in security-admin/scripts/db_setup.py [0:0]
def main(argv):
populate_global_dict()
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
global retryPatchAfterSeconds
global stalePatchEntryHoldTimeInMinutes
retryPatchAfterSeconds=120
stalePatchEntryHoldTimeInMinutes=10
if 'PATCH_RETRY_INTERVAL' in globalDict:
interval = globalDict['PATCH_RETRY_INTERVAL']
try:
retryPatchAfterSeconds=int(interval)
except ValueError:
retryPatchAfterSeconds=120
if 'STALE_PATCH_ENTRY_HOLD_TIME' in globalDict:
interval = globalDict['STALE_PATCH_ENTRY_HOLD_TIME']
try:
stalePatchEntryHoldTimeInMinutes=int(interval)
except ValueError:
stalePatchEntryHoldTimeInMinutes=10
if (not 'JAVA_HOME' in os.environ) or (os.environ['JAVA_HOME'] == ""):
log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
else:
JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
if os_name == "WINDOWS" :
JAVA_BIN = JAVA_BIN+'.exe'
if os.path.isfile(JAVA_BIN):
pass
else:
JAVA_BIN=globalDict['JAVA_BIN']
if os.path.isfile(JAVA_BIN):
pass
else:
log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
sys.exit(1)
#get ranger version
global ranger_version
try:
lib_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp","WEB-INF","lib","*")
get_ranger_version_cmd="%s -cp %s org.apache.ranger.common.RangerVersionInfo"%(JAVA_BIN,lib_home)
ranger_version = check_output(get_ranger_version_cmd).split("\n")[1]
except Exception as error:
ranger_version=''
try:
if ranger_version=="" or ranger_version=="ranger-admin - None":
script_path = os.path.join(RANGER_ADMIN_HOME,"ews","ranger-admin-services.sh")
ranger_version=check_output(script_path +" version").split("\n")[1]
except Exception as error:
ranger_version=''
try:
if ranger_version=="" or ranger_version=="ranger-admin - None":
ranger_version=check_output("ranger-admin version").split("\n")[1]
except Exception as error:
ranger_version=''
if ranger_version=="" or ranger_version is None:
log("[E] Unable to find ranger version details, Exiting..", "error")
sys.exit(1)
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
log("[I] DB FLAVOR :" + XA_DB_FLAVOR ,"info")
xa_db_host = globalDict['db_host']
mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
mysql_core_file = globalDict['mysql_core_file']
mysql_patches = os.path.join('db','mysql','patches')
oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql')
oracle_core_file = globalDict['oracle_core_file']
oracle_patches = os.path.join('db','oracle','patches')
postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql')
postgres_core_file = globalDict['postgres_core_file']
postgres_patches = os.path.join('db','postgres','patches')
sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql')
sqlserver_core_file = globalDict['sqlserver_core_file']
sqlserver_patches = os.path.join('db','sqlserver','patches')
sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql')
sqlanywhere_core_file = globalDict['sqlanywhere_core_file']
sqlanywhere_patches = os.path.join('db','sqlanywhere','patches')
db_name = globalDict['db_name']
db_user = globalDict['db_user']
db_password = globalDict['db_password']
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
audit_store = None
if 'audit_store' in globalDict:
audit_store = globalDict['audit_store']
audit_store=audit_store.lower()
db_ssl_enabled='false'
db_ssl_required='false'
db_ssl_verifyServerCertificate='false'
db_ssl_auth_type='2-way'
javax_net_ssl_keyStore=''
javax_net_ssl_keyStorePassword=''
javax_net_ssl_trustStore=''
javax_net_ssl_trustStorePassword=''
db_ssl_certificate_file=''
javax_net_ssl_trustStore_type='bcfks'
javax_net_ssl_keyStore_type='bcfks'
is_override_db_connection_string='false'
db_override_jdbc_connection_string=''
if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
