ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yus...@apache.org
Subject [3/3] ambari git commit: AMBARI-9343. Externalize username and password used in Ranger install. (Gautam Borad via yusaku) AMBARI-9475. Upgrade pack definition for Ranger. (Velmurugan Periasamy via yusaku) AMBARI-9476. Use JDBC driver symbolic link instea
Date Fri, 06 Feb 2015 23:39:14 GMT
AMBARI-9343. Externalize username and password used in Ranger install. (Gautam Borad via yusaku)
AMBARI-9475. Upgrade pack definition for Ranger. (Velmurugan Periasamy via yusaku)
AMBARI-9476. Use JDBC driver symbolic link instead of filename in ranger install. (Velmurugan Periasamy via yusaku)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a22bcccf
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a22bcccf
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a22bcccf

Branch: refs/heads/trunk
Commit: a22bcccf087d0c07d45b0b2dc08a1b3ea08ffc2a
Parents: a2fdf5d
Author: Yusaku Sako <yusaku@hortonworks.com>
Authored: Fri Feb 6 15:36:45 2015 -0800
Committer: Yusaku Sako <yusaku@hortonworks.com>
Committed: Fri Feb 6 15:38:46 2015 -0800

----------------------------------------------------------------------
 .../libraries/functions/ranger_functions.py     |  76 ++---
 .../0.96.0.2.0/package/scripts/hbase_master.py  |   2 +-
 .../package/scripts/hbase_regionserver.py       |   2 +-
 .../HBASE/0.96.0.2.0/package/scripts/params.py  |  63 +++-
 .../package/scripts/setup_ranger_hbase.py       | 110 ++++---
 .../HDFS/2.1.0.2.0/package/scripts/namenode.py  |   2 +-
 .../HDFS/2.1.0.2.0/package/scripts/params.py    |  67 +++-
 .../package/scripts/setup_ranger_hdfs.py        | 138 +++-----
 .../0.12.0.2.0/package/scripts/hive_server.py   |   2 +-
 .../HIVE/0.12.0.2.0/package/scripts/params.py   |  64 +++-
 .../package/scripts/setup_ranger_hive.py        | 109 ++++---
 .../ranger-knox-plugin-properties.xml           | 270 ++++++++--------
 .../0.5.0.2.2/package/scripts/knox_gateway.py   |   2 +-
 .../KNOX/0.5.0.2.2/package/scripts/params.py    |  61 +++-
 .../package/scripts/setup_ranger_knox.py        | 103 +++---
 .../0.4.0/configuration/admin-properties.xml    | 314 +++++++++----------
 .../RANGER/0.4.0/configuration/ranger-env.xml   | 102 +++---
 .../RANGER/0.4.0/configuration/ranger-site.xml  |  73 +++--
 .../0.4.0/configuration/usersync-properties.xml | 162 +++++-----
 .../common-services/RANGER/0.4.0/metainfo.xml   | 116 +++----
 .../RANGER/0.4.0/package/scripts/params.py      |  87 ++++-
 .../0.4.0/package/scripts/ranger_admin.py       |  16 +-
 .../0.4.0/package/scripts/ranger_usersync.py    |  17 +-
 .../0.4.0/package/scripts/setup_ranger.py       | 184 ++++++-----
 .../STORM/0.9.1.2.1/package/scripts/nimbus.py   |   2 +-
 .../STORM/0.9.1.2.1/package/scripts/params.py   |  60 +++-
 .../package/scripts/setup_ranger_storm.py       |  91 +++---
 .../0.9.1.2.1/package/scripts/ui_server.py      |   2 +-
 .../ranger-hbase-plugin-properties.xml          | 262 ++++++++--------
 .../ranger-hdfs-plugin-properties.xml           | 274 ++++++++--------
 .../ranger-hive-plugin-properties.xml           | 287 ++++++++---------
 .../stacks/HDP/2.2/services/RANGER/metainfo.xml |  16 +-
 .../ranger-storm-plugin-properties.xml          | 262 ++++++++--------
 .../stacks/HDP/2.2/upgrades/upgrade-2.2.xml     |  28 +-
 34 files changed, 1898 insertions(+), 1528 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
index 4d04928..19a3336 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py
@@ -50,7 +50,7 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code = result.getcode()
       response = json.loads(result.read())
@@ -65,25 +65,25 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error : %s" % (e.reason))
+        Logger.error("Error : {0}".format(e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
       return None
 
