os.path.join('/etc/ranger', knox_plugin_install_properties['xasecure.audit.repository.name'], 'cred.jceks') + getorcreateorlist = 'get' + + statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) + if statuscode == 0: + knox_ssl_keystore_password = value.strip() + + aliasKey = 'ssltruststore' + statuscode, value = call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist) + if statuscode == 0: + knox_ssl_truststore_password = value.strip() + + advanced_ranger_knox_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = knox_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_knox_plugin_properties['SSL_KEYSTORE_PASSWORD'] = knox_ssl_keystore_password + advanced_ranger_knox_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = knox_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_knox_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = knox_ssl_truststore_password + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-knox-plugin-properties", "service_config_version_note": "Initial configuration for Ranger KNOX plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps( + advanced_ranger_knox_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + print ('####################### ranger_knox_plugin_properties configuration :') + for each_key in advanced_ranger_knox_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_knox_plugin_properties[each_key]) + + confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('ranger knox plugin configuration added successfully in ambari.') + return True + else: + print('ranger knox plugin configuration add failed in ambari.') + return False + else: + print('ranger knox plugin configuration add failed in ambari.') + return False + else: + print ('exiting installation without configuration !') + sys.exit(0) + else: + print('ranger knox plugin configuration add failed in ambari.') + return False + + +def port_ranger_storm_plugin_to_ambari(): + print('Trying to add ranger storm plugin.') + flag_storm_plugin_installed, storm_plugin_install_properties = get_storm_plugin_configuration() + if flag_storm_plugin_installed and storm_plugin_install_properties is not None: + print('Storm plugin is installed and enabled, adding to configurations') + advanced_ranger_storm_plugin_properties = dict() + + advanced_ranger_storm_plugin_properties['policy_user'] = 'storm' + advanced_ranger_storm_plugin_properties['common.name.for.certificate'] = '-' + advanced_ranger_storm_plugin_properties['ranger-storm-plugin-enabled'] = 'Yes' + advanced_ranger_storm_plugin_properties['REPOSITORY_CONFIG_USERNAME'] = '[email protected]' + advanced_ranger_storm_plugin_properties['REPOSITORY_CONFIG_PASSWORD'] = 'stormtestuser' + advanced_ranger_storm_plugin_properties['XAAUDIT.DB.IS_ENABLED'] = storm_plugin_install_properties['xasecure.audit.db.is.enabled'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.IS_ENABLED'] = storm_plugin_install_properties['xasecure.audit.hdfs.is.enabled'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.directory'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.directory'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.directory'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.file'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.destination.flush.interval.seconds'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = storm_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.rollover.interval.seconds'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = storm_plugin_install_properties[ + 'xasecure.audit.hdfs.config.destination.open.retry.interval.seconds'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.file'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = storm_plugin_install_properties[ + 'xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds'] + advanced_ranger_storm_plugin_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = storm_plugin_install_properties['xasecure.audit.hdfs.config.local.archive.max.file.count'] + advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore'] + advanced_ranger_storm_plugin_properties['SSL_KEYSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.keystore.password'] + advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_FILE_PATH'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore'] + advanced_ranger_storm_plugin_properties['SSL_TRUSTSTORE_PASSWORD'] = storm_plugin_install_properties['xasecure.policymgr.clientssl.truststore.password'] + + date_time_stamp = getDateTimeNow() + plugin_configuration_data = '[{"Clusters":{"desired_config":[{"type": "ranger-storm-plugin-properties", "service_config_version_note": "Initial configuration for Ranger STORM