in security-admin/scripts/dba_script.py [0:0]
def main(argv):
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
DBA_MODE = 'TRUE'
quiteMode = False
dryMode=False
is_revoke=False
if len(argv) == 4 and argv[3] == 'password_validation':
password_validation(argv[1],argv[2]);
return;
if len(argv) > 1:
for i in range(len(argv)):
if str(argv[i]) == "-q":
quiteMode = True
populate_global_dict()
if str(argv[i]) == "-d":
index=i+1
try:
dba_sql_file=str(argv[index])
if dba_sql_file == "":
log("[E] Invalid input! Provide file path to write DBA scripts:","error")
sys.exit(1)
except IndexError:
log("[E] Invalid input! Provide file path to write DBA scripts:","error")
sys.exit(1)
if not dba_sql_file == "":
if not os.path.exists(dba_sql_file):
log("[I] Creating File:"+dba_sql_file,"info")
open(dba_sql_file, 'w').close()
else:
log("[I] File "+dba_sql_file+ " is available.","info")
if os.path.isfile(dba_sql_file):
dryMode=True
globalDict["dryMode"]=True
globalDict["dryModeOutputFile"]=dba_sql_file
else:
log("[E] Invalid file Name! Unable to find file:"+dba_sql_file,"error")
sys.exit(1)
log("[I] Running DBA setup script. QuiteMode:" + str(quiteMode),"info")
if (quiteMode):
if (not 'JAVA_HOME' in os.environ) or (os.environ['JAVA_HOME'] == ""):
log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
else:
JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
if os_name == "WINDOWS" :
JAVA_BIN = JAVA_BIN+'.exe'
if os.path.isfile(JAVA_BIN):
pass
else:
JAVA_BIN=globalDict['JAVA_BIN']
if os.path.isfile(JAVA_BIN):
pass
else:
log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
sys.exit(1)
log("[I] Using Java:" + str(JAVA_BIN),"info")
else:
JAVA_BIN=''
if not dryMode:
if (not 'JAVA_HOME' in os.environ) or (os.environ['JAVA_HOME'] == ""):
log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
if os_name == "WINDOWS" :
JAVA_BIN = JAVA_BIN+'.exe'
if os.path.isfile(JAVA_BIN):
pass
else :
while os.path.isfile(JAVA_BIN) == False:
log("Enter java executable path: :","info")
JAVA_BIN=input()
log("[I] Using Java:" + str(JAVA_BIN),"info")
if (quiteMode):
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
else:
XA_DB_FLAVOR=''
while XA_DB_FLAVOR == "":
log("Enter db flavour{MYSQL|ORACLE|POSTGRES|MSSQL|SQLA} :","info")
XA_DB_FLAVOR=input()
AUDIT_DB_FLAVOR = XA_DB_FLAVOR
XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
log("[I] DB FLAVOR:" + str(XA_DB_FLAVOR),"info")
if (quiteMode):
CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
else:
CONNECTOR_JAR=''
if not dryMode:
if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL" or XA_DB_FLAVOR == "SQLA":
log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info")
CONNECTOR_JAR=input()
while os.path.isfile(CONNECTOR_JAR) == False:
log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error")
CONNECTOR_JAR=input()
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
if (quiteMode):
xa_db_host = globalDict['db_host']
audit_db_host = globalDict['db_host']
log("[I] DB Host:" + str(xa_db_host),"info")
else:
if (dryMode):
xa_db_host='127.0.0.1'
audit_db_host='127.0.0.1'
else:
xa_db_host=''
while xa_db_host == "":
log("Enter DB Host :","info")
xa_db_host=input()
audit_db_host=xa_db_host
log("[I] DB Host:" + str(xa_db_host),"info")
if (quiteMode):
xa_db_root_user = globalDict['db_root_user']
xa_db_root_password = globalDict['db_root_password']
else:
if (dryMode):
xa_db_root_user='db_root_user'
xa_db_root_password=masked_pwd_string
else:
xa_db_root_user=''
while xa_db_root_user == "":
log("Enter db root user:","info")
xa_db_root_user=input()
log("Enter db root password:","info")
xa_db_root_password = getpass.getpass("Enter db root password:")
if (quiteMode):
db_name = globalDict['db_name']
else:
if (dryMode):
db_name='ranger_db'
else:
db_name = ''
while db_name == "":
log("Enter DB Name :","info")
db_name=input()
if (quiteMode):
db_user = globalDict['db_user']
else:
if (dryMode):
db_user='ranger_admin_user'
else:
db_user=''
while db_user == "":
log("Enter db user name:","info")
db_user=input()
if (quiteMode):
db_password = globalDict['db_password']
else:
if (dryMode):
db_password=masked_pwd_string
else:
db_password=''
while db_password == "":
