Repository: incubator-ranger Updated Branches: refs/heads/master 5c648ee90 -> 6b47ac115
RANGER-900 : Remove support for DB based auditing Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/6b47ac11 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/6b47ac11 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/6b47ac11 Branch: refs/heads/master Commit: 6b47ac115f847d1938a1e00e7288f59e0c724ed5 Parents: 5c648ee Author: Pradeep Agrawal <[email protected]> Authored: Thu Apr 14 23:47:21 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Apr 14 18:34:21 2016 -0400 ---------------------------------------------------------------------- .../apache/ranger/audit/test/TestEvents.java | 2 +- agents-common/scripts/enable-agent.sh | 9 ++- .../plugin/policyengine/TestPolicyEngine.java | 2 +- hbase-agent/conf/ranger-hbase-audit-changes.cfg | 12 ++-- hbase-agent/scripts/install.properties | 21 ------- hdfs-agent/conf/ranger-hdfs-audit-changes.cfg | 12 ++-- hdfs-agent/scripts/install.properties | 21 ------- hive-agent/conf/ranger-hive-audit-changes.cfg | 12 ++-- hive-agent/scripts/install.properties | 20 ------- kms/scripts/install.properties | 21 ------- knox-agent/conf/ranger-knox-audit-changes.cfg | 12 ++-- knox-agent/scripts/install.properties | 20 ------- .../conf/ranger-kafka-audit-changes.cfg | 12 ++-- plugin-kafka/scripts/install.properties | 21 ------- plugin-kms/conf/ranger-kms-audit-changes.cfg | 12 ++-- plugin-kms/scripts/enable-kms-plugin.sh | 9 ++- plugin-solr/conf/ranger-solr-audit-changes.cfg | 12 ++-- plugin-solr/scripts/install.properties | 21 ------- plugin-yarn/conf/ranger-yarn-audit-changes.cfg | 12 ++-- plugin-yarn/scripts/install.properties | 20 ------- security-admin/scripts/db_setup.py | 33 ++++++----- security-admin/scripts/dba_script.py | 59 +++++--------------- security-admin/scripts/install.properties | 20 +------ security-admin/scripts/setup.sh | 45 +++++++++------ .../conf.dist/ranger-admin-default-site.xml | 22 ++++++++ .../resources/conf.dist/ranger-admin-site.xml | 21 ------- storm-agent/conf/ranger-storm-audit-changes.cfg | 12 ++-- storm-agent/scripts/install.properties | 20 ------- 28 files changed, 154 insertions(+), 361 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java index 3e89cc4..e84d6fb 100644 --- a/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java +++ b/agents-audit/src/main/java/org/apache/ranger/audit/test/TestEvents.java @@ -65,7 +65,7 @@ public class TestEvents { auditProperties.setProperty("xasecure.audit.log4j.is.async", "false"); auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000"); auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000"); - auditProperties.setProperty("xasecure.audit.db.is.enabled", "true"); + auditProperties.setProperty("xasecure.audit.db.is.enabled", "false"); auditProperties.setProperty("xasecure.audit.db.is.async", "true"); auditProperties.setProperty("xasecure.audit.db.async.max.queue.size", "100000"); auditProperties.setProperty("xasecure.audit.db.async.max.flush.interval.ms", "30000"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/agents-common/scripts/enable-agent.sh ---------------------------------------------------------------------- diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh index 3791847..1fa1845 100755 --- a/agents-common/scripts/enable-agent.sh +++ b/agents-common/scripts/enable-agent.sh @@ -392,8 +392,10 @@ then # # We need to do the AUDIT JDBC url # - - db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'` +db_flavor='' +#db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'` +if [ "${db_flavor}" != "" ] +then audit_db_hostname=$(getInstallProperty 'XAAUDIT.DB.HOSTNAME') audit_db_name=$(getInstallProperty 'XAAUDIT.DB.DATABASE_NAME') @@ -431,6 +433,7 @@ then export XAAUDIT_DB_JDBC_URL="jdbc:${db_flavor}://${audit_db_hostname}/${audit_db_name}" export XAAUDIT_DB_JDBC_DRIVER="com.unknown.driver.