in ambari-server/src/main/resources/stacks/BIGTOP/3.3.0/services/RANGER/package/scripts/setup_ranger_xml.py [0:0]
def setup_ranger_admin(upgrade_type=None):
import params
if upgrade_type is None:
upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
ranger_home = params.ranger_home
ranger_conf = params.ranger_conf
Directory(
ranger_conf, owner=params.unix_user, group=params.unix_group, create_parents=True
)
copy_jdbc_connector(ranger_home)
File(
format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
content=DownloadSource(format("{jdk_location}/{check_db_connection_jar_name}")),
mode=0o644,
)
generate_logfeeder_input_config(
"ranger", Template("input.config-ranger.json.j2", extra_imports=[default])
)
cp = format("{check_db_connection_jar}")
if params.db_flavor.lower() == "sqla":
cp = cp + os.pathsep + format("{ranger_home}/ews/lib/sajdbc4.jar")
else:
cp = cp + os.pathsep + format("{driver_curl_target}")
cp = cp + os.pathsep + format("{ranger_home}/ews/lib/*")
db_connection_check_command = format(
"{ambari_java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_jdbc_connection_url}' {ranger_db_user} {ranger_db_password!p} {ranger_jdbc_driver}"
)
env_dict = {}
if params.db_flavor.lower() == "sqla":
env_dict = {"LD_LIBRARY_PATH": params.ld_lib_path}
Execute(
db_connection_check_command,
path="/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin",
tries=5,
try_sleep=10,
environment=env_dict,
)
Execute(
(
"ln",
"-sf",
format("{ranger_home}/ews/webapp/WEB-INF/classes/conf"),
format("{ranger_home}/conf"),
),
not_if=format("ls {ranger_home}/conf"),
only_if=format("ls {ranger_home}/ews/webapp/WEB-INF/classes/conf"),
sudo=True,
)
if upgrade_type is not None:
src_file = format(
"{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml"
)
dst_file = format("{ranger_home}/conf/ranger-admin-default-site.xml")
Execute(("cp", "-f", src_file, dst_file), sudo=True)
src_file = format(
"{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml"
)
dst_file = format("{ranger_home}/conf/security-applicationContext.xml")
Execute(("cp", "-f", src_file, dst_file), sudo=True)
Directory(
format("{ranger_home}/"),
owner=params.unix_user,
group=params.unix_group,
recursive_ownership=True,
)
Directory(
params.ranger_pid_dir,
mode=0o755,
owner=params.unix_user,
group=params.user_group,
cd_access="a",
create_parents=True,
)
Directory(
params.admin_log_dir,
owner=params.unix_user,
group=params.unix_group,
create_parents=True,
cd_access="a",
mode=0o755,
)
if os.path.isfile(params.ranger_admin_default_file):
File(
params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group
)
else:
Logger.warning(
f"Required file {params.ranger_admin_default_file} does not exist, copying the file to {ranger_conf} path"
)
src_file = format(
"{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml"
)
dst_file = format("{ranger_home}/conf/ranger-admin-default-site.xml")
Execute(("cp", "-f", src_file, dst_file), sudo=True)
File(
params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group
)
if os.path.isfile(params.security_app_context_file):
File(
params.security_app_context_file, owner=params.unix_user, group=params.unix_group
)
else:
Logger.warning(
f"Required file {params.security_app_context_file} does not exist, copying the file to {ranger_conf} path"
)
src_file = format(
"{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml"
)
dst_file = format("{ranger_home}/conf/security-applicationContext.xml")
Execute(("cp", "-f", src_file, dst_file), sudo=True)
File(
params.security_app_context_file, owner=params.unix_user, group=params.unix_group
)
if (
default("/configurations/ranger-admin-site/ranger.authentication.method", "")
== "PAM"
):
d = "/etc/pam.d"
if os.path.isdir(d):
if os.path.isfile(os.path.join(d, "ranger-admin")):
Logger.info("ranger-admin PAM file already exists.")
else:
File(
format("{d}/ranger-admin"),
content=Template("ranger_admin_pam.j2"),
owner=params.unix_user,
group=params.unix_group,
mode=0o644,
)
if os.path.isfile(os.path.join(d, "ranger-remote")):
Logger.info("ranger-remote PAM file already exists.")
else:
File(
format("{d}/ranger-remote"),
content=Template("ranger_remote_pam.j2"),
owner=params.unix_user,
group=params.unix_group,
mode=0o644,
)
else:
Logger.error(
"Unable to use PAM authentication, /etc/pam.d/ directory does not exist."
)
Execute(
(
"ln",
"-sf",
format("{ranger_home}/ews/ranger-admin-services.sh"),
"/usr/bin/ranger-admin",
),
not_if=format("ls /usr/bin/ranger-admin"),
only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
sudo=True,
)
# remove plain-text password from xml configs
ranger_admin_site_copy = {}
ranger_admin_site_copy.update(params.config["configurations"]["ranger-admin-site"])
for prop in params.ranger_admin_password_properties:
if prop in ranger_admin_site_copy:
ranger_admin_site_copy[prop] = "_"
if "ranger.ha.spnego.kerberos.keytab" in ranger_admin_site_copy:
ranger_admin_site_copy["ranger.spnego.kerberos.keytab"] = ranger_admin_site_copy[
"ranger.ha.spnego.kerberos.keytab"
]
XmlConfig(
"ranger-admin-site.xml",
conf_dir=ranger_conf,
configurations=ranger_admin_site_copy,
configuration_attributes=params.config["configurationAttributes"][
"ranger-admin-site"
],
owner=params.unix_user,
group=params.unix_group,
mode=0o644,
)
Directory(
os.path.join(ranger_conf, "ranger_jaas"),
mode=0o700,
owner=params.unix_user,
group=params.unix_group,
)
File(
format("{params.ranger_conf}/logback.xml"),
content=InlineTemplate(params.admin_logback_content),
owner=params.unix_user,
group=params.unix_group,
mode=0o644,
)
do_keystore_setup(upgrade_type=upgrade_type)
create_core_site_xml(ranger_conf)
if params.stack_supports_ranger_kerberos:
if params.is_hbase_ha_enabled and params.ranger_hbase_plugin_enabled:
XmlConfig(
"hbase-site.xml",
conf_dir=ranger_conf,
configurations=params.config["configurations"]["hbase-site"],
configuration_attributes=params.config["configurationAttributes"]["hbase-site"],
owner=params.unix_user,
group=params.unix_group,
mode=0o644,
)
if params.is_namenode_ha_enabled and params.ranger_hdfs_plugin_enabled:
XmlConfig(
"hdfs-site.xml",
conf_dir=ranger_conf,
configurations=params.config["configurations"]["hdfs-site"],
configuration_attributes=params.config["configurationAttributes"]["hdfs-site"],
owner=params.unix_user,
group=params.unix_group,
mode=0o644,
)
File(
format("{ranger_conf}/ranger-admin-env.sh"),
content=InlineTemplate(params.ranger_env_content),
owner=params.unix_user,
group=params.unix_group,
mode=0o755,
)