-  def create_repository_urllib2(self, data, usernamepassword):
+  def create_repository_urllib2(self, data, usernamepassword, policy_user):
     try:
       searchRepoURL = self.urlReposPub
-      base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+      base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
       headers = {
         'Accept': 'application/json',
         "Content-Type": "application/json"
       }
       request = urllib2.Request(searchRepoURL, data, headers)
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code = result.getcode()
       response = json.loads(json.JSONEncoder().encode(result.read()))
@@ -99,7 +99,7 @@ class Rangeradmin:
         if (len(policyList)) > 0:
           policiesUpdateCount = 0
           for policy in policyList:
-            updatedPolicyObj = self.get_policy_params(typeOfPolicy, policy)
+            updatedPolicyObj = self.get_policy_params(typeOfPolicy, policy, policy_user)
             policyResCode, policyResponse = self.update_ranger_policy(updatedPolicyObj['id'],
                                                                       json.dumps(updatedPolicyObj), usernamepassword)
             if policyResCode == 200:
@@ -121,10 +121,10 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".foramt(e.read()))
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -136,17 +136,17 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response = result.read()
       response_code = result.getcode()
       return response_code, response
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error : %s" % (e.reason))
+        Logger.error("Error : {0}".format(e.reason))
       return None, None
     except httplib.BadStatusLine, e:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -159,7 +159,7 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code = result.getcode()
       response = json.loads(result.read())
@@ -169,10 +169,10 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -181,13 +181,13 @@ class Rangeradmin:
   def update_ranger_policy(self, policyId, data, usernamepassword):
     try:
       searchRepoURL = self.urlPolicies + "/" + str(policyId)
-      base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+      base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
       headers = {
         'Accept': 'application/json',
         "Content-Type": "application/json"
       }
       request = urllib2.Request(searchRepoURL, data, headers)
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       request.get_method = lambda: 'PUT'
       result = urllib2.urlopen(request)
       response_code = result.getcode()
@@ -200,30 +200,30 @@ class Rangeradmin:
         return None, None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
       return None, None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
       return None, None
 
-  def get_policy_params(self, typeOfPolicy, policyObj):
+  def get_policy_params(self, typeOfPolicy, policyObj, policy_user):
 
     typeOfPolicy = typeOfPolicy.lower()
     if typeOfPolicy == "hdfs":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Read', 'Write', 'Execute', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': [policy_user], 'permList': ['Read', 'Write', 'Execute', 'Admin']}]
     elif typeOfPolicy == "hive":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'],
+      policyObj['permMapList'] = [{'userList': [policy_user],
                                    'permList': ['Select', 'Update', 'Create', 'Drop', 'Alter', 'Index', 'Lock', 'All',
                                                 'Admin']}]
     elif typeOfPolicy == "hbase":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Read', 'Write', 'Create', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': [policy_user], 'permList': ['Read', 'Write', 'Create', 'Admin']}]
     elif typeOfPolicy == "knox":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Allow', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': [policy_user], 'permList': ['Allow', 'Admin']}]
     elif typeOfPolicy == "storm":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa', 'storm'],
+      policyObj['permMapList'] = [{'userList': [policy_user],
                                    'permList': ['SubmitTopology', 'FileUpload', 'GetNimbusConf', 'GetClusterInfo',
                                                 'FileDownload', 'KillTopology', 'Rebalance', 'Activate', 'Deactivate',
                                                 'GetTopologyConf', 'GetTopology', 'GetUserTopology',
@@ -238,7 +238,7 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code =  result.getcode()
       response = json.loads(result.read())
@@ -267,13 +267,13 @@ class Rangeradmin:
           admin_user['description'] = ambari_admin_username
           admin_user['firstName'] = ambari_admin_username
           data =  json.dumps(admin_user)
-          base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+          base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
           headers = {
-	          'Accept': 'application/json',
-	          "Content-Type": "application/json"
+            'Accept': 'application/json',
+            "Content-Type": "application/json"
           }
           request = urllib2.Request(url, data, headers)
-          request.add_header("Authorization", "Basic %s" % base64string)
+          request.add_header("Authorization", "Basic {0}".format(base64string))
           result = urllib2.urlopen(request)
           response_code =  result.getcode()
           response = json.loads(json.JSONEncoder().encode(result.read()))
@@ -289,11 +289,11 @@ class Rangeradmin:
 
