ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alejan...@apache.org
Subject ambari git commit: AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro)
Date Tue, 18 Aug 2015 17:27:06 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.1 c1c1effca -> 569c4a159


AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/569c4a15
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/569c4a15
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/569c4a15

Branch: refs/heads/branch-2.1
Commit: 569c4a1596f214c6a1475ae8dfee5bb770ac28eb
Parents: c1c1eff
Author: Alejandro Fernandez <afernandez@hortonworks.com>
Authored: Tue Aug 18 10:26:54 2015 -0700
Committer: Alejandro Fernandez <afernandez@hortonworks.com>
Committed: Tue Aug 18 10:26:54 2015 -0700

----------------------------------------------------------------------
 .../functions/setup_ranger_plugin_xml.py        | 22 +++++++++++---------
 .../0.4.0/package/scripts/setup_ranger_xml.py   | 14 ++++++++-----
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py |  7 +++++--
 3 files changed, 26 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
index 74f0e83..0d2a6d3 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py
@@ -30,7 +30,7 @@ from resource_management.libraries.functions.get_hdp_version import get_hdp_vers
 from resource_management.core.logger import Logger
 from resource_management.core.source import DownloadSource, InlineTemplate
 from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2
-
+from resource_management.core.utils import PasswordString
 
 def setup_ranger_plugin(component_select_name, service_name,
                         component_downloaded_custom_connector, component_driver_curl_source,
@@ -97,7 +97,8 @@ def setup_ranger_plugin(component_select_name, service_name,
       owner = component_user,
       group = component_group,
       mode=0775,
-      recursive = True
+      recursive = True,
+      cd_access = 'a'
     )
 
     for cache_service in cache_service_list:
@@ -168,19 +169,20 @@ def setup_ranger_plugin_keystore(service_name, audit_db_is_enabled,
hdp_version,
                                 ssl_truststore_password, ssl_keystore_password, component_user,
component_group, java_home):
 
   cred_lib_path = format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/install/lib/*')
-  cred_setup_prefix = format('python /usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py
-l "{cred_lib_path}"')
+  cred_setup_prefix = (format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py'),
'-l', cred_lib_path)
 
   if audit_db_is_enabled:
-    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v {xa_audit_db_password!p}
-c 1')
-    Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
+    cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'auditDBCred', '-v', PasswordString(xa_audit_db_password),
'-c', '1')
+    Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True)
 
-  cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v {ssl_keystore_password!p}
-c 1')
-  Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
+  cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'sslKeyStore', '-v', PasswordString(ssl_keystore_password),
'-c', '1')
+  Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True)
 
-  cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v {ssl_truststore_password!p}
-c 1')
-  Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True)
+  cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'sslTrustStore', '-v', PasswordString(ssl_truststore_password),
'-c', '1')
+  Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True)
 
   File(credential_file,
     owner = component_user,
-    group = component_group
+    group = component_group,
+    mode = 0640
   )

http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index c3008aa..a3aa5bb 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -195,12 +195,13 @@ def do_keystore_setup(rolling_upgrade=False):
     )
     File(params.ranger_credential_provider_path,
       owner = params.unix_user,
-      group = params.unix_group
+      group = params.unix_group,
+      mode = 0640
     )
 
   if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower()
== 'db' and not is_empty(params.ranger_ambari_audit_db_password):
     jceks_path = params.ranger_credential_provider_path
-    cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias,
'-v', PasswordString(params.ranger_ambari_db_password), '-c', '1')
+    cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias,
'-v', PasswordString(params.ranger_ambari_audit_db_password), '-c', '1')
     Execute(cred_setup, 
             environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home},

             logoutput=True, 
@@ -209,7 +210,8 @@ def do_keystore_setup(rolling_upgrade=False):
 
     File(params.ranger_credential_provider_path,
       owner = params.unix_user,
-      group = params.unix_group
+      group = params.unix_group,
+      mode = 0640
     )
 
  
@@ -253,7 +255,8 @@ def setup_usersync():
 
   File(params.ugsync_jceks_path,
        owner = params.unix_user,
-       group = params.unix_group
+       group = params.unix_group,
+       mode = 0640
   )
   
   File([params.usersync_start, params.usersync_stop],
@@ -277,5 +280,6 @@ def setup_usersync():
 
     File(params.ranger_usersync_keystore_file,
         owner = params.unix_user,
-        group = params.unix_group
+        group = params.unix_group,
+        mode = 0640
     )

http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 8f8be17..d9bb941 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -112,7 +112,8 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password)
 
     File(cred_provider_path,
       owner = params.kms_user,
-      group = params.kms_group
+      group = params.kms_group,
+      mode = 0640
     )
 
 def kms():
@@ -291,7 +292,9 @@ def enable_kms_plugin():
 
     File(params.credential_file,
       owner = params.kms_user,
-      group = params.kms_group)
+      group = params.kms_group,
+      mode = 0640
+      )
   
 
 def create_repo(url, data, usernamepassword):


Mime
View raw message