RANGER-1096 : Revert to jceks scheme for credential store related operations
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/35e9c10e Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/35e9c10e Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/35e9c10e Branch: refs/heads/master Commit: 35e9c10e53fd9d7fbef554a1c6fedfe84d36c736 Parents: 0798252 Author: Mehul Parikh <[email protected]> Authored: Tue Jul 12 19:32:33 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Wed Jul 13 17:16:15 2016 -0400 ---------------------------------------------------------------------- .../apache/ranger/credentialapi/buildks.java | 16 +++--- .../scripts/ranger-admin-services.sh | 54 ++++++++++++-------- .../ranger/credentialapi/CredentialReader.java | 7 +-- 3 files changed, 44 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35e9c10e/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java ---------------------------------------------------------------------- diff --git a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java index 15b5a7e..d8ffe2c 100644 --- a/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java +++ b/credentialbuilder/src/main/java/org/apache/ranger/credentialapi/buildks.java @@ -183,9 +183,9 @@ public class buildks { if(providerPath!=null && !providerPath.trim().isEmpty() && !providerPath.startsWith("localjceks://file")&&!providerPath.startsWith("jceks://file")) { if(providerPath.startsWith("/")){ - providerPath="localjceks://file"+providerPath; + providerPath="jceks://file"+providerPath; }else{ - providerPath="localjceks://file/"+providerPath; + providerPath="jceks://file/"+providerPath; } } command="create"; @@ -415,16 +415,16 @@ public class buildks { public static void displaySyntax(String command){ if(command!=null && command.trim().equalsIgnoreCase("create")){ - System.out.println("Correct syntax is:create <aliasname> -value <password> -provider <localjceks://file/filepath>"); - System.out.println("sample command is:create myalias -value password123 -provider localjceks://file/tmp/ks/myks.jceks"); + System.out.println("Correct syntax is:create <aliasname> -value <password> -provider <jceks://file/filepath>"); + System.out.println("sample command is:create myalias -value password123 -provider jceks://file/tmp/ks/myks.jceks"); } if(command!=null && command.trim().equalsIgnoreCase("list")){ - System.out.println("Correct syntax is:list -provider <localjceks://file/filepath>"); - System.out.println("sample command is:list -provider localjceks://file/tmp/ks/myks.jceks"); + System.out.println("Correct syntax is:list -provider <jceks://file/filepath>"); + System.out.println("sample command is:list -provider jceks://file/tmp/ks/myks.jceks"); } if(command!=null && command.trim().equalsIgnoreCase("get")){ - System.out.println("Correct syntax is:get <aliasname> -provider <localjceks://file/filepath>"); - System.out.println("sample command is:get myalias -provider localjceks://file/tmp/ks/myks.jceks"); + System.out.println("Correct syntax is:get <aliasname> -provider <jceks://file/filepath>"); + System.out.println("sample command is:get myalias -provider jceks://file/tmp/ks/myks.jceks"); } } public String getCredential(String args[]){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35e9c10e/embeddedwebserver/scripts/ranger-admin-services.sh ---------------------------------------------------------------------- diff --git a/embeddedwebserver/scripts/ranger-admin-services.sh b/embeddedwebserver/scripts/ranger-admin-services.sh index 95caacd..f672236 100755 --- a/embeddedwebserver/scripts/ranger-admin-services.sh +++ b/embeddedwebserver/scripts/ranger-admin-services.sh @@ -76,34 +76,44 @@ stop(){ NR_ITER_FOR_SHUTDOWN_CHECK=15 if [ -f "$pidf" ] ; then pid=`cat $pidf` > /dev/null 2>&1 - echo "Found Apache Ranger Admin Service with pid $pid, Stopping it..." - nohup java ${JAVA_OPTS} -Dlogdir=${RANGER_ADMIN_LOG_DIR} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${RANGER_HADOOP_CONF_DIR}/*:$CLASSPATH" org.apache.ranger.server.tomcat.StopEmbeddedServer > ${RANGER_ADMIN_LOG_DIR}/catalina.out 2>&1 - for ((i=0; i<$NR_ITER_FOR_SHUTDOWN_CHECK; i++)) - do - sleep $WAIT_TIME_FOR_SHUTDOWN - if ps -p $pid > /dev/null ; then - echo "Shutdown in progress. Will check after $WAIT_TIME_FOR_SHUTDOWN secs again.." - continue; - else - break; - fi - done - # if process is still around, use kill -9 - if ps -p $pid > /dev/null ; then - echo "Initial kill failed, getting serious now..." - kill -9 $pid + echo "Getting pid from $pidf .." + else + pid=`ps -ef | grep java | grep -- '-Dproc_rangeradmin' | grep -v grep | awk '{ print $2 }'` + if [ "$pid" != "" ];then + echo "pid file($pidf) not present, taking pid from \'ps\' command.." + else + echo "Apache Ranger Admin Service is not running" + exit fi - sleep 1 #give kill -9 sometime to "kill" + fi + + echo "Found Apache Ranger Admin Service with pid $pid, Stopping it..." + nohup java ${JAVA_OPTS} -Dlogdir=${RANGER_ADMIN_LOG_DIR} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${RANGER_HADOOP_CONF_DIR}/*:$CLASSPATH" org.apache.ranger.server.tomcat.StopEmbeddedServer > ${RANGER_ADMIN_LOG_DIR}/catalina.out 2>&1 + for ((i=0; i<$NR_ITER_FOR_SHUTDOWN_CHECK; i++)) + do + sleep $WAIT_TIME_FOR_SHUTDOWN if ps -p $pid > /dev/null ; then - echo "Wow, even kill -9 failed, giving up! Sorry.." - exit 1 + echo "Shutdown in progress. Will check after $WAIT_TIME_FOR_SHUTDOWN secs again.." + continue; else - rm -rf $pidf - echo "Apache Ranger Admin Service with pid ${pid} has been stopped." + break; fi + done + # if process is still around, use kill -9 + if ps -p $pid > /dev/null ; then + echo "Initial kill failed, getting serious now..." + kill -9 $pid + fi + sleep 1 #give kill -9 sometime to "kill" + if ps -p $pid > /dev/null ; then + echo "Wow, even kill -9 failed, giving up! Sorry.." + exit 1 + else - echo "Apache Ranger Admin Service is not running" + rm -rf $pidf + echo "Apache Ranger Admin Service with pid ${pid} has been stopped." fi + } if [ "${action}" == "START" ]; then if [ -f "$pidf" ] ; then http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/35e9c10e/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java index 5d536ac..429be27 100644 --- a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java +++ b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java @@ -36,11 +36,12 @@ public class CredentialReader { } char[] pass = null; Configuration conf = new Configuration(); - String crendentialProviderPrefix=JavaKeyStoreProvider.SCHEME_NAME + "://file"; - crendentialProviderPrefix=crendentialProviderPrefix.toLowerCase(); + String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file"; + String crendentialProviderPrefixLocalJceks="localjceks://file"; + crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath=CrendentialProviderPath.trim(); alias=alias.trim(); - if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefix)){ + if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath);