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
         return '',''
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
         return '',''
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
index 6b2b9a3..6059a1c 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
@@ -52,7 +52,7 @@ class HbaseMaster(Script):
     import params
     env.set_params(params)
     self.configure(env) # for security
-    setup_ranger_hbase(env)  
+    setup_ranger_hbase()  
     hbase_service( 'master',
       action = 'start'
     )

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
index 5ded688..0f0f539 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
@@ -57,7 +57,7 @@ class HbaseRegionServer(Script):
     import params
     env.set_params(params)
     self.configure(env) # for security
-    setup_ranger_hbase(env)  
+    setup_ranger_hbase()  
     hbase_service( 'regionserver',
       action = 'start'
     )

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py
index a50b985..212dcad 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py
@@ -164,14 +164,13 @@ if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
     region_drainer = format("/usr/hdp/current/hbase-{role_root}/bin/draining_servers.rb")
     hbase_cmd = format("/usr/hdp/current/hbase-{role_root}/bin/hbase")
 
-user_input = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled","no")
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # Setting Flag value for ranger hbase plugin
   enable_ranger_hbase = False
-  user_input = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']
-  if user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled","no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_hbase = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_hbase = False
 
 # ranger host
@@ -180,11 +179,63 @@ has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
+
+# ranger hbase properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_hbase'
+db_enabled = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-hbase-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-hbase-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-hbase-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-hbase-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+grant_revoke = default("/configurations/ranger-hbase-plugin-properties/UPDATE_XAPOLICIES_ON_GRANT_REVOKE","true")
+
+zookeeper_znode_parent = config['configurations']['hbase-site']['zookeeper.znode.parent']
+hbase_zookeeoer_quorum = config['configurations']['hbase-site']['hbase.zookeeper.quorum']
+hbase_zookeeper_property_clientPort = config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
+hbase_security_authentication = config['configurations']['hbase-site']['hbase.security.authentication']
+hadoop_security_authentication = config['configurations']['core-site']['hadoop.security.authentication']
+
+repo_config_username = default("/configurations/ranger-hbase-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hbase")
+repo_config_password = default("/configurations/ranger-hbase-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hbase")
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-hbase-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
 driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
index 9ef9fec..ef31ae7 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py
@@ -27,9 +27,8 @@ from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
-def setup_ranger_hbase(env):
+def setup_ranger_hbase():
   import params
-  env.set_params(params)
   
   if params.has_ranger_admin:
 
@@ -65,8 +64,8 @@ def setup_ranger_hbase(env):
 
     file_path = '/usr/hdp/'+ hdp_version +'/ranger-hbase-plugin/install.properties'
 
-    ranger_hbase_dict = ranger_hbase_properties(params)
-    hbase_repo_data = hbase_repo_properties(params)
+    ranger_hbase_dict = ranger_hbase_properties()
+    hbase_repo_data = hbase_repo_properties()
 
     write_properties_to_file(file_path, ranger_hbase_dict)
 