plugin" ,"tag":"' + str(date_time_stamp) + '", "properties":' + json.dumps( + advanced_ranger_storm_plugin_properties) + ',"properties_attributes": {"final": "false"}}]}}]' + + print ('####################### ranger_storm_plugin_properties configuration :') + for each_key in advanced_ranger_storm_plugin_properties: + print str(each_key) + ' = ' + str(advanced_ranger_storm_plugin_properties[each_key]) + + confirm_configurations = raw_input('please confirm the above configuration values y/n (n) : ') + if(confirm_configurations == ''): + confirm_configurations = 'n' + print ('Input registered as ' + str(confirm_configurations)) + + + if(confirm_configurations.lower() == 'y'): + ranger_config_request_url = ambari_cluster_url + request_result = call_ambari_api(ranger_config_request_url, 'PUT', ambari_username_password, str(plugin_configuration_data)) + if request_result is not None: + response_code = request_result.getcode() + response = json.loads(json.JSONEncoder().encode(request_result.read())) + if response_code == 200 and response is not None: + print('ranger storm plugin configuration added successfully in ambari.') + return True + else: + print('ranger storm plugin configuration add failed in ambari.') + return False + else: + print('ranger storm plugin configuration add failed in ambari.') + return False + else: + print ('exiting installation without configuration !') + sys.exit(0) + else: + print('ranger storm plugin configuration add failed in ambari.') + return False + + + +def get_hdfs_plugin_configuration(): + flag_hdfs_plugin_installed = False + hdfs_plugin_install_properties = dict() + print('hdfs plugin is present and installed to ranger,getting additional properties from installed files .') + base_hadoop_conf_path = '/etc/hadoop/conf/' + hdfs_site_xml_path = os.path.join(base_hadoop_conf_path, 'hdfs-site.xml') + hdfs_site_xml_properties = import_properties_from_xml(hdfs_site_xml_path) + xasecure_audit_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-audit.xml') + hdfs_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hdfs_plugin_install_properties) + xasecure_hdfs_security_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-hdfs-security.xml') + hdfs_plugin_install_properties = import_properties_from_xml(xasecure_hdfs_security_xml_path, hdfs_plugin_install_properties) + xasecure_policy_ssl_xml_path = os.path.join(base_hadoop_conf_path, 'xasecure-policymgr-ssl.xml') + hdfs_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hdfs_plugin_install_properties) + flag_plugin_installed = check_plugin_enabled('hdfs', hdfs_plugin_install_properties) + if(flag_plugin_installed): + flag_hdfs_plugin_installed = True + return flag_hdfs_plugin_installed, hdfs_plugin_install_properties, hdfs_site_xml_properties + + +def get_hive_plugin_configuration(): + flag_hive_plugin_installed = False + hive_plugin_install_properties = dict() + print('hive plugin is present and installed to ranger, configuring to setup in ambari.') + base_hive_conf_path = '/etc/hive/conf/' + hive_server2_xml_path = os.path.join(base_hive_conf_path, 'hiveserver2-site.xml') + hive_server2_xml_properties = import_properties_from_xml(hive_server2_xml_path) + xasecure_audit_xml_path = os.path.join(base_hive_conf_path, 'xasecure-audit.xml') + hive_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hive_plugin_install_properties) + xasecure_hive_security_xml_path = os.path.join(base_hive_conf_path, 'xasecure-hive-security.xml') + hive_plugin_install_properties = import_properties_from_xml(xasecure_hive_security_xml_path, hive_plugin_install_properties) + xasecure_policy_ssl_xml_path = os.path.join(base_hive_conf_path, 'xasecure-policymgr-ssl.xml') + hive_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hive_plugin_install_properties) + hive_security_xml_path = os.path.join(base_hive_conf_path, 'xasecure-hive-security.xml') + hive_plugin_install_properties = import_properties_from_xml(hive_security_xml_path, hive_plugin_install_properties) + flag_plugin_installed = check_plugin_enabled('hive', hive_plugin_install_properties) + if(flag_plugin_installed): + flag_hive_plugin_installed = True + return flag_hive_plugin_installed, hive_plugin_install_properties, hive_server2_xml_properties + + +def get_hbase_plugin_configuration(): + flag_hbase_plugin_installed = False + hbase_plugin_install_properties = dict() + print('hbase plugin is present and installed to ranger, configuring to setup in ambari.') + base_hbase_conf_path = '/etc/hbase/conf/' + hbase_site_xml_path = os.path.join(base_hbase_conf_path, 'hbase-site.xml') + hbase_site_xml_properties = import_properties_from_xml(hbase_site_xml_path) + xasecure_audit_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-audit.xml') + hbase_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, hbase_plugin_install_properties) + xasecure_hbase_security_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-hbase-security.xml') + hbase_plugin_install_properties = import_properties_from_xml(xasecure_hbase_security_xml_path, hbase_plugin_install_properties) + xasecure_policy_ssl_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-policymgr-ssl.xml') + hbase_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, hbase_plugin_install_properties) + hbase_security_xml_path = os.path.join(base_hbase_conf_path, 'xasecure-hbase-security.xml') + hbase_plugin_install_properties = import_properties_from_xml(hbase_security_xml_path, hbase_plugin_install_properties) + flag_plugin_installed = check_plugin_enabled('hbase', hbase_plugin_install_properties) + if(flag_plugin_installed): + flag_hbase_plugin_installed = True + return flag_hbase_plugin_installed, hbase_plugin_install_properties, hbase_site_xml_properties + + +def get_knox_plugin_configuration(): + flag_knox_plugin_installed = False + knox_plugin_install_properties = dict() + print('knox plugin is present and installed to ranger, configuring to setup in ambari.') + base_knox_conf_path = '/etc/knox/conf/' + xasecure_audit_xml_path = os.path.join(base_knox_conf_path, 'xasecure-audit.xml') + knox_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, knox_plugin_install_properties) + xasecure_knox_security_xml_path = os.path.join(base_knox_conf_path, 'xasecure-knox-security.xml') + knox_plugin_install_properties = import_properties_from_xml(xasecure_knox_security_xml_path, knox_plugin_install_properties) + xasecure_policy_ssl_xml_path = os.path.join(base_knox_conf_path, 'xasecure-policymgr-ssl.xml') + knox_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, knox_plugin_install_properties) + flag_plugin_installed = check_plugin_enabled('knox', knox_plugin_install_properties) + if(flag_plugin_installed): + flag_knox_plugin_installed = True + return flag_knox_plugin_installed, knox_plugin_install_properties + + + +def get_storm_plugin_configuration(): + flag_storm_plugin_installed = False + storm_plugin_install_properties = dict() + print('storm plugin is present and installed to ranger, configuring to setup in ambari.') + base_knox_conf_path = '/etc/storm/conf/' + xasecure_audit_xml_path = os.path.join(base_knox_conf_path, 'xasecure-audit.xml') + storm_plugin_install_properties = import_properties_from_xml(xasecure_audit_xml_path, storm_plugin_install_properties) + xasecure_storm_security_xml_path = os.path.join(base_knox_conf_path, 'xasecure-storm-security.xml') + storm_plugin_install_properties = import_properties_from_xml(xasecure_storm_security_xml_path, storm_plugin_install_properties) + xasecure_policy_ssl_xml_path = os.path.join(base_knox_conf_path, 'xasecure-policymgr-ssl.xml') + storm_plugin_install_properties = import_properties_from_xml(xasecure_policy_ssl_xml_path, storm_plugin_install_properties) + flag_plugin_installed = check_plugin_enabled('storm', storm_plugin_install_properties) + if(flag_plugin_installed): + flag_storm_plugin_installed = True + return flag_storm_plugin_installed, storm_plugin_install_properties + + + + +def check_plugin_enabled(component_name, component_plugin_install_properties): + flag_plugin_installed = False + if not (str(component_plugin_install_properties['xasecure.audit.repository.name']).strip() == ''): + repo_base_path = os.path.join('/etc/ranger', component_plugin_install_properties['xasecure.audit.repository.name']) + print('repo_base_path = ' + str(repo_base_path)) + if os.path.exists(repo_base_path): + print('Plugin is installed for component ' + component_name) + flag_plugin_installed = True + return flag_plugin_installed + + +def call_ambari_api(ambari_url, method, username_password, data): + try: + url = ambari_url + base64string = base64.encodestring('{0}'.format(username_password)).replace('\n', '') + headers = {"X-Requested-By": "ambari"} + request = urllib2.Request(url, data, headers, 'compressed') + request.get_method = lambda: method + request.add_header("Authorization", "Basic {0}".format(base64string)) + result = urllib2.urlopen(request) + return result + except urllib2.URLError, e: + if isinstance(e, urllib2.HTTPError): + print("HTTP Code: {0}".format(e.code)) + print("HTTP Data: {0}".format(e.read())) + return e + else: + print("Error: {0}".format(e.reason)) + print ('ambari server is not reachable, please make sure valid ambari server url has been provided and ambari server is started.') + return e + except httplib.BadStatusLine: + print("ambari service is not reachable, please restart the service and then try again") + return None + + +def import_properties_from_file(install_properties_path, properties_from_file=None): + if properties_from_file is None: + print('properties_from_file