in unixauthservice/scripts/setup.py [0:0]
def main():
populate_global_dict()
initvariable()
logFolderName = globalDict['logdir']
hadoop_conf = globalDict['hadoop_conf']
pid_dir_path = globalDict['USERSYNC_PID_DIR_PATH']
unix_user = globalDict['unix_user']
rangerUsersync_password = globalDict['rangerUsersync_password']
if globalDict['SYNC_SOURCE'].lower() == SYNC_SOURCE_LDAP and 'ROLE_ASSIGNMENT_LIST_DELIMITER' in globalDict \
and 'USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER' in globalDict and 'USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER' in globalDict:
roleAssignmentDelimiter = globalDict['ROLE_ASSIGNMENT_LIST_DELIMITER']
userGroupAssignmentDelimiter= globalDict['USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER']
userNameGroupNameAssignmentListDelimiter= globalDict['USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER'];
if roleAssignmentDelimiter != "" :
if roleAssignmentDelimiter == userGroupAssignmentDelimiter or roleAssignmentDelimiter == userNameGroupNameAssignmentListDelimiter :
print("ERROR: All Delimiters ROLE_ASSIGNMENT_LIST_DELIMITER, USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER and USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER should be different")
sys.exit(1)
if userGroupAssignmentDelimiter != "" :
if roleAssignmentDelimiter == userGroupAssignmentDelimiter or userGroupAssignmentDelimiter == userNameGroupNameAssignmentListDelimiter:
print("ERROR: All Delimiters ROLE_ASSIGNMENT_LIST_DELIMITER, USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER and USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER should be different")
sys.exit(1)
if userNameGroupNameAssignmentListDelimiter != "":
if roleAssignmentDelimiter == userNameGroupNameAssignmentListDelimiter or userGroupAssignmentDelimiter == userNameGroupNameAssignmentListDelimiter:
print("ERROR: All Delimiters ROLE_ASSIGNMENT_LIST_DELIMITER, USERS_GROUPS_ASSIGNMENT_LIST_DELIMITER and USERNAME_GROUPNAME_ASSIGNMENT_LIST_DELIMITER should be different")
sys.exit(1)
if pid_dir_path == "":
pid_dir_path = "/var/run/ranger"
if logFolderName.lower() == "$pwd" or logFolderName == "":
logFolderName = join(os.getcwd(), "logs")
ugsyncLogFolderName = logFolderName
dirList = [rangerBaseDirName, usersyncBaseDirFullName, confFolderName, certFolderName]
for dir in dirList:
if (not os.path.isdir(dir)):
os.makedirs(dir, 0o750)
defFileList = [defaultSiteXMLFileName, logbackFileName]
for defFile in defFileList:
fn = join(confDistDirName, defFile)
if (isfile(fn)):
shutil.copy(fn, join(confFolderName, defFile))
#
# Create JAVA_HOME setting in confFolderName
#
java_home_setter_fn = join(confFolderName, 'java_home.sh')
if isfile(java_home_setter_fn):
archiveFile(java_home_setter_fn)
jhf = open(java_home_setter_fn, 'w')
str = "export JAVA_HOME=%s\n" % os.environ['JAVA_HOME']
jhf.write(str)
jhf.close()
os.chmod(java_home_setter_fn, 0o750)
if (not os.path.isdir(localConfFolderName)):
os.symlink(confFolderName, localConfFolderName)
defaultProps = getXMLConfigMap(join(confFolderName, defaultSiteXMLFileName))
installProps = getPropertiesConfigMap(join(RANGER_USERSYNC_HOME, installPropFileName))
modifiedInstallProps = convertInstallPropsToXML(installProps)
mergeProps = {}
mergeProps.update(defaultProps)
mergeProps.update(modifiedInstallProps)
localLogFolderName = mergeProps['ranger.usersync.logdir']
if localLogFolderName.lower() == "$pwd" or localLogFolderName == "":
localLogFolderName = logFolderName