@@ -76,16 +75,14 @@ def setup_ranger_hbase(env):
       response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hbase_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hbase_dict['REPOSITORY_NAME'], 'hbase', 'true', ambari_username_password_for_ranger)
           if repo and repo['name'] == ranger_hbase_dict['REPOSITORY_NAME']:
             Logger.info('Hbase Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(hbase_repo_data, ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(hbase_repo_data, ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('Hbase Repository created in Ranger admin')
             else:
@@ -141,66 +138,67 @@ def modify_config(filepath, variable, setting):
 
   return
 
-def ranger_hbase_properties(params):
+def ranger_hbase_properties():
+  import params
+
   ranger_hbase_properties = dict()
 
-  ranger_hbase_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-  ranger_hbase_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_hbase_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_hbase_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-  ranger_hbase_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_hbase_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-  ranger_hbase_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-  ranger_hbase_properties['REPOSITORY_NAME']          = str(params.config['clusterName']) + '_hbase'
-
-  ranger_hbase_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-  ranger_hbase_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-    
-
-  ranger_hbase_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-  ranger_hbase_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-  ranger_hbase_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-  ranger_hbase_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  ranger_hbase_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_hbase_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_hbase_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_hbase_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_hbase_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_hbase_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_hbase_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_hbase_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_hbase_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_hbase_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_hbase_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_hbase_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_hbase_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_hbase_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
    
-  ranger_hbase_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hbase-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+  ranger_hbase_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.grant_revoke
 
   return ranger_hbase_properties    
 
-def hbase_repo_properties(params):
+def hbase_repo_properties():
+  import params
 
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-  config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site']['hadoop.security.authentication']
-  config_dict['hbase.security.authentication'] = params.config['configurations']['hbase-site']['hbase.security.authentication']
-  config_dict['hbase.zookeeper.property.clientPort'] = params.config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
-  config_dict['hbase.zookeeper.quorum'] = params.config['configurations']['hbase-site']['hbase.zookeeper.quorum']
-  config_dict['zookeeper.znode.parent'] =  params.config['configurations']['hbase-site']['zookeeper.znode.parent']
-
-  if params.config['configurations']['cluster-env']['security_enabled']:
-    config_dict['hbase.master.kerberos.principal'] = params.config['configurations']['hbase-site']['hbase.master.kerberos.principal']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['hadoop.security.authentication'] = params.hadoop_security_authentication
+  config_dict['hbase.security.authentication'] = params.hbase_security_authentication
+  config_dict['hbase.zookeeper.property.clientPort'] = params.hbase_zookeeper_property_clientPort
+  config_dict['hbase.zookeeper.quorum'] = params.hbase_zookeeoer_quorum
+  config_dict['zookeeper.znode.parent'] = params.zookeeper_znode_parent
+
+  if params.security_enabled:
+    config_dict['hbase.master.kerberos.principal'] = params.master_jaas_princ
   else:
     config_dict['hbase.master.kerberos.principal'] = ''
 
   repo= dict()
-  repo['isActive']                = "true"
-  repo['config']                  = json.dumps(config_dict)
-  repo['description']             = "hbase repo"
-  repo['name']                    = str(params.config['clusterName']) + "_hbase"
-  repo['repositoryType']          = "Hbase"
-  repo['assetType']               = '2'
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "hbase repo"
+  repo['name'] = params.repo_name
+  repo['repositoryType'] = "Hbase"
+  repo['assetType'] = '2'
 
   data = json.dumps(repo)
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
index ccfe0cd..3dfdb88 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
@@ -70,7 +70,7 @@ class NameNode(Script):
 
     env.set_params(params)
     self.configure(env)
-    setup_ranger_hdfs(env)
+    setup_ranger_hdfs()
     namenode(action="start", rolling_restart=rolling_restart, env=env)
 
   def post_rolling_restart(self, env):