${db_flavor}" fi +fi for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg @@ -578,7 +581,7 @@ then auditdbCred=$(getInstallProperty 'XAAUDIT.DB.PASSWORD') - create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}" + #create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}" # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java index 8ee6bea..6bb7486 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java @@ -83,7 +83,7 @@ public class TestPolicyEngine { auditProperties.setProperty("xasecure.audit.log4j.is.async", "false"); auditProperties.setProperty("xasecure.audit.log4j.async.max.queue.size", "100000"); auditProperties.setProperty("xasecure.audit.log4j.async.max.flush.interval.ms", "30000"); - auditProperties.setProperty("xasecure.audit.db.is.enabled", "true"); + auditProperties.setProperty("xasecure.audit.db.is.enabled", "false"); auditProperties.setProperty("xasecure.audit.db.is.async", "false"); auditProperties.setProperty("xasecure.audit.db.async.max.queue.size", "100000"); auditProperties.setProperty("xasecure.audit.db.async.max.flush.interval.ms", "30000"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hbase-agent/conf/ranger-hbase-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/hbase-agent/conf/ranger-hbase-audit-changes.cfg b/hbase-agent/conf/ranger-hbase-audit-changes.cfg index e29ccd5..719c7cd 100644 --- a/hbase-agent/conf/ranger-hbase-audit-changes.cfg +++ b/hbase-agent/conf/ranger-hbase-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hbase-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties index 795ea3e..aca57bb 100644 --- a/hbase-agent/scripts/install.properties +++ b/hbase-agent/scripts/install.properties @@ -81,27 +81,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties # -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - -# # Audit to HDFS Configuration # # If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg index 9c88450..e34d154 100644 --- a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg +++ b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hdfs-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties index b4dda13..148d2ba 100644 --- a/hdfs-agent/scripts/install.properties +++ b/hdfs-agent/scripts/install.properties @@ -77,27 +77,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties # -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - -# # Audit to HDFS Configuration # # If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hive-agent/conf/ranger-hive-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/hive-agent/conf/ranger-hive-audit-changes.cfg b/hive-agent/conf/ranger-hive-audit-changes.cfg index 4e61c7d..3fd7e14 100644 --- a/hive-agent/conf/ranger-hive-audit-changes.cfg +++ b/hive-agent/conf/ranger-hive-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/hive-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties index 6b71a85..9f88524 100644 --- a/hive-agent/scripts/install.properties +++ b/hive-agent/scripts/install.properties @@ -77,26 +77,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties -# -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= # # Audit to HDFS Configuration http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/kms/scripts/install.properties ---------------------------------------------------------------------- diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index 7762948..fceae8f 100755 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -143,27 +143,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=true -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - -# # Audit to HDFS Configuration # # If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/knox-agent/conf/ranger-knox-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/knox-agent/conf/ranger-knox-audit-changes.cfg b/knox-agent/conf/ranger-knox-audit-changes.cfg index f722e53..f0571e7 100644 --- a/knox-agent/conf/ranger-knox-audit-changes.cfg +++ b/knox-agent/conf/ranger-knox-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/knox-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties index 1febd49..dbf1e11 100644 --- a/knox-agent/scripts/install.properties +++ b/knox-agent/scripts/install.properties @@ -81,26 +81,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - # # Audit to HDFS Configuration # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kafka/conf/ranger-kafka-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg index 46ee29a..661b498 100644 --- a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg +++ b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kafka/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties index 79ea6db..e5cf664 100644 --- a/plugin-kafka/scripts/install.properties +++ b/plugin-kafka/scripts/install.properties @@ -84,27 +84,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties # -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - -# # Audit to HDFS