if (not os.path.isdir(localLogFolderName)):
if (localLogFolderName != ugsyncLogFolderName):
os.symlink(ugsyncLogFolderName, localLogFolderName)
if (not 'ranger.usersync.keystore.file' in mergeProps):
mergeProps['ranger.usersync.keystore.file'] = defaultKSFileName
ksFileName = mergeProps['ranger.usersync.keystore.file']
if (not isfile(ksFileName)):
mergeProps['ranger.usersync.keystore.password'] = defaultKSPassword
createJavaKeystoreForSSL(ksFileName, defaultKSPassword)
if ('ranger.usersync.keystore.password' not in mergeProps):
mergeProps['ranger.usersync.keystore.password'] = defaultKSPassword
fn = join(installTemplateDirName, templateFileName)
outfn = join(confFolderName, outputFileName)
if (os.path.isdir(logFolderName)):
logStat = os.stat(logFolderName)
logStat.st_uid
logStat.st_gid
ownerName = pwd.getpwuid(logStat.st_uid).pw_name
groupName = pwd.getpwuid(logStat.st_uid).pw_name
else:
os.makedirs(logFolderName, logFolderPermMode)
if (not os.path.isdir(ugsyncLogFolderName)):
os.makedirs(ugsyncLogFolderName, logFolderPermMode)
if (not os.path.isdir(pid_dir_path)):
os.makedirs(pid_dir_path, logFolderPermMode)
if (unixUserProp in mergeProps):
ownerName = mergeProps[unixUserProp]
else:
mergeProps[unixUserProp] = "ranger"
ownerName = mergeProps[unixUserProp]
if (unixGroupProp in mergeProps):
groupName = mergeProps[unixGroupProp]
else:
mergeProps[unixGroupProp] = "ranger"
groupName = mergeProps[unixGroupProp]
try:
groupId = grp.getgrnam(groupName).gr_gid
except KeyError as e:
groupId = createGroup(groupName)
try:
ownerId = pwd.getpwnam(ownerName).pw_uid
except KeyError as e:
ownerId = createUser(ownerName, groupName)
os.chown(logFolderName, ownerId, groupId)
os.chown(ugsyncLogFolderName, ownerId, groupId)
os.chown(rangerBaseDirName, ownerId, groupId)
os.chown(usersyncBaseDirFullName, ownerId, groupId)
os.chown(pid_dir_path, ownerId, groupId)
os.chmod(pid_dir_path, 0o755)
initializeInitD(ownerName)
#
# Add password to crypt path
#
cryptPath = mergeProps['ranger.usersync.credstore.filename']
for keyName, aliasName in PROP2ALIASMAP.items():
if (keyName in mergeProps):
keyPassword = mergeProps[keyName]
updatePropertyInJCKSFile(cryptPath, aliasName, keyPassword)
else:
updatePropertyInJCKSFile(cryptPath, aliasName, " ")
os.chown(cryptPath, ownerId, groupId)
if ('ranger.usersync.policymgr.keystore' not in mergeProps):
mergeProps['ranger.usersync.policymgr.keystore'] = cryptPath
ugsyncCryptPath = mergeProps['ranger.usersync.policymgr.keystore']
if ('ranger.usersync.policymgr.username' not in mergeProps):
mergeProps['ranger.usersync.policymgr.username'] = 'rangerusersync'
if ('ranger.usersync.policymgr.alias' not in mergeProps):
mergeProps['ranger.usersync.policymgr.alias'] = 'ranger.usersync.policymgr.password'
if ('ranger.usersync.policymgr.password' not in mergeProps):
mergeProps['ranger.usersync.policymgr.password'] = 'rangerusersync'
usersyncKSPath = mergeProps['ranger.usersync.policymgr.keystore']
pmgrAlias = mergeProps['ranger.usersync.policymgr.alias']
pmgrPasswd = mergeProps['ranger.usersync.policymgr.password']
updatePropertyInJCKSFile(usersyncKSPath, pmgrAlias, pmgrPasswd)
os.chown(ugsyncCryptPath, ownerId, groupId)
writeXMLUsingProperties(fn, mergeProps, outfn)
hadoop_conf_full_path = join(hadoop_conf, hadoopConfFileName)
usersync_conf_full_path = join(usersyncBaseDirFullName, confBaseDirName, hadoopConfFileName)
if not isfile(hadoop_conf_full_path):
print("WARN: core-site.xml file not found in provided hadoop conf path...")