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
index 900b6d1..69cd157 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py
@@ -320,24 +320,79 @@ mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefi
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-user_input = default("/configurations/ranger-hdfs-plugin-properties/ranger-hdfs-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # setting flag value for ranger hdfs plugin
   enable_ranger_hdfs = False
-  if  user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-hdfs-plugin-properties/ranger-hdfs-plugin-enabled", "no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_hdfs = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_hdfs = False
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
+#ranger hdfs properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_hadoop'
+db_enabled = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-hdfs-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-hdfs-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-hdfs-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-hdfs-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+
+hadoop_security_authentication = config['configurations']['core-site']['hadoop.security.authentication']
+hadoop_security_authorization = config['configurations']['core-site']['hadoop.security.authorization']
+fs_default_name = config['configurations']['core-site']['fs.defaultFS']
+hadoop_security_auth_to_local = config['configurations']['core-site']['hadoop.security.auth_to_local']
+hadoop_rpc_protection = default("/configurations/ranger-hdfs-plugin-properties/hadoop.rpc.protection", "-")
+common_name_for_certificate = default("/configurations/ranger-hdfs-plugin-properties/common.name.for.certificate", "-")
+
+repo_config_username = default("/configurations/ranger-hdfs-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hadoop")
+repo_config_password = default("/configurations/ranger-hdfs-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hadoop")
+
+if security_enabled:
+  _sn_principal_name = default("/configurations/hdfs-site/dfs.secondary.namenode.kerberos.principal", "nn/_HOST@EXAMPLE.COM")
+  _sn_principal_name = _sn_principal_name.replace('_HOST',hostname.lower())
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-hdfs-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
-driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    
\ No newline at end of file
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
index 6bf04f2..df7063b 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py
@@ -28,11 +28,9 @@ from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
 
-def setup_ranger_hdfs(env):
+def setup_ranger_hdfs():
   import params
 
-  env.set_params(params)
-
   if params.has_ranger_admin:
 
     environment = {"no_proxy": format("{params.ambari_server_hostname}")}
@@ -68,8 +66,8 @@ def setup_ranger_hdfs(env):
 
     file_path = '/usr/hdp/' + hdp_version + '/ranger-hdfs-plugin/install.properties'
 
-    ranger_hdfs_dict = ranger_hdfs_properties(params)
-    hdfs_repo_data = hdfs_repo_properties(params)
+    ranger_hdfs_dict = ranger_hdfs_properties()
+    hdfs_repo_data = hdfs_repo_properties()
 
     write_properties_to_file(file_path, ranger_hdfs_dict)
 
@@ -80,16 +78,14 @@ def setup_ranger_hdfs(env):
         ranger_hdfs_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hdfs_dict['REPOSITORY_NAME'], 'hdfs', 'true', ambari_username_password_for_ranger)
           if repo and repo['name'] == ranger_hdfs_dict['REPOSITORY_NAME']:
             Logger.info('HDFS Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(hdfs_repo_data, ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(hdfs_repo_data, ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('HDFS Repository created in Ranger Admin')
             else:
@@ -148,89 +144,59 @@ def modify_config(filepath, variable, setting):
   return
 
 
-def ranger_hdfs_properties(params):
+def ranger_hdfs_properties():
+  import params
+
   ranger_hdfs_properties = dict()
 
-  ranger_hdfs_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties'][
-    'policymgr_external_url']
-  ranger_hdfs_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_hdfs_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_hdfs_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties'][
-    'audit_db_name']
-  ranger_hdfs_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_hdfs_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties'][
-    'audit_db_password']
-  ranger_hdfs_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host']
-  ranger_hdfs_properties['REPOSITORY_NAME'] = str(params.config['clusterName']) + '_hadoop'
-
-  ranger_hdfs_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.DB.IS_ENABLED']
-
-  ranger_hdfs_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.IS_ENABLED']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-
-  ranger_hdfs_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_KEYSTORE_FILE_PATH']
-  ranger_hdfs_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_KEYSTORE_PASSWORD']
-  ranger_hdfs_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_TRUSTSTORE_FILE_PATH']
-  ranger_hdfs_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_TRUSTSTORE_PASSWORD']
+  ranger_hdfs_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_hdfs_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_hdfs_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_hdfs_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_hdfs_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_hdfs_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_hdfs_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_hdfs_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_hdfs_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_hdfs_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_hdfs_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_hdfs_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_hdfs_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_hdfs_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
 
