Andrii Babiichuk created AMBARI-9471:
----------------------------------------
Summary: Ambari Web UI changes required to support Ranger
Installation part 2
Key: AMBARI-9471
URL: https://issues.apache.org/jira/browse/AMBARI-9471
Project: Ambari
Issue Type: Task
Components: ambari-web
Affects Versions: 2.0.0
Reporter: Andrii Babiichuk
Assignee: Andrii Babiichuk
Fix For: 2.0.0
We need to make following changes from the Ambari Web, since these are not
possible currently from stack definition.
I have grouped logical properties together in the table, and if we can group
them on UI using fieldset or some other ui control, it would be really helpful.
Note: Ranger Policy Admin and User/Group Sync Process fields will be under the
"Ranger" service and Ranger Agents fields will be under the corresponding
component ( HDFS/Hive/HBASE/KNOX/STORM currently)
{color:blue} +*Ranger Policy Admin:*+{color}
+Admin Setting+
|Name|Type|Default|Label|
|ambari_user_password|Password|ambari|Ranger Admin user's password for Ambari|
|SQL_CONNECTOR_JAR|Text|/usr/share/java/mysql-connector-java.jar|Location of
Sql Connector Jar |
+DB Settings+
|DB_FLAVOR|SelectOne(MYSQL,ORACLE)|MYSQL|DB Flavor|
|SQL_COMMAND_INVOKER|Text|mysql| |
|db_host|Text|<Blank>|Ranger Database Host|
|db_root_user|Text|<Blank>|Ranger DB root user|
|db_root_password|Password|<Blank>|Ranger DB root password|
|db_name|Text|<Blank>|Ranger Database name|
|db_user|Text|<Blank>|Ranger DB username|
|db_password|Password|<Blank>|Ranger DB password|
|audit_db_name|Text|<Blank>|Ranger Audit Database name|
|audit_db_user|Text|<Blank>|Ranger Audit DB username|
|audit_db_password|Password|<Blank>|Ranger Audit DB password|
+Ranger Settings+
|policymgr_external_url|Text(URL)|http://localhost:6080| External URL|
|policymgr_http_enabled|Checkbox|Selected|HTTP enabled|
|unix_user|Text|ranger|Used to create user and assign permission|
|unix_group|Text|ranger|Used to create group and assign permission|
|authentication_method|SelectOne(LDAP,ACTIVE_DIRECTORY,UNIX,NONE)|NONE|Authentication
method|
+Unix Authentication Settings( Enable only if authentication_method=UNIX )+
|remoteLoginEnabled|Checkbox|Selected|Allow remote Login|
|authServiceHostName|Text|localhost| |
|authServicePort|Text(Numerical)|5151| |
+LDAP Settings ( Enable only if authentication_method=LDAP )+
|xa_ldap_url|Text| |E.g. ldap://71.127.43.33:389|
|xa_ldap_userDNpattern|Text| |E.g. "uid={0},ou=users,dc=xasecure,dc=net" |
|xa_ldap_groupSearchBase|Text| |E.g."ou=groups,dc=xasecure,dc=net"|
|xa_ldap_groupSearchFilter|Text|
|E.g."(member=uid={0},ou=users,dc=xasecure,dc=net)"|
|xa_ldap_groupRoleAttribute|Text| |E.g."cn"|
+AD Settings ( Enable only if authentication_method=AD )+
|xa_ldap_ad_domain|Text|<Blank>|E.g."xasecure.net" |
|xa_ldap_ad_url|Text|<Blank>|E.g."ldap://ad.xasecure.net:389"; |
{color:blue}+*User/Group Sync Process:*+{color}
|Name|Type|Default|Label|
|{color:red}-RANGER_HOST-{color}|Text|<Blank>|Policy Admin URL|
|SYNC_INTERVAL|Text|360|sync interval in minutes|
|SYNC_LDAP_URL|Text|<Blank>|E.g. ldap://ldap.example.com:389|
|SYNC_LDAP_BIND_DN|Text|<Blank>|E.g.