if 'db_ssl_enabled' in globalDict:
db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
if db_ssl_enabled == 'true':
if 'db_ssl_required' in globalDict:
db_ssl_required=globalDict['db_ssl_required'].lower()
if 'db_ssl_verifyServerCertificate' in globalDict:
db_ssl_verifyServerCertificate=globalDict['db_ssl_verifyServerCertificate'].lower()
if 'db_ssl_auth_type' in globalDict:
db_ssl_auth_type=globalDict['db_ssl_auth_type'].lower()
if 'db_ssl_certificate_file' in globalDict:
db_ssl_certificate_file=globalDict['db_ssl_certificate_file']
if 'javax_net_ssl_trustStore' in globalDict:
javax_net_ssl_trustStore=globalDict['javax_net_ssl_trustStore']
if 'javax_net_ssl_trustStorePassword' in globalDict:
javax_net_ssl_trustStorePassword=globalDict['javax_net_ssl_trustStorePassword']
if 'javax_net_ssl_trustStore_type' in globalDict:
javax_net_ssl_trustStore_type=globalDict['javax_net_ssl_trustStore_type']
if db_ssl_verifyServerCertificate == 'true':
if db_ssl_certificate_file != "":
if not os.path.exists(db_ssl_certificate_file):
log("[E] Invalid file Name! Unable to find certificate file:"+db_ssl_certificate_file,"error")
sys.exit(1)
elif db_ssl_auth_type == '1-way' and db_ssl_certificate_file == "" :
if not os.path.exists(javax_net_ssl_trustStore):
log("[E] Invalid file Name! Unable to find truststore file:"+javax_net_ssl_trustStore,"error")
sys.exit(1)
if javax_net_ssl_trustStorePassword is None or javax_net_ssl_trustStorePassword =="":
log("[E] Invalid ssl truststore password!","error")
sys.exit(1)
if db_ssl_auth_type == '2-way':
if 'javax_net_ssl_keyStore' in globalDict:
javax_net_ssl_keyStore=globalDict['javax_net_ssl_keyStore']
if 'javax_net_ssl_keyStorePassword' in globalDict:
javax_net_ssl_keyStorePassword=globalDict['javax_net_ssl_keyStorePassword']
if 'javax_net_ssl_keyStore_type' in globalDict:
javax_net_ssl_keyStore_type=globalDict['javax_net_ssl_keyStore_type']
if not os.path.exists(javax_net_ssl_keyStore):
log("[E] Invalid file Name! Unable to find keystore file:"+javax_net_ssl_keyStore,"error")
sys.exit(1)
if javax_net_ssl_keyStorePassword is None or javax_net_ssl_keyStorePassword =="":
log("[E] Invalid ssl keystore password!","error")
sys.exit(1)
if 'is_override_db_connection_string' in globalDict:
is_override_db_connection_string=globalDict['is_override_db_connection_string'].lower()
if 'db_override_jdbc_connection_string' in globalDict:
db_override_jdbc_connection_string=globalDict['db_override_jdbc_connection_string'].strip()
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,is_override_db_connection_string,db_override_jdbc_connection_string)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , mysql_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , mysql_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME ,mysql_patches)
first_table='x_portal_user'
last_table='x_policy_ref_group'
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN, is_override_db_connection_string, db_override_jdbc_connection_string)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,oracle_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME ,oracle_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME ,oracle_patches)
first_table='X_PORTAL_USER'
last_table='X_POLICY_REF_GROUP'
elif XA_DB_FLAVOR == "POSTGRES":
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,db_ssl_certificate_file,javax_net_ssl_trustStore_type,javax_net_ssl_keyStore_type,is_override_db_connection_string,db_override_jdbc_connection_string)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , postgres_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , postgres_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , postgres_patches)
first_table='x_portal_user'