log("Enter db user password:","info")
db_password = getpass.getpass("Enter db user password:")
audit_db_name=''
audit_db_user=''
audit_db_password=''
audit_store = None
if 'audit_store' in globalDict:
audit_store = globalDict['audit_store']
audit_store=audit_store.lower()
if audit_store =='db':
if (quiteMode):
if 'audit_db_name' in globalDict:
audit_db_name = globalDict['audit_db_name']
else:
if (dryMode):
audit_db_name='ranger_audit_db'
else:
audit_db_name=''
while audit_db_name == "":
log("Enter audit db name:","info")
audit_db_name = input()
if (quiteMode):
if 'audit_db_user' in globalDict:
audit_db_user = globalDict['audit_db_user']
else:
if (dryMode):
audit_db_user='ranger_logger_user'
else:
audit_db_user=''
while audit_db_user == "":
log("Enter audit user name:","info")
audit_db_user = input()
if (quiteMode):
if 'audit_db_password' in globalDict:
audit_db_password = globalDict['audit_db_password']
else:
if (dryMode):
audit_db_password=masked_pwd_string
else:
audit_db_password=''
while audit_db_password == "":
log("Enter audit db user password:","info")
audit_db_password = getpass.getpass("Enter audit db user password:")
audit_db_root_user = xa_db_root_user
audit_db_root_password = xa_db_root_password
mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
mysql_core_file = os.path.join('db','mysql','xa_core_db.sql')
mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql')
mysql_patches = os.path.join('db','mysql','patches')
oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql')
oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql')
oracle_audit_file = os.path.join('db','oracle','xa_audit_db_oracle.sql')
oracle_patches = os.path.join('db','oracle','patches')
postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql')
postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql')
postgres_audit_file = os.path.join('db','postgres','xa_audit_db_postgres.sql')
postgres_patches = os.path.join('db','postgres','patches')
sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql')
sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql')
sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql')
sqlserver_patches = os.path.join('db','sqlserver','patches')
sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql')
sqlanywhere_core_file = os.path.join('db','sqlanywhere','xa_core_db_sqlanywhere.sql')
sqlanywhere_audit_file = os.path.join('db','sqlanywhere','xa_audit_db_sqlanywhere.sql')
sqlanywhere_patches = os.path.join('db','sqlanywhere','patches')
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
x_user = 'x_portal_user'
db_ssl_enabled='false'
db_ssl_required='false'
db_ssl_verifyServerCertificate='false'
db_ssl_auth_type='2-way'
javax_net_ssl_keyStore=''
javax_net_ssl_keyStorePassword=''
javax_net_ssl_trustStore=''
javax_net_ssl_trustStorePassword=''
if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "POSTGRES":
if 'db_ssl_enabled' in globalDict:
db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
if db_ssl_enabled == 'true':
if 'db_ssl_required' in globalDict:
db_ssl_required=globalDict['db_ssl_required'].lower()
if 'db_ssl_verifyServerCertificate' in globalDict:
db_ssl_verifyServerCertificate=globalDict['db_ssl_verifyServerCertificate'].lower()
if 'db_ssl_auth_type' in globalDict:
db_ssl_auth_type=globalDict['db_ssl_auth_type'].lower()
if db_ssl_verifyServerCertificate == 'true':
if 'javax_net_ssl_trustStore' in globalDict:
javax_net_ssl_trustStore=globalDict['javax_net_ssl_trustStore']
if 'javax_net_ssl_trustStorePassword' in globalDict:
javax_net_ssl_trustStorePassword=globalDict['javax_net_ssl_trustStorePassword']
if not os.path.exists(javax_net_ssl_trustStore):
log("[E] Invalid file Name! Unable to find truststore file:"+javax_net_ssl_trustStore,"error")
sys.exit(1)
if javax_net_ssl_trustStorePassword is None or javax_net_ssl_trustStorePassword =="":
log("[E] Invalid ssl truststore password!","error")
sys.exit(1)
if db_ssl_auth_type == '2-way':
if 'javax_net_ssl_keyStore' in globalDict:
javax_net_ssl_keyStore=globalDict['javax_net_ssl_keyStore']
if 'javax_net_ssl_keyStorePassword' in globalDict:
javax_net_ssl_keyStorePassword=globalDict['javax_net_ssl_keyStorePassword']