is none initializing to dict') + properties_from_file = dict() + if os.path.isfile(install_properties_path): + install_properties_file = open(install_properties_path) + for each_line in install_properties_file.read().split('\n'): + each_line = each_line.strip() + if len(each_line) == 0: continue + if '#https.service.port' in each_line: + each_line = each_line.strip('#') + if '#' in each_line: continue + key, value = each_line.strip().split("=", 1) + key = key.strip() + value = value.strip() + properties_from_file[key] = value + else: + print('Property file not found at path : ' + str(install_properties_path)) + return properties_from_file + + +def import_properties_from_xml(xml_path, properties_from_xml=None): + print('getting values from file : ' + str(xml_path)) + if os.path.isfile(xml_path): + xml = ET.parse(xml_path) + root = xml.getroot() + if properties_from_xml is None: + properties_from_xml = dict() + for child in root.findall('property'): + name = child.find("name").text.strip() + value = child.find("value").text.strip() if child.find("value").text is not None else "" + properties_from_xml[name] = value + else: + print('XML file not found at path : ' + str(xml_path)) + return properties_from_xml + + +def get_authentication_method(): + print('Getting authentication method for ranger services') + ranger_conf_path = '/etc/ranger/admin/conf' + security_appln_context_path = os.path.join(ranger_conf_path,'security-applicationContext.xml') + print ('security_appln_context_path = ' + security_appln_context_path) + app_context_xml_tree = ET.parse(security_appln_context_path) + app_context_xml_root = app_context_xml_tree.getroot() + reference_auth_method = None + authentication_method = None + for child_nodes in app_context_xml_root.getiterator(): + if( ('authentication-provider' in str(child_nodes.tag)) and not('-ref' in str(child_nodes.attrib)) ): + reference_auth_method = child_nodes.attrib['ref'] + + if( reference_auth_method is not None and 'jaasAuthProvider' in reference_auth_method): + authentication_method = 'UNIX' + elif( reference_auth_method is not None and 'activeDirectoryAuthenticationProvider' in reference_auth_method): + authentication_method = 'ACTIVE_DIRECTORY' + elif( reference_auth_method is not None and 'ldapAuthProvider' in reference_auth_method): + authentication_method = 'LDAP' + else: + authentication_method = 'NONE' + + return authentication_method + + + +def call_keystore(libpath, aliasKey, aliasValue, filepath, getorcreateorlist): + finalLibPath = libpath.replace('\\', '/').replace('//', '/') + finalFilePath = 'jceks://file/' + filepath.replace('\\', '/').replace('//', '/') + if getorcreateorlist == 'create': + commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks', 'create', aliasKey, '-value', aliasValue, '-provider', finalFilePath] + p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode + elif getorcreateorlist == 'get': + commandtorun = ['java', '-cp', finalLibPath, 'com.hortonworks.credentialapi.buildks', 'get', aliasKey, '-provider', finalFilePath] + p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode, output + elif getorcreateorlist == 'list': + commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks', 'list', '-provider', finalFilePath] + p = Popen(commandtorun, stdin=PIPE, stdout=PIPE, stderr=PIPE) + output, error = p.communicate() + statuscode = p.returncode + return statuscode, output + else: + print('proper command not received for input need get or create') + + +def get_hdp_version(): + return_code = -1 + hdp_output = '' + hdp_version = None + match = None + statuscode = -1 + try: + command_to_run = 'hdp-select status hadoop-client' + output = Popen(command_to_run, stdin=PIPE, stdout=PIPE, stderr=PIPE, shell=True) + return_code, error = output.communicate() + statuscode = output.returncode + except Exception, e: + print('Error : ' + str(e)) + if statuscode == 0: + hdp_version = re.sub('hadoop-client - ', '', return_code) + hdp_version = hdp_version.rstrip() + match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version) + print ('hdp_version = ' + hdp_version) + else: + print('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code))) + + if match is None: + print('Failed to get extracted version') + return None + else: + return hdp_version + +def getDateTimeNow(): + return datetime.datetime.now().strftime("%Y%m%d%H%M%S") + + +if __name__ == '__main__': + + + if len(sys.argv) > 1: + function_to_call = sys.argv[1] if len(sys.argv) > 1 else None + base_url = sys.argv[2] if len(sys.argv) > 2 else None + print ('base url = ' + base_url) + ambari_username_password = sys.argv[3] if len(sys.argv) > 3 else None + print ('ambari_username_password = ' + ambari_username_password) + cluster_name = sys.argv[4] if len(sys.argv) > 4 else None + print ('cluster_name = ' + cluster_name) + ranger_admin_fqdn = sys.argv[5] if len(sys.argv) > 5 else None + print ('ranger_admin_fqdn = ' + ranger_admin_fqdn) + ranger_service_name = 'RANGER' + admin_component_name = 'RANGER_ADMIN' + usersync_component_name = 'RANGER_USERSYNC' + ambari_cluster_url = str(base_url) + '/api/v1/clusters/' + str(cluster_name) + ambari_service_url = str(ambari_cluster_url) + '/services' + hdp_dir = os.path.join('/usr', 'hdp') + hdp_current_dir = os.path.join(hdp_dir, 'current') + hdp_version = get_hdp_version() + print('Found hdp_version = ' + str(hdp_version)) + hdp_version_dir = os.path.join(hdp_dir, hdp_version) + if function_to_call is not None and len(function_to_call) > 0: + print('Found first argument as : ' + function_to_call) + function_to_call = int(function_to_call) + if function_to_call == 1: + print('Porting ranger admin installation details to ambari.') + port_ranger_installation_to_ambari() + elif function_to_call == 2: + print('Porting ranger User-sync installation details to ambari.') + port_ranger_usersync_installation_to_ambari() + elif function_to_call == 3: + print('Porting ranger hdfs plugin details to ambari.') + port_ranger_hdfs_plugin_to_ambari() + elif function_to_call == 4: + print('Porting ranger Hive plugin details to ambari.') + port_ranger_hive_plugin_to_ambari() + elif function_to_call == 5: + print('Porting ranger Hbase plugin details to ambari.') + port_ranger_hbase_plugin_to_ambari() + elif function_to_call == 6: + print('Porting ranger Knox plugin details to ambari.') + port_ranger_knox_plugin_to_ambari() + elif function_to_call == 7: + print('Porting ranger Storm plugin details to ambari.') + port_ranger_storm_plugin_to_ambari() + else: + print ('Unsupported option passed for installation, please pass proper supported option') + + else: + print('Usage :' + '\n python import_ranger_to_ambari.py {install option eg. 1} { ambari server url (eg. http://100.100.100.100:8080) } {ambari server username password (eg. demo_user:demo_pass) } {cluster name (eg. ambari_cluster)} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installe (eg. ambari.server.com)} ' + '\n Actual call will be like : python ranger_port_script.py 1 http://100.100.100.100:8080 demo_user:demo_pass ambari_cluster ambari.server.com' + '\n Pass first parameter as 1 for Ranger integration with Ambari.' + '\n Pass first parameter as 2 for Ranger User-sync integration with Ambari.' + '\n Pass first parameter as 3 for Ranger Hdfs Plugin integration with Ambari.' + '\n Pass first parameter as 4 for Ranger Hive Plugin integration with Ambari.' + '\n Pass first parameter as 5 for Ranger Hbase Plugin integration with Ambari.' + '\n Pass first parameter as 6 for Ranger Knox Plugin integration with Ambari.' + '\n Pass first parameter as 7 for Ranger Storm Plugin integration with Ambari.') + + sys.exit(0) + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3770fbd5/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties ---------------------------------------------------------------------- diff --git a/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties new file mode 100755 index 0000000..f892a60 --- /dev/null +++ b/migration-util/ambari2.0-hdp2.2-ranger0.40/bin/ranger_admin_install.properties @@ -0,0 +1,33 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# This file provides list of deployment variables for the Policy Manager Web Application to be migrated to Ambari server +# + +# Below are the mandatory parameters, required to be filled in by the user. + +# +# DB password for the DB admin user-id +# +# For example: +# db_root_user=root +# db_root_user=SYS +# +# Mandatory properties for migration to be filled by user prior to migration. +# db_root_user = needs to be updated by user before running the migration script. +# db_root_password = needs to be updated by user before running the migration script. +db_root_user= +db_root_password= http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3770fbd5/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT ---------------------------------------------------------------------- diff --git a/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT b/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT new file mode 100755 index 0000000..f466e9d --- /dev/null +++ b/migration-util/ambari2.0-hdp2.2-ranger0.40/doc/README.TXT @@ -0,0 +1,74 @@ +Utility to Migrate Ranger Config into Ambari (from a previous manual install) +----------------------------------------------------------------------------- + +Pre-requisites: +---------------- + * Ambari Server (2.0.0) installed on one of the host of the cluster. + * Ranger service is manually