   return ranger_hdfs_properties
 
 
-def hdfs_repo_properties(params):
+def hdfs_repo_properties():
+  import params
+
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'REPOSITORY_CONFIG_PASSWORD']
-  config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site'][
-    'hadoop.security.authentication']
-  config_dict['hadoop.security.authorization'] = params.config['configurations']['core-site'][
-    'hadoop.security.authorization']
-  config_dict['fs.default.name'] = params.config['configurations']['core-site']['fs.defaultFS']
-  config_dict['hadoop.security.auth_to_local'] = params.config['configurations']['core-site'][
-    'hadoop.security.auth_to_local']
-  config_dict['hadoop.rpc.protection'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'hadoop.rpc.protection']
-  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'common.name.for.certificate']
-
-  if params.config['configurations']['cluster-env']['security_enabled']:
-    config_dict['dfs.datanode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
-      'dfs.datanode.kerberos.principal']
-    config_dict['dfs.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
-      'dfs.namenode.kerberos.principal']
-    config_dict['dfs.secondary.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
-      'dfs.secondary.namenode.kerberos.principal']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['hadoop.security.authentication'] = params.hadoop_security_authentication
+  config_dict['hadoop.security.authorization'] = params.hadoop_security_authorization
+  config_dict['fs.default.name'] = params.fs_default_name
+  config_dict['hadoop.security.auth_to_local'] = params.hadoop_security_auth_to_local
+  config_dict['hadoop.rpc.protection'] = params.hadoop_rpc_protection
+  config_dict['commonNameForCertificate'] = params.common_name_for_certificate
+
+  if params.security_enabled:
+    config_dict['dfs.datanode.kerberos.principal'] = params._dn_principal_name
+    config_dict['dfs.namenode.kerberos.principal'] = params._nn_principal_name
+    config_dict['dfs.secondary.namenode.kerberos.principal'] = params._sn_principal_name
   else:
     config_dict['dfs.datanode.kerberos.principal'] = ''
     config_dict['dfs.namenode.kerberos.principal'] = ''
@@ -240,7 +206,7 @@ def hdfs_repo_properties(params):
   repo['isActive'] = "true"
   repo['config'] = json.dumps(config_dict)
   repo['description'] = "hdfs repo"
-  repo['name'] = str(params.config['clusterName']) + "_hadoop"
+  repo['name'] = params.repo_name
   repo['repositoryType'] = "Hdfs"
   repo['assetType'] = '1'
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
index 8ca33ff..abfde14 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
@@ -56,7 +56,7 @@ class HiveServer(Script):
     # This function is needed in HDP 2.2, but it is safe to call in earlier versions.
     copy_tarballs_to_hdfs('mapreduce', 'hive-server2', params.tez_user, params.hdfs_user, params.user_group)
     copy_tarballs_to_hdfs('tez', 'hive-server2', params.tez_user, params.hdfs_user, params.user_group)
-    setup_ranger_hive(env)    
+    setup_ranger_hive()    
     hive_service( 'hiveserver2', action = 'start',
       rolling_restart=rolling_restart )
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py
index 0821b69..3e96bb3 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py
@@ -335,20 +335,70 @@ HdfsDirectory = functools.partial(
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-user_input = default("/configurations/ranger-hive-plugin-properties/ranger-hive-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >=0:
   # setting flag value for ranger hive plugin
   enable_ranger_hive = False
-  user_input = config['configurations']['ranger-hive-plugin-properties']['ranger-hive-plugin-enabled']
-  if  user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-hive-plugin-properties/ranger-hive-plugin-enabled", "no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_hive = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_hive = False
 