Configuration # # If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kms/conf/ranger-kms-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-kms/conf/ranger-kms-audit-changes.cfg b/plugin-kms/conf/ranger-kms-audit-changes.cfg index 5a51455..69849d6 100644 --- a/plugin-kms/conf/ranger-kms-audit-changes.cfg +++ b/plugin-kms/conf/ranger-kms-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-kms/scripts/enable-kms-plugin.sh ---------------------------------------------------------------------- diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh index 7bf6c62..1661a61 100755 --- a/plugin-kms/scripts/enable-kms-plugin.sh +++ b/plugin-kms/scripts/enable-kms-plugin.sh @@ -360,8 +360,10 @@ then # # We need to do the AUDIT JDBC url # - - db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'` +db_flavor='' +#db_flavor=`echo $(getInstallProperty 'XAAUDIT.DB.FLAVOUR') | tr '[:lower:]' '[:upper:]'` +if [ "${db_flavor}" != "" ] +then audit_db_hostname=$(getInstallProperty 'XAAUDIT.DB.HOSTNAME') audit_db_name=$(getInstallProperty 'XAAUDIT.DB.DATABASE_NAME') @@ -395,6 +397,7 @@ then export XAAUDIT_DB_JDBC_URL="jdbc:${db_flavor}://${audit_db_hostname}/${audit_db_name}" export XAAUDIT_DB_JDBC_DRIVER="com.unknown.driver.${db_flavor}" fi +fi for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg @@ -525,7 +528,7 @@ then auditdbCred=$(getInstallProperty 'XAAUDIT.DB.PASSWORD') - create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}" + #create_jceks "${auditCredAlias}" "${auditdbCred}" "${CredFile}" # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-solr/conf/ranger-solr-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg index 2742bc1..622052e 100644 --- a/plugin-solr/conf/ranger-solr-audit-changes.cfg +++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-solr/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index a3d9887..9073e8e 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -84,27 +84,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties # -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= - -# # Audit to HDFS Configuration # # If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-yarn/conf/ranger-yarn-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg index b650be1..8071e7b 100644 --- a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg +++ b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/plugin-yarn/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties index 3780068..3825125 100644 --- a/plugin-yarn/scripts/install.properties +++ b/plugin-yarn/scripts/install.properties @@ -75,26 +75,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties -# -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= # # Audit to HDFS Configuration http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index 3d20fcd..595f810 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -2106,9 +2106,9 @@ def main(argv): xa_access_audit = 'xa_access_audit' x_user = 'x_portal_user' - audit_db_name = globalDict['audit_db_name'] - audit_db_user = globalDict['audit_db_user'] - audit_db_password = globalDict['audit_db_password'] + #audit_db_name = globalDict['db_name'] + #audit_db_user = globalDict['db_user'] + #audit_db_password = globalDict['db_password'] if XA_DB_FLAVOR == "MYSQL": MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] @@ -2171,8 +2171,8 @@ def main(argv): audit_db_file = os.path.join(RANGER_ADMIN_HOME , oracle_audit_file) elif AUDIT_DB_FLAVOR == "POSTGRES": - audit_db_user=audit_db_user.lower() - audit_db_name=audit_db_name.lower() + #audit_db_user=audit_db_user.lower() + #audit_db_name=audit_db_name.lower() POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME , postgres_audit_file) @@ -2199,8 +2199,11 @@ def main(argv): audit_store = None if audit_store is None or audit_store == "": - audit_store = "db" + audit_store = "solr" audit_store=audit_store.lower() + if not audit_store =='solr': + log("[E] Only 'Solr' audit store is supported from current version!","error") + sys.exit(1) if len(argv)==1: log("[I] --------- Verifying Ranger DB tables ---------","info") @@ -2209,10 +2212,10 @@ def main(argv): else: log("[I] --------- Importing Ranger Core DB Schema ---------","info") xa_sqlObj.import_db_file(db_name, db_user, db_password, xa_db_core_file) - if XA_DB_FLAVOR == "ORACLE": - if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit): - if db_user != audit_db_user: - xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user) + #if XA_DB_FLAVOR == "ORACLE": + #if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit): + #if db_user != audit_db_user: + #xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user) log("[I] --------- Verifying upgrade history table ---------","info") output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version) if output == False: @@ -2220,11 +2223,11 @@ def main(argv): xa_sqlObj.upgrade_db(db_name, db_user, db_password, xa_db_version_file) log("[I] --------- Applying Ranger DB patches ---------","info") xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file) - if audit_store == "db": - log("[I] --------- Starting Audit Operation ---------","info") - audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit) - log("[I] --------- Applying Audit DB patches ---------","info") - audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit) + #if audit_store == "db": + #log("[I] --------- Starting Audit Operation ---------","info") + #audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit) + #log("[I] --------- Applying Audit DB patches ---------","info") + #audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit) if len(argv)>1: for i in range(len(argv)): http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 0ebd90b..5f3fd42 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -1540,39 +1540,6 @@ def main(argv): log("Enter db user password:","info") db_password = getpass.getpass("Enter db user password:") - if (quiteMode): - audit_db_name = globalDict['audit_db_name'] - else: - if (dryMode): - audit_db_name='ranger_audit_db' - else: - audit_db_name='' - while audit_db_name == "": - log("Enter audit db name:","info") - audit_db_name = raw_input() - - if (quiteMode): - audit_db_user = globalDict['audit_db_user'] - else: - if (dryMode): - audit_db_user='ranger_logger_user' - else: - audit_db_user='' - while audit_db_user == "": - log("Enter audit user name:","info") - audit_db_user = raw_input() - - if (quiteMode): - audit_db_password = globalDict['audit_db_password'] - else: - if (dryMode): - audit_db_password='*****' - else: - audit_db_password='' - while audit_db_password == "": - log("Enter audit db user password:","info") - audit_db_password = getpass.getpass("Enter audit db user password:") - audit_db_root_user = xa_db_root_user audit_db_root_password = xa_db_root_password @@ -1666,8 +1633,8 @@ def main(argv): audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file) elif AUDIT_DB_FLAVOR == "POSTGRES": - audit_db_user=audit_db_user.lower() - audit_db_name=audit_db_name.lower() + #audit_db_user=audit_db_user.lower() + #audit_db_name=audit_db_name.lower() POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file) @@ -1691,19 +1658,23 @@ def main(argv): audit_store = None if audit_store is None or audit_store == "": - audit_store = "db" + audit_store = "solr" audit_store=audit_store.lower() + if not audit_store =='solr': + log("[E] Only 'Solr' audit store is supported from current version!","error") + sys.exit(1) + if not dryMode: - log("[I] ---------- Verifing DB root password ---------- ","info") + log("[I] ---------- Verifying DB root password ---------- ","info") password_validation(xa_db_root_password,"DBA root"); - log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info") + log("[I] ---------- Verifying Ranger Admin db user password ---------- ","info") password_validation(db_password,"admin"); # Methods Begin if DBA_MODE == "TRUE" : if (dryMode==True): log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info") logFile("===============================================\n") - xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name) + xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, db_user, db_password, db_name) logFile("===============================================\n") if (dryMode==False): log("[I] ---------- Creating Ranger Admin db user ---------- ","info") @@ -1714,10 +1685,10 @@ def main(argv): if not XA_DB_FLAVOR == "SQLA": xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same - if audit_store == "db": - log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info") - password_validation(audit_db_password,"audit"); - log("[I] ---------- Verifying/Creating audit user --------- ","info") - audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) + #if audit_store == "db": + #log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info") + #password_validation(audit_db_password,"audit"); + #log("[I] ---------- Verifying/Creating audit user --------- ","info") + #audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info") main(sys.argv) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index 1d9d207..4070259 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -60,9 +60,9 @@ db_name=ranger db_user=rangeradmin db_password= -#Source for Audit DB -# * audit_db is solr or db -audit_store=db +#Source for Audit Store +# * audit_store is solr +audit_store=solr # * audit_solr_url URL to Solr. E.g. http://<solr_host>:6083/solr/ranger_audits audit_solr_urls= @@ -70,20 +70,6 @@ audit_solr_user= audit_solr_password= audit_solr_zookeepers= - -# -# DB UserId for storing auditlog infromation -# -# * audit_db can be same as the Ranger schema db -# * audit_db must exists in the same ${db_host} as Ranger database ${db_name} -# * audit_user must be a different user than db_user (as audit user has access to only audit tables) -# -audit_db_name=ranger_audit -audit_db_user=rangerlogger -audit_db_password= - - - #------------------------- DB CONFIG - END ---------------------------------- # http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index bf29ed6..832932c 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -63,9 +63,9 @@ audit_solr_urls=$(get_prop 'audit_solr_urls' $PROPFILE) audit_solr_user=$(get_prop 'audit_solr_user' $PROPFILE) audit_solr_password=$(get_prop 'audit_solr_password' $PROPFILE) audit_solr_zookeepers=$(get_prop 'audit_solr_zookeepers' $PROPFILE) -audit_db_name=$(get_prop 'audit_db_name' $PROPFILE) -audit_db_user=$(get_prop 'audit_db_user' $PROPFILE) -audit_db_password=$(get_prop 'audit_db_password' $PROPFILE) +audit_db_name='' +audit_db_user='' +audit_db_password='' policymgr_external_url=$(get_prop 'policymgr_external_url' $PROPFILE) policymgr_http_enabled=$(get_prop 'policymgr_http_enabled' $PROPFILE) unix_user=$(get_prop 'unix_user' $PROPFILE) @@ -204,6 +204,17 @@ init_variables(){ DB_FLAVOR="MYSQL" fi log "[I] DB_FLAVOR=${DB_FLAVOR}" + audit_store=`echo $audit_store | tr '[:upper:]' '[:lower:]'` + if [ "${audit_store}" == "solr" ] ;then + log "[I] Audit source=${DB_FLAVOR}" + if [ "${audit_solr_urls}" == "" ] ;then + log "[I] Please provide valid URL for 'solr' audit store!" + exit 1 + fi + else + log "[I] Only 'solr' audit store is supported from current version, found : $audit_store" + exit 1 + fi } check_python_command() { @@ -355,7 +366,7 @@ update_properties() { then propertyName=ranger.jpa.audit.jdbc.url newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi propertyName=ranger.jpa.jdbc.dialect @@ -372,7 +383,7 @@ update_properties() { propertyName=ranger.jpa.audit.jdbc.driver newPropertyValue="net.sf.log4jdbc.DriverSpy" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi if [ "${DB_FLAVOR}" == "ORACLE" ] then @@ -391,7 +402,7 @@ update_properties() { if [ "${audit_store}" == "db" ] then propertyName=ranger.jpa.audit.jdbc.url - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi propertyName=ranger.jpa.jdbc.dialect @@ -408,7 +419,7 @@ update_properties() { propertyName=ranger.jpa.audit.jdbc.driver newPropertyValue="oracle.jdbc.OracleDriver" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi if [ "${DB_FLAVOR}" == "POSTGRES" ] then @@ -425,7 +436,7 @@ update_properties() { then propertyName=ranger.jpa.audit.jdbc.url newPropertyValue="jdbc:postgresql://${DB_HOST}/${audit_db_name}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi propertyName=ranger.jpa.jdbc.dialect @@ -442,7 +453,7 @@ update_properties() { propertyName=ranger.jpa.audit.jdbc.driver newPropertyValue="org.postgresql.Driver" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi if [ "${DB_FLAVOR}" == "MSSQL" ] @@ -455,7 +466,7 @@ update_properties() { then propertyName=ranger.jpa.audit.jdbc.url newPropertyValue="jdbc:sqlserver://${DB_HOST};databaseName=${audit_db_name}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi propertyName=ranger.jpa.jdbc.dialect @@ -472,7 +483,7 @@ update_properties() { propertyName=ranger.jpa.audit.jdbc.driver newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi if [ "${DB_FLAVOR}" == "SQLA" ] @@ -485,7 +496,7 @@ update_properties() { then propertyName=ranger.jpa.audit.jdbc.url newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi propertyName=ranger.jpa.jdbc.dialect @@ -502,7 +513,7 @@ update_properties() { propertyName=ranger.jpa.audit.jdbc.driver newPropertyValue="sap.jdbc4.sqlanywhere.IDriver" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi if [ "${audit_store}" == "solr" ] @@ -532,7 +543,7 @@ update_properties() { then propertyName=ranger.jpa.audit.jdbc.user newPropertyValue="${audit_db_user}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi ########## @@ -594,11 +605,11 @@ update_properties() { updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default propertyName=ranger.jpa.audit.jdbc.password newPropertyValue="_" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default else propertyName=ranger.jpa.audit.jdbc.password newPropertyValue="${audit_db_password}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi if test -f $keystore; then @@ -608,7 +619,7 @@ update_properties() { #echo "$keystore not found. so use clear text password" propertyName=ranger.jpa.audit.jdbc.password newPropertyValue="${audit_db_password}" - updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default fi fi if [ "${audit_store}" == "solr" ] http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index 3333827..8305f07 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -441,4 +441,26 @@ <value>true</value> <description></description> </property> + <!-- # DB Info for audit_DB --> + + <property> + <name>ranger.jpa.audit.jdbc.driver</name> + <value>net.sf.log4jdbc.DriverSpy</value> + <description></description> + </property> + <property> + <name>ranger.jpa.audit.jdbc.url</name> + <value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value> + <description></description> + </property> + <property> + <name>ranger.jpa.audit.jdbc.user</name> + <value>rangerlogger</value> + <description></description> + </property> + <property> + <name>ranger.jpa.audit.jdbc.password</name> + <value>rangerlogger</value> + <description></description> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml index 6ee48f4..b2ec9de 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml @@ -55,29 +55,8 @@ <value>db</value> <description></description> </property> -<!-- # DB Info for audit_DB --> <property> - <name>ranger.jpa.audit.jdbc.driver</name> - <value>net.sf.log4jdbc.DriverSpy</value> - <description></description> - </property> - <property> - <name>ranger.jpa.audit.jdbc.url</name> - <value>jdbc:log4jdbc:mysql://localhost/rangeraudit</value> - <description></description> - </property> - <property> - <name>ranger.jpa.audit.jdbc.user</name> - <value>rangerlogger</value> - <description></description> - </property> - <property> - <name>ranger.jpa.audit.jdbc.password</name> - <value>rangerlogger</value> - <description></description> - </property> - <property> <name>ranger.service.http.enabled</name> <value>true</value> <description></description> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/storm-agent/conf/ranger-storm-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/storm-agent/conf/ranger-storm-audit-changes.cfg b/storm-agent/conf/ranger-storm-audit-changes.cfg index b650be1..8071e7b 100644 --- a/storm-agent/conf/ranger-storm-audit-changes.cfg +++ b/storm-agent/conf/ranger-storm-audit-changes.cfg @@ -12,12 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists -xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists +#xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +#xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +#xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/6b47ac11/storm-agent/scripts/install.properties ---------------------------------------------------------------------- diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties index f2aa5c4..f3a0693 100644 --- a/storm-agent/scripts/install.properties +++ b/storm-agent/scripts/install.properties @@ -77,26 +77,6 @@ XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER # End of V3 properties -# -# AUDIT DB Configuration -# -# This information should match with the one you specified during the PolicyManager Installation -# -# Example: -# XAAUDIT.DB.IS_ENABLED=true -# XAAUDIT.DB.FLAVOUR=MYSQL -# XAAUDIT.DB.FLAVOUR=ORACLE -# XAAUDIT.DB.HOSTNAME=localhost -# XAAUDIT.DB.DATABASE_NAME=ranger_audit -# XAAUDIT.DB.USER_NAME=rangerlogger -# XAAUDIT.DB.PASSWORD=rangerlogger -# -XAAUDIT.DB.IS_ENABLED=false -XAAUDIT.DB.FLAVOUR=MYSQL -XAAUDIT.DB.HOSTNAME= -XAAUDIT.DB.DATABASE_NAME= -XAAUDIT.DB.USER_NAME= -XAAUDIT.DB.PASSWORD= # # Audit to HDFS Configuration