installed outside Ambari. + * If user had Ambari 1.7.0 installed, Ambari needs to be upgraded to 2.0.0, before this script is run. + * Ranger service is expected to be up and running. + * Whichever component plugin needs to imported, that component should be up and running in Ambari server. + * Whichever component plugin needs to be imported, that plugin needs to be installed as well as enabled independently by the user. + * The installation folder paths for each component is as follows : + * For Ranger Admin service: /usr/hdp/<hdp_vers>/ranger-admin + * For Ranger Usersync service: /usr/hdp/<hdp_vers>/ranger-usersync + * For Ranger Hbase plugin: /usr/hdp/<hdp_vers>/ranger-hbase-plugin + * For Ranger Hdfs plugin: /usr/hdp/<hdp_vers>/ranger-hdfs-plugin + * For Ranger Hive plugin: /usr/hdp/<hdp_vers>/ranger-hive-plugin + * For Ranger Knox plugin: /usr/hdp/<hdp_vers>/ranger-knox-plugin + * For Ranger Storm plugin: /usr/hdp/<hdp_vers>/ranger-storm-plugin + +Pre Install: +------------ + * Please take a backup of existing ranger DB and configurations, in case required. + * Please take a backup of existing ambari DB and configurations, in case required. + * You must have an existing MySQL Server or Oracle Server database instance running to be used by Ranger. + * Ensure that the access for the DB Admin user (root in case of MySQL or SYS in case of Oracle) is enabled in DB server from any host. + * Execute the following command on the Ambari Server host. + * Replace database-type with mysql or oracle and /jdbc/driver/path based on the location of the MySQL or Oracle JDBC driver: + + ambari-server setup --jdbc-db={database-type} --jdbc-driver={/jdbc/driver/path} + +Steps to Add Ranger in a Ambari HDP cluster: +-------------------------------------------- + * In order to know about usage of the script, Execute the command: + python import_ranger_to_ambari.py + * Migration script locates the existing config in post-install properties files used by the service. + * This script will collect required configs from the independently installed Ranger service configurations + and after verification from the user, post it to the specified Ambari Server. + * Set appropriate values in the <component>_install.properties template file, only if required. + For Ranger Admin service, ranger_admin_install.properties + * For script to use proper values, mandatory properties to be filled by user are as follows : + 1) During Ranger_Admin installation migration db_root_username and db_root_password are mandatory, + which can be set in the ranger_admin_install.properties + +To import Ranger (Admin and User-Sync) service and plugins we need to run the python script using command line as shown below, +with valid input parameters, from the host where specific Ranger component has been installed / enabled : + +python import_ranger_to_ambari.py {install option} {ambari server url} {ambari server admin username:password} {cluster name} {FQDN of host having Ranger Admin or Ranger Usersync or plugins installed} + +for example the actual command will be as : + +python import_ranger_to_ambari.py 1 http://100.100.100.100:8080 admin:admin ambari_cluster rangerambari-feb09-rhel6-mp-sec-6.cs1cloud.internal + +First parameter (install option) is to mention the service type to be ported to Ambari that is, + 1 for adding Ranger service and Ranger Admin component to Ambari. + 2 for adding Ranger User sync component to Ambari. + 3 to import Ranger Hdfs Plugin configs to Ambari. + 4 to import Ranger Hive Plugin configs to Ambari. + 5 to import Ranger Hbase Plugin configs to Ambari. + 6 to import Ranger Knox Plugin configs to Ambari. + 7 to import Ranger Storm Plugin configs to Ambari. + + * After running the script with first parameter as 1, Ranger service should be visible as Ambari service and Ranger-Admin should be visible. + * After running with 2 Ranger-Usersync should also be visible as its component, like-wise for the respective plugins. + * After executing the script with options 3 to 7 - please visit Ambari UI and restart the individual component, after the UI reflects the changes. + +Debugging: +---------- + * Make sure to back up the ranger config and DB prior to running the scripts. + * It is possible that the service-components may be added to Ambari but the installation may fail. In that case, look for the logs from Ambari-UI. + * If any of the pre-requisite is not met this might happen, in that case, try installation from Ambari-UI itself. + * If the services are configured and not started it may show up as Install Pending, reinstall both Admin and User-sync from Ambari UI, and then start the services. + * In case if the services are installed and in stopped state, restart them from Ambari-UI. +