-ranger_jdbc_jar_name = "mysql-connector-java.jar"
+#ranger hive properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_hive'
+db_enabled = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-hive-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-hive-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-hive-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-hive-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+grant_revoke = default("/configurations/ranger-hive-plugin-properties/UPDATE_XAPOLICIES_ON_GRANT_REVOKE","true")
+
+jdbc_driver_class_name = default("/configurations/ranger-hive-plugin-properties/jdbc.driverClassName","")
+common_name_for_certificate = default("/configurations/ranger-hive-plugin-properties/common.name.for.certificate", "-")
+
+repo_config_username = default("/configurations/ranger-hive-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hive")
+repo_config_password = default("/configurations/ranger-hive-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hive")
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-hive-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  ranger_jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  ranger_jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  ranger_jdbc_jar_name = "ojdbc6.jar"
+  ranger_jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}")
 
-ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}")
-ranger_driver_curl_target = format("{java_share_dir}/{ranger_jdbc_jar_name}")
\ No newline at end of file
+ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_symlink_name}")
+ranger_driver_curl_target = format("{java_share_dir}/{ranger_jdbc_jar_name}")
+
+if security_enabled:
+  hive_principal = hive_server_principal.replace('_HOST',hive_server_host.lower())
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
index a766103..410fb9a 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
@@ -27,9 +27,8 @@ from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
-def setup_ranger_hive(env):
+def setup_ranger_hive():
   import params
-  env.set_params(params)
 
   if params.has_ranger_admin:
 
@@ -45,7 +44,7 @@ def setup_ranger_hive(env):
     if not os.path.isfile(params.ranger_driver_curl_target):
       Execute(('cp', '--remove-destination', params.ranger_downloaded_custom_connector, params.ranger_driver_curl_target),
               path=["/bin", "/usr/bin/"],
-              sudo=True)
+              sudo=True)     
 
     try:
       command = 'hdp-select status hive-server2'
@@ -65,8 +64,8 @@ def setup_ranger_hive(env):
 
     file_path = '/usr/hdp/'+ hdp_version +'/ranger-hive-plugin/install.properties'
 
-    ranger_hive_dict = ranger_hive_properties(params)
-    hive_repo_data = hive_repo_properties(params)
+    ranger_hive_dict = ranger_hive_properties()
+    hive_repo_data = hive_repo_properties()
 
     write_properties_to_file(file_path, ranger_hive_dict)
   
@@ -76,9 +75,7 @@ def setup_ranger_hive(env):
       response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hive_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hive_dict['REPOSITORY_NAME'], 'hive', 'true', ambari_username_password_for_ranger)
@@ -86,7 +83,7 @@ def setup_ranger_hive(env):
           if repo and repo['name'] ==  ranger_hive_dict['REPOSITORY_NAME']:
             Logger.info('Hive Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(hive_repo_data,ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(hive_repo_data,ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('Hive Repository created in Ranger Admin')
             else:
@@ -144,61 +141,63 @@ def modify_config(filepath, variable, setting):
 
   return
 
-def ranger_hive_properties(params):
-  ranger_hive_properties = dict()
-
-  ranger_hive_properties['POLICY_MGR_URL']       = params.config['configurations']['admin-properties']['policymgr_external_url']
-  ranger_hive_properties['SQL_CONNECTOR_JAR']    = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_hive_properties['XAAUDIT.DB.FLAVOUR']     = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_hive_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-  ranger_hive_properties['XAAUDIT.DB.USER_NAME']   = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_hive_properties['XAAUDIT.DB.PASSWORD']    = params.config['configurations']['admin-properties']['audit_db_password']
-  ranger_hive_properties['XAAUDIT.DB.HOSTNAME']    = params.config['configurations']['admin-properties']['db_host']
-  ranger_hive_properties['REPOSITORY_NAME']      = str(params.config['clusterName']) + '_hive'
-
-  ranger_hive_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-  ranger_hive_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-  
+def ranger_hive_properties():
+  import params
 
-  ranger_hive_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-  ranger_hive_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-  ranger_hive_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-  ranger_hive_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  ranger_hive_properties = dict()
 