if not os.path.exists(javax_net_ssl_keyStore):
log("[E] Invalid file Name! Unable to find keystore file:"+javax_net_ssl_keyStore,"error")
sys.exit(1)
if javax_net_ssl_keyStorePassword is None or javax_net_ssl_keyStorePassword =="":
log("[E] Invalid ssl keystore password!","error")
sys.exit(1)
is_override_db_connection_string='false'
db_override_jdbc_connection_string=''
if 'is_override_db_connection_string' in globalDict:
is_override_db_connection_string=globalDict['is_override_db_connection_string'].lower()
if 'db_override_jdbc_connection_string' in globalDict:
db_override_jdbc_connection_string=globalDict['db_override_jdbc_connection_string'].strip()
if XA_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,mysql_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,mysql_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,mysql_patches)
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
if xa_db_root_user.upper() == "SYS" :
xa_db_root_user = xa_db_root_user+" AS SYSDBA"
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,oracle_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,oracle_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,oracle_patches)
elif XA_DB_FLAVOR == "POSTGRES":
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,postgres_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,postgres_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,postgres_patches)
elif XA_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN, is_override_db_connection_string, db_override_jdbc_connection_string)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_patches)
elif XA_DB_FLAVOR == "SQLA":
if not os_name == "WINDOWS" :
if os.environ['LD_LIBRARY_PATH'] == "":
log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
SQLANYWHERE_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_patches)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
if AUDIT_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,mysql_audit_file)
elif AUDIT_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=CONNECTOR_JAR
if audit_db_root_user.upper() == "SYS":
audit_db_root_user = audit_db_root_user+" AS SYSDBA"
audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = PostgresConf(audit_db_host,POSTGRES_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
elif AUDIT_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN, is_override_db_connection_string, db_override_jdbc_connection_string)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_audit_file)
elif AUDIT_DB_FLAVOR == "SQLA":
SQLANYWHERE_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = SqlAnywhereConf(audit_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_audit_file)
else:
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
if not dryMode:
log("[I] ---------- Verifying DB root password ---------- ","info")
password_validation(xa_db_root_password,"DBA root");
log("[I] ---------- Verifying Ranger Admin db user password ---------- ","info")
password_validation(db_password,"admin");
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info")
logFile("===============================================\n")
if audit_store=="db":
xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name)
else:
xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, db_user, db_password, db_name)
logFile("===============================================\n")
if (dryMode==False):
log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode)
log("[I] ---------- Creating Ranger Admin database ----------","info")
xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode)
log("[I] ---------- Granting permission to Ranger Admin db user ----------","info")
if not XA_DB_FLAVOR == "SQLA":
xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode)
# Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same
if audit_store == "db" and audit_db_password!="":
log("[I] ---------- Verifying Ranger Audit db user password ---------- ","info")
password_validation(audit_db_password,"audit");
log("[I] ---------- Verifying/Creating audit user --------- ","info")
audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode)
log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info")