cn=admin,ou=users,dc=hadoop,dc=apache,dc-org|
|SYNC_LDAP_BIND_PASSWORD|Text|<Blank>| |
|SYNC_LDAP_USER_SEARCH_BASE|Text|<Blank>|Eg. ou=users,dc=xasecure,dc=net |
|SYNC_LDAP_USER_SEARCH_SCOPE|Text|sub| |
|SYNC_LDAP_USER_OBJECT_CLASS|Text|person|objectclass to identify user entries|
|SYNC_LDAP_USER_SEARCH_FILTER|Text|<Blank>|optional additional filter
constraining the users selected for syncing|
|SYNC_LDAP_USER_NAME_ATTRIBUTE|Text|cn|attribute from user entry that would be
treated as user name|
|SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE|Text|memberof,ismemberof|attribute from
user entry whose values would be treated as group values|
|SYNC_LDAP_USERNAME_CASE_CONVERSION|Text|lower|Case Conversion Flags|
|SYNC_LDAP_GROUPNAME_CASE_CONVERSION|Text|lower|Case Conversion Flags|
|CRED_KEYSTORE_FILE|Text|<Blank>| |
{color:blue}+*RANGER Agents*+ (for each agent -
HDFS/Hive/Hbase/Knox/Storm){color}
|Name|Type|Default|Label|
|ranger-\[service_name\]-plugin-enabled|Checkbox|No (if unchecked : No, if
checked : Yes ) | Enable Ranger for <ServiceName>|
|{color:red}-RANGER_HOST-{color}|Text|<Blank>|Policy Admin URL|
|{color:red}-SQL_CONNECTOR_JAR-{color}|Text|/usr/share/java/mysql-connector-java.jar|Location
of Sql Connector Jar |
|XAAUDIT.DB.IS_ENABLED|Checkbox|Disabled|Audit to DB|
|XAAUDIT.HDFS.IS_ENABLED|Checkbox|Disabled|Audit to HDFS|
{color:blue}+*RANGER Agents*+, new section : Ranger plugin repository and
policy users + (for each agent - HDFS/Hive/Hbase/Knox/Storm){color}
|Name|Type|Default|Label|
|POLICY_USER|Text |ambari-qa |Ranger default policy User for <component name> |
|REPOSITORY_CONFIG_USERNAME|Text |<component name> |Ranger repository config
username |
|REPOSITORY_CONFIG_PASSWORD|Text|<component name>|Ranger repository config
password |
+HDFS Audit Settings ( Enabled Only if XAAUDIT.HDFS.IS_ENABLED is checked )+
|XAAUDIT.HDFS.DESTINATION_DIRECTORY|Text|hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%||
|XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY|Text|__REPLACE__LOG_DIR/hbase/audit/%app-type%|
|
|XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY|Text|__REPLACE__LOG_DIR/hbase/audit/archive/%app-type%|
|
|XAAUDIT.HDFS.DESTINTATION_FILE|Text|%hostname%-audit.log| |
|XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS|Text|900| |
|XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS|Text|86400| |
|XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS|Text|60| |
|XAAUDIT.HDFS.LOCAL_BUFFER_FILE|Text|%time:yyyyMMdd-HHmm.ss%.log| |
|XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS|Text|60| |
|XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS|Text|600| |
|XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT|Text|10| |
+Grant/Revoke Settings ( Only for Hive/HBase Plugin )+
|UPDATE_XAPOLICIES_ON_GRANT_REVOKE|Checkbox|Enabled|Should HBase/Hive
GRANT/REVOKE update XA policies?|
+SSL Settings+
|SSL_KEYSTORE_FILE_PATH|Text|/etc/hadoop/conf/ranger-plugin-keystore.jks| |
|SSL_KEYSTORE_PASSWORD|Text|myKeyFilePassword| |
|SSL_TRUSTSTORE_FILE_PATH|Text|/etc/hadoop/conf/ranger-plugin-truststore.jks| |
|SSL_TRUSTSTORE_PASSWORD|Text|changeit| |
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