-  ranger_hive_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hive-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+  ranger_hive_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_hive_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_hive_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_hive_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_hive_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_hive_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_hive_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_hive_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_hive_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_hive_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_hive_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_hive_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_hive_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_hive_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
+   
+  ranger_hive_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.grant_revoke
 
   return ranger_hive_properties
 
-def hive_repo_properties(params):
-
-  hive_host = params.config['clusterHostInfo']['hive_server_host'][0]
+def hive_repo_properties():
+  import params
 
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-  config_dict['jdbc.driverClassName'] = params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName']
-  config_dict['jdbc.url'] = 'jdbc:hive2://' + hive_host + ':10000'
-  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['jdbc.driverClassName'] = params.jdbc_driver_class_name
+  if params.security_enabled:
+    config_dict['jdbc.url'] = format("{params.hive_url}/default;principal={params.hive_principal}")
+  else:  
+    config_dict['jdbc.url'] = params.hive_url
+  config_dict['commonNameForCertificate'] = params.common_name_for_certificate
 
   repo= dict()
-  repo['isActive']        = "true"
-  repo['config']          = json.dumps(config_dict)
-  repo['description']       = "hive repo"
-  repo['name']          = str(params.config['clusterName']) + '_hive'
-  repo['repositoryType']      = "Hive"
-  repo['assetType']         = '3'
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "hive repo"
+  repo['name'] = params.repo_name
+  repo['repositoryType'] = "Hive"
+  repo['assetType'] = '3'
 
   data = json.dumps(repo)
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
index b744658..1d70ec2 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml
@@ -20,137 +20,143 @@
 -->
 <configuration supports_final="true">
 
-	<property>
-		<name>common.name.for.certificate</name>
-		<value>-</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>
-
-    <property>
-        <name>ranger-knox-plugin-enabled</name>
-        <value>No</value>
-        <description>Enable ranger knox plugin ?</description>
-    </property>
-
-	<property>
-		<name>REPOSITORY_CONFIG_USERNAME</name>
-		<value>admin</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>REPOSITORY_CONFIG_PASSWORD</name>
-		<value>admin-password</value>
-		<property-type>PASSWORD</property-type>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>KNOX_HOME</name>
-		<value>/usr/hdp/current/knox-server</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.DB.IS_ENABLED</name>
-		<value>true</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.IS_ENABLED</name>
-		<value>false</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
-		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
-		<value>%hostname%-audit.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
-		<value>900</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>86400</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>600</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
-		<value>10</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_PASSWORD</name>
-		<value>myKeyFilePassword</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_PASSWORD</name>
-		<value>changeit</value>
-		<description></description>
-	</property>
+  <property>
+    <name>policy_user</name>
+    <value>ambari-qa</value>
+    <description>This user must be system user and also present at Ranger admin portal</description>
+  </property> 
+
+  <property>
+    <name>common.name.for.certificate</name>
+    <value>-</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>ranger-knox-plugin-enabled</name>
+    <value>No</value>
+    <description>Enable ranger knox plugin ?</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <value>admin</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <value>admin-password</value>
+    <property-type>PASSWORD</property-type>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>KNOX_HOME</name>
+    <value>/usr/hdp/current/knox-server</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.DB.IS_ENABLED</name>
+    <value>true</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.IS_ENABLED</name>
+    <value>false</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+    <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+    <value>%hostname%-audit.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+    <value>900</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>86400</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+    <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>600</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+    <value>10</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_PASSWORD</name>
+    <value>myKeyFilePassword</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_PASSWORD</name>
+    <value>changeit</value>
+    <description></description>
+  </property>
 
 </configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/a22bcccf/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
index 7dd27c3..691d4a6 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
@@ -80,7 +80,7 @@ class KnoxGateway(Script):
     self.configure(env)
     daemon_cmd = format('{knox_bin} start')
     no_op_test = format('ls {knox_pid_file} >/dev/null 2>&1 && ps -p `cat {knox_pid_file}` >/dev/null 2>&1')
-    setup_ranger_knox(env)
+    setup_ranger_knox()
     Execute(daemon_cmd,
             user=params.knox_user,
             environment={'JAVA_HOME': params.java_home},


Mime
View raw message