Return-Path: X-Original-To: apmail-ambari-commits-archive@www.apache.org Delivered-To: apmail-ambari-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 066BE108EC for ; Tue, 18 Aug 2015 17:27:13 +0000 (UTC) Received: (qmail 56444 invoked by uid 500); 18 Aug 2015 17:27:06 -0000 Delivered-To: apmail-ambari-commits-archive@ambari.apache.org Received: (qmail 56414 invoked by uid 500); 18 Aug 2015 17:27:06 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 56404 invoked by uid 99); 18 Aug 2015 17:27:06 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Aug 2015 17:27:06 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 76678E048E; Tue, 18 Aug 2015 17:27:06 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: alejandro@apache.org To: commits@ambari.apache.org Message-Id: <4cde5e4c18094fb3ba5963fd4789a0b8@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro) Date: Tue, 18 Aug 2015 17:27:06 +0000 (UTC) Repository: ambari Updated Branches: refs/heads/branch-2.1 c1c1effca -> 569c4a159 AMBARI-12782. Handle file permissions for jceks file in umask 027 (Gautam Borad via alejandro) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/569c4a15 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/569c4a15 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/569c4a15 Branch: refs/heads/branch-2.1 Commit: 569c4a1596f214c6a1475ae8dfee5bb770ac28eb Parents: c1c1eff Author: Alejandro Fernandez Authored: Tue Aug 18 10:26:54 2015 -0700 Committer: Alejandro Fernandez Committed: Tue Aug 18 10:26:54 2015 -0700 ---------------------------------------------------------------------- .../functions/setup_ranger_plugin_xml.py | 22 +++++++++++--------- .../0.4.0/package/scripts/setup_ranger_xml.py | 14 ++++++++----- .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 7 +++++-- 3 files changed, 26 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py index 74f0e83..0d2a6d3 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py @@ -30,7 +30,7 @@ from resource_management.libraries.functions.get_hdp_version import get_hdp_vers from resource_management.core.logger import Logger from resource_management.core.source import DownloadSource, InlineTemplate from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2 - +from resource_management.core.utils import PasswordString def setup_ranger_plugin(component_select_name, service_name, component_downloaded_custom_connector, component_driver_curl_source, @@ -97,7 +97,8 @@ def setup_ranger_plugin(component_select_name, service_name, owner = component_user, group = component_group, mode=0775, - recursive = True + recursive = True, + cd_access = 'a' ) for cache_service in cache_service_list: @@ -168,19 +169,20 @@ def setup_ranger_plugin_keystore(service_name, audit_db_is_enabled, hdp_version, ssl_truststore_password, ssl_keystore_password, component_user, component_group, java_home): cred_lib_path = format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/install/lib/*') - cred_setup_prefix = format('python /usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py -l "{cred_lib_path}"') + cred_setup_prefix = (format('/usr/hdp/{hdp_version}/ranger-{service_name}-plugin/ranger_credential_helper.py'), '-l', cred_lib_path) if audit_db_is_enabled: - cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v {xa_audit_db_password!p} -c 1') - Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True) + cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'auditDBCred', '-v', PasswordString(xa_audit_db_password), '-c', '1') + Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True) - cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v {ssl_keystore_password!p} -c 1') - Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True) + cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'sslKeyStore', '-v', PasswordString(ssl_keystore_password), '-c', '1') + Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True) - cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v {ssl_truststore_password!p} -c 1') - Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True) + cred_setup = cred_setup_prefix + ('-f', credential_file, '-k', 'sslTrustStore', '-v', PasswordString(ssl_truststore_password), '-c', '1') + Execute(cred_setup, environment={'JAVA_HOME': java_home}, logoutput=True, sudo=True) File(credential_file, owner = component_user, - group = component_group + group = component_group, + mode = 0640 ) http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py index c3008aa..a3aa5bb 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py @@ -195,12 +195,13 @@ def do_keystore_setup(rolling_upgrade=False): ) File(params.ranger_credential_provider_path, owner = params.unix_user, - group = params.unix_group + group = params.unix_group, + mode = 0640 ) if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password): jceks_path = params.ranger_credential_provider_path - cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias, '-v', PasswordString(params.ranger_ambari_db_password), '-c', '1') + cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias, '-v', PasswordString(params.ranger_ambari_audit_db_password), '-c', '1') Execute(cred_setup, environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home}, logoutput=True, @@ -209,7 +210,8 @@ def do_keystore_setup(rolling_upgrade=False): File(params.ranger_credential_provider_path, owner = params.unix_user, - group = params.unix_group + group = params.unix_group, + mode = 0640 ) @@ -253,7 +255,8 @@ def setup_usersync(): File(params.ugsync_jceks_path, owner = params.unix_user, - group = params.unix_group + group = params.unix_group, + mode = 0640 ) File([params.usersync_start, params.usersync_stop], @@ -277,5 +280,6 @@ def setup_usersync(): File(params.ranger_usersync_keystore_file, owner = params.unix_user, - group = params.unix_group + group = params.unix_group, + mode = 0640 ) http://git-wip-us.apache.org/repos/asf/ambari/blob/569c4a15/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index 8f8be17..d9bb941 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -112,7 +112,8 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password) File(cred_provider_path, owner = params.kms_user, - group = params.kms_group + group = params.kms_group, + mode = 0640 ) def kms(): @@ -291,7 +292,9 @@ def enable_kms_plugin(): File(params.credential_file, owner = params.kms_user, - group = params.kms_group) + group = params.kms_group, + mode = 0640 + ) def create_repo(url, data, usernamepassword):