f = open(usersync_conf_full_path, "w")
f.write("<configuration></configuration>")
f.close()
os.chown(usersync_conf_full_path, ownerId, groupId)
os.chmod(usersync_conf_full_path, 0o750)
else:
if os.path.islink(usersync_conf_full_path):
os.remove(usersync_conf_full_path)
fixPermList = [".", usersyncBaseDirFullName, confFolderName, certFolderName]
for dir in fixPermList:
for root, dirs, files in os.walk(dir):
os.chown(root, ownerId, groupId)
os.chmod(root, 0o755)
for obj in dirs:
dn = join(root, obj)
os.chown(dn, ownerId, groupId)
os.chmod(dn, 0o755)
for obj in files:
fn = join(root, obj)
os.chown(fn, ownerId, groupId)
os.chmod(fn, 0o750)
if isfile(nativeAuthProgramName):
try:
os.chown(nativeAuthProgramName, rootOwnerId, groupId)
os.chmod(nativeAuthProgramName, 0o750)
except PermissionError:
print("WARNING: chmod(4550), chown(%s:%s) failed for Unix Authentication Program (%s) " % ("root", groupName, nativeAuthProgramName))
else:
print("WARNING: Unix Authentication Program (%s) is not available for setting chmod(4550), chown(%s:%s) " % (
nativeAuthProgramName, "root", groupName))
if isfile(pamAuthProgramName):
try:
os.chown(pamAuthProgramName, rootOwnerId, groupId)
os.chmod(pamAuthProgramName, 0o750)
except PermissionError:
print("WARNING: chmod(0o750), chown(%s:%s) failed for Unix Authentication Program (%s) " % ("root", groupName, pamAuthProgramName))
else:
print("WARNING: Unix Authentication Program (%s) is not available for setting chmod(4550), chown(%s:%s) " % (
pamAuthProgramName, "root", groupName))
write_env_files("logdir", logFolderName, ENV_LOGDIR_FILE);
write_env_files("RANGER_USERSYNC_HADOOP_CONF_DIR", hadoop_conf, ENV_HADOOP_CONF_FILE);
write_env_files("USERSYNC_PID_DIR_PATH", pid_dir_path, ENV_PID_FILE);
write_env_files("USERSYNC_CONF_DIR", confFolderName, ENV_CONF_FILE);
os.chown(join(confBaseDirName, ENV_LOGDIR_FILE), ownerId, groupId)
os.chmod(join(confBaseDirName, ENV_LOGDIR_FILE), 0o755)
os.chown(join(confBaseDirName, ENV_HADOOP_CONF_FILE), ownerId, groupId)
os.chmod(join(confBaseDirName, ENV_HADOOP_CONF_FILE), 0o755)
os.chown(join(confBaseDirName, ENV_PID_FILE), ownerId, groupId)
os.chmod(join(confBaseDirName, ENV_PID_FILE), 0o755)
os.chown(join(confBaseDirName, ENV_CONF_FILE), ownerId, groupId)
os.chmod(join(confBaseDirName, ENV_CONF_FILE), 0o755)
f = open(join(confBaseDirName, ENV_PID_FILE), "a+")
f.write("\nexport {0}={1}".format("UNIX_USERSYNC_USER", unix_user))
f.close()
if isfile(hadoop_conf_full_path) and not isfile(usersync_conf_full_path):
os.symlink(hadoop_conf_full_path, usersync_conf_full_path)
rangerUsersync_name ='rangerusersync'
cmd = 'python updatepolicymgrpassword.py %s %s' %(rangerUsersync_name, rangerUsersync_password)
if rangerUsersync_password != "" :
output = os.system(cmd)
if (output == 0):
print("[I] Successfully updated password of " + rangerUsersync_name +" user")
else:
print("[ERROR] Unable to change password of " + rangerUsersync_name +" user.")