mneethiraj commented on code in PR #8: URL: https://github.com/apache/ranger-tools/pull/8#discussion_r2881874960
########## release/config/solr-ranger_audits/managed-schema: ########## @@ -0,0 +1,95 @@ +<?xml version="1.0" encoding="UTF-8"?> Review Comment: Consider moving directory `solr-ranger_audits` from `config` to `scripts/solr`. Make sure to update `Dockerfile.ranger-solr` with the updated path. ########## release/Dockerfile.ranger: ########## @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +ARG RANGER_DB_TYPE=postgres +ARG RANGER_BASE_IMAGE=apache/ranger-base +ARG RANGER_BASE_VERSION=20260123-2-8 + +FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION} AS ranger + +ARG RANGER_VERSION +ARG RANGER_DB_TYPE +ARG TARGETARCH + +# Download released Ranger Admin Tarball +COPY ./scripts/download-ranger.sh ${RANGER_SCRIPTS}/ +RUN chmod +x ${RANGER_SCRIPTS}/download-ranger.sh +RUN ${RANGER_SCRIPTS}/download-ranger.sh + +COPY ./scripts/ranger.sh ${RANGER_SCRIPTS}/ +COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties +COPY ./scripts/create-ranger-services.py ${RANGER_SCRIPTS}/ + +RUN tar xvfz dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \ + && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \ + && cp -f ${RANGER_SCRIPTS}/ranger-admin-install.properties ${RANGER_HOME}/admin/install.properties \ + && mkdir -p /var/run/ranger \ + && mkdir -p /var/log/ranger \ + && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \ + && chmod 755 ${RANGER_SCRIPTS}/ranger.sh ${RANGER_SCRIPTS}/create-ranger-services.py \ + && mkdir -p /usr/share/java/ + +FROM ranger AS ranger_postgres +COPY ./downloads/postgresql-42.2.16.jre7.jar /home/ranger/dist/ +RUN mv /home/ranger/dist/postgresql-42.2.16.jre7.jar /usr/share/java/postgresql.jar Review Comment: Given postgres jar is being copied, it seems `RANGER_DB_TYPE=postgres` is assumed. Does this Dockerfile handle other database flavors as well - MySQL, Oracle? ########## release/Dockerfile.ranger: ########## @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +ARG RANGER_DB_TYPE=postgres +ARG RANGER_BASE_IMAGE=apache/ranger-base +ARG RANGER_BASE_VERSION=20260123-2-8 + +FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION} AS ranger + +ARG RANGER_VERSION +ARG RANGER_DB_TYPE +ARG TARGETARCH + +# Download released Ranger Admin Tarball +COPY ./scripts/download-ranger.sh ${RANGER_SCRIPTS}/ +RUN chmod +x ${RANGER_SCRIPTS}/download-ranger.sh +RUN ${RANGER_SCRIPTS}/download-ranger.sh + +COPY ./scripts/ranger.sh ${RANGER_SCRIPTS}/ +COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties +COPY ./scripts/create-ranger-services.py ${RANGER_SCRIPTS}/ + +RUN tar xvfz dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \ Review Comment: `dist/ranger-${RANGER_VERSION}-admin.tar.gz` can be removed after line #35, right? This can help reduce the container size. ########## release/Dockerfile.ranger: ########## @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +ARG RANGER_DB_TYPE=postgres +ARG RANGER_BASE_IMAGE=apache/ranger-base +ARG RANGER_BASE_VERSION=20260123-2-8 + +FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION} AS ranger + +ARG RANGER_VERSION +ARG RANGER_DB_TYPE +ARG TARGETARCH + +# Download released Ranger Admin Tarball +COPY ./scripts/download-ranger.sh ${RANGER_SCRIPTS}/ +RUN chmod +x ${RANGER_SCRIPTS}/download-ranger.sh +RUN ${RANGER_SCRIPTS}/download-ranger.sh + +COPY ./scripts/ranger.sh ${RANGER_SCRIPTS}/ +COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties +COPY ./scripts/create-ranger-services.py ${RANGER_SCRIPTS}/ + +RUN tar xvfz dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \ + && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \ + && cp -f ${RANGER_SCRIPTS}/ranger-admin-install.properties ${RANGER_HOME}/admin/install.properties \ + && mkdir -p /var/run/ranger \ + && mkdir -p /var/log/ranger \ + && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \ + && chmod 755 ${RANGER_SCRIPTS}/ranger.sh ${RANGER_SCRIPTS}/create-ranger-services.py \ + && mkdir -p /usr/share/java/ + +FROM ranger AS ranger_postgres +COPY ./downloads/postgresql-42.2.16.jre7.jar /home/ranger/dist/ +RUN mv /home/ranger/dist/postgresql-42.2.16.jre7.jar /usr/share/java/postgresql.jar + +FROM ranger_${RANGER_DB_TYPE} Review Comment: Is line #48 needed? ########## release/Dockerfile.ranger: ########## @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +ARG RANGER_DB_TYPE=postgres +ARG RANGER_BASE_IMAGE=apache/ranger-base +ARG RANGER_BASE_VERSION=20260123-2-8 + +FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION} AS ranger + +ARG RANGER_VERSION +ARG RANGER_DB_TYPE +ARG TARGETARCH + +# Download released Ranger Admin Tarball +COPY ./scripts/download-ranger.sh ${RANGER_SCRIPTS}/ +RUN chmod +x ${RANGER_SCRIPTS}/download-ranger.sh +RUN ${RANGER_SCRIPTS}/download-ranger.sh + +COPY ./scripts/ranger.sh ${RANGER_SCRIPTS}/ +COPY ./scripts/ranger-admin-install-${RANGER_DB_TYPE}.properties ${RANGER_SCRIPTS}/ranger-admin-install.properties +COPY ./scripts/create-ranger-services.py ${RANGER_SCRIPTS}/ + +RUN tar xvfz dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \ + && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \ + && cp -f ${RANGER_SCRIPTS}/ranger-admin-install.properties ${RANGER_HOME}/admin/install.properties \ + && mkdir -p /var/run/ranger \ + && mkdir -p /var/log/ranger \ + && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \ + && chmod 755 ${RANGER_SCRIPTS}/ranger.sh ${RANGER_SCRIPTS}/create-ranger-services.py \ + && mkdir -p /usr/share/java/ + +FROM ranger AS ranger_postgres Review Comment: `postgres` => `${RANGER_DB_TYPE}`? ########## release/scripts/ranger-admin-install-postgres.properties: ########## @@ -0,0 +1,109 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# This file provides a list of the deployment variables for the Policy Manager Web Application +# + +PYTHON_COMMAND_INVOKER=python3 +RANGER_ADMIN_LOG_DIR=/var/log/ranger +RANGER_PID_DIR_PATH=/var/run/ranger +DB_FLAVOR=POSTGRES +SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar +RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml + +db_root_user=postgres +db_root_password=rangerR0cks! +db_host=ranger-db + +db_name=ranger +db_user=rangeradmin +db_password=rangerR0cks! + +postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql +postgres_audit_file=db/postgres/xa_audit_db_postgres.sql +mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql +mysql_audit_file=db/mysql/xa_audit_db.sql + +rangerAdmin_password=rangerR0cks! +rangerTagsync_password=rangerR0cks! +rangerUsersync_password=rangerR0cks! +keyadmin_password=rangerR0cks! + + +audit_store=solr +audit_solr_urls=http://ranger-solr:8983/solr/ranger_audits +audit_solr_collection_name=ranger_audits + +# audit_store=elasticsearch +audit_elasticsearch_urls= +audit_elasticsearch_port=9200 +audit_elasticsearch_protocol=http +audit_elasticsearch_user=elastic +audit_elasticsearch_password=elasticsearch +audit_elasticsearch_index=ranger_audits +audit_elasticsearch_bootstrap_enabled=true + +policymgr_external_url=http://ranger-admin:6080 +policymgr_http_enabled=true + +unix_user=ranger +unix_user_pwd=ranger +unix_group=ranger + +# Following variables are referenced in db_setup.py. Do not remove these +oracle_core_file= +sqlserver_core_file= +sqlanywhere_core_file= +cred_keystore_filename= + +# ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### +# +# --- These deployment variables are not to be modified unless you understand the full impact of the changes +# +################################################################################ +XAPOLICYMGR_DIR=$PWD +app_home=$PWD/ews/webapp +TMPFILE=$PWD/.fi_tmp +LOGFILE=$PWD/logfile +LOGFILES="$LOGFILE" + +JAVA_BIN='java' +JAVA_VERSION_REQUIRED='1.8' + +ranger_admin_max_heap_size=1g +#retry DB and Java patches after the given time in seconds. +PATCH_RETRY_INTERVAL=120 +STALE_PATCH_ENTRY_HOLD_TIME=10 + +hadoop_conf= +authentication_method=UNIX + +#------------ Kerberos Config ----------------- +spnego_principal=HTTP/[email protected] Review Comment: I suggest to set all Kerberos related configurations, especially principal/keytab to empty value. ########## release/Dockerfile.ranger-postgres: ########## @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG POSTGRES_VERSION=13.16 +FROM postgres:${POSTGRES_VERSION} + +# Copy DB init script +USER 0 + +RUN mkdir -p /docker-entrypoint-initdb.d + +COPY ./scripts/rdbms/init_postgres.sh /docker-entrypoint-initdb.d/ + +RUN chown -R postgres:postgres /docker-entrypoint-initdb.d/ + +ENV POSTGRES_PASSWORD=rangerR0cks! Review Comment: Is it possible to use the password from env or argument, if provided? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