last_table='x_policy_ref_group'
elif XA_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN, is_override_db_connection_string, db_override_jdbc_connection_string)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlserver_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_patches)
first_table='x_portal_user'
last_table='x_policy_ref_group'
elif XA_DB_FLAVOR == "SQLA":
if not os_name == "WINDOWS" :
if os.environ['LD_LIBRARY_PATH'] == "":
log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN, is_override_db_connection_string, db_override_jdbc_connection_string)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_patches)
first_table='x_portal_user'
last_table='x_policy_ref_group'
else:
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
if len(argv)==1:
log("[I] --------- Verifying version history table ---------","info")
output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
if output == False:
xa_sqlObj.create_version_history_table(db_name, db_user, db_password, xa_db_version_file,x_db_version)
log("[I] --------- Importing Ranger Core DB Schema ---------","info")
xa_sqlObj.import_core_db_schema(db_name, db_user, db_password, xa_db_core_file,first_table,last_table)
applyDBPatches=xa_sqlObj.hasPendingPatches(db_name, db_user, db_password, "DB_PATCHES")
if applyDBPatches == True:
log("[I] --------- Applying Ranger DB patches ---------","info")
xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
else:
log("[I] DB_PATCHES have already been applied","info")
if len(argv)>1:
for i in range(len(argv)):
if str(argv[i]) == "-javapatch":
applyJavaPatches=xa_sqlObj.hasPendingPatches(db_name, db_user, db_password, "JAVA_PATCHES")
if applyJavaPatches == True:
log("[I] ----------------- Applying java patches ------------", "info")
my_dict = {}
xa_sqlObj.execute_java_patches(xa_db_host, db_user, db_password, db_name, my_dict)
xa_sqlObj.update_applied_patches_status(db_name,db_user, db_password,"JAVA_PATCHES")
else:
log("[I] JAVA_PATCHES have already been applied","info")
if str(argv[i]) == "-checkupgrade":
xa_sqlObj.is_new_install(xa_db_host, db_user, db_password, db_name)
if str(argv[i]) == "-changepassword":
rangerAdminConf="/etc/ranger/admin/conf"
if os.path.exists(rangerAdminConf):
RANGER_ADMIN_ENV_PATH = rangerAdminConf
else:
RANGER_ADMIN_ENV_PATH = RANGER_ADMIN_CONF
log("[I] RANGER_ADMIN_ENV_PATH : "+RANGER_ADMIN_ENV_PATH,"info")
if not os.path.exists(RANGER_ADMIN_ENV_PATH):
log("[I] path dose not exist" +RANGER_ADMIN_ENV_PATH,"info")
else:
env_file_path = RANGER_ADMIN_ENV_PATH + '/' + 'ranger-admin-env*.sh'
log("[I] env_file_path : " +env_file_path,"info")
run_env_file(env_file_path)
if len(argv)>5:
isValidPassWord = False
for j in range(len(argv)):
if str(argv[j]) == "-pair":
userName=argv[j+1]
oldPassword=argv[j+2]
newPassword=argv[j+3]
if oldPassword==newPassword:
log("[E] Old Password and New Password argument are same. Exiting!!", "error")
sys.exit(1)
if userName != "" and oldPassword != "" and newPassword != "":
password_validation(newPassword)
isValidPassWord=True
if isValidPassWord == True:
xa_sqlObj.change_all_admin_default_password(xa_db_host, db_user, db_password, db_name,argv)
elif len(argv)==5:
userName=argv[2]
oldPassword=argv[3]
newPassword=argv[4]
if oldPassword==newPassword:
log("[E] Old Password and New Password argument are same. Exiting!!", "error")
sys.exit(1)
if userName != "" and oldPassword != "" and newPassword != "":
password_validation(newPassword)
xa_sqlObj.change_admin_default_password(xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword)
else:
log("[E] Invalid argument list.", "error")
log("[I] Usage : python db_setup.py -changepassword <loginID> <currentPassword> <newPassword>","info")
sys.exit(1)