ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject ambari git commit: AMBARI-13445. LDAP related properties in ranger-admin-site should be derived from similar properties in ranger
Date Mon, 19 Oct 2015 05:57:18 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.1 799f8a9cc -> bd31090af


AMBARI-13445. LDAP related properties in ranger-admin-site should be derived from similar
properties in ranger


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bd31090a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bd31090a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bd31090a

Branch: refs/heads/branch-2.1
Commit: bd31090af780dc1d3d3f7114043b873159a32e3e
Parents: 799f8a9
Author: Gautam Borad <gautam@apache.org>
Authored: Fri Oct 16 12:35:42 2015 +0530
Committer: Gautam Borad <gautam@apache.com>
Committed: Mon Oct 19 11:27:04 2015 +0530

----------------------------------------------------------------------
 .../0.4.0/configuration/usersync-properties.xml |  1 +
 .../RANGER/0.4.0/package/scripts/params.py      |  5 +++++
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 22 +++++++++++++-------
 .../RANGER/configuration/ranger-admin-site.xml  | 20 +++++++++---------
 .../RANGER/configuration/ranger-ugsync-site.xml |  2 +-
 5 files changed, 31 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/bd31090a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml
index 499c058..742e971 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml
@@ -53,6 +53,7 @@
   <property>
     <name>SYNC_LDAP_BIND_PASSWORD</name>
     <value>admin321</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
   <property>

http://git-wip-us.apache.org/repos/asf/ambari/blob/bd31090a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index ca77837..3900196 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -173,3 +173,8 @@ if xml_configurations_supported:
 
 ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
 is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
+ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"]
+ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
+ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
+ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/bd31090a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index fafe1ec..69946f7 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -266,19 +266,19 @@ def enable_kms_plugin():
   if params.has_ranger_admin:
 
     ranger_adm_obj = Rangeradmin(url=params.policymgr_mgr_url)
-    response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(params.policymgr_mgr_url
+ '/login.jsp', 'test:test')
+    ambari_username_password_for_ranger = format("{ambari_ranger_admin}:{ambari_ranger_password}")
+    response_code = ranger_adm_obj.check_ranger_login_urllib2(params.policymgr_mgr_url)
     if response_code is not None and response_code == 200:
-      ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin,
params.ambari_ranger_password, params.admin_uname_password)
-      ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
+      user_resp_code = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin,
params.ambari_ranger_password, params.admin_uname_password)
     else:
       raise Fail('Ranger service is not started on given host')   
 
-    if ambari_ranger_admin != '' and ambari_ranger_password != '':
+    if user_resp_code is not None and user_resp_code == 200:
       get_repo_flag = get_repo(params.policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger)
       if not get_repo_flag:
         create_repo(params.policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo),
ambari_username_password_for_ranger)
     else:
-      raise Fail('Ambari admin username and password not available')
+      raise Fail('Ambari admin user creation failed')
 
     current_datetime = datetime.now()
 
@@ -361,7 +361,10 @@ def create_repo(url, data, usernamepassword):
     else:
       Logger.info('Repository not created')
   except urllib2.URLError, e:
-    raise Fail('Repository creation failed, {0}'.format(str(e)))  
+    if isinstance(e, urllib2.HTTPError):
+      raise Fail("Error creating service. Http status code - {0}. \n {1}".format(e.code,
e.read()))
+    else:
+      raise Fail("Error creating service. Reason - {0}.".format(e.reason))
 
 def get_repo(url, name, usernamepassword):
   try:
@@ -376,7 +379,7 @@ def get_repo(url, name, usernamepassword):
     response = json.loads(result.read())
     if response_code == 200 and len(response) > 0:
       for repo in response:
-        if repo.get('name') == name and repo.has_key('name'):
+        if repo.get('name').lower() == name.lower() and repo.has_key('name'):
           Logger.info('KMS repository exist')
           return True
         else:
@@ -386,4 +389,7 @@ def get_repo(url, name, usernamepassword):
       Logger.info('KMS repository doesnot exist')
       return False
   except urllib2.URLError, e:
-    raise Fail('Get repository failed, {0}'.format(str(e))) 
+    if isinstance(e, urllib2.HTTPError):
+      raise Fail("Error getting {0} service. Http status code - {1}. \n {2}".format(name,
e.code, e.read()))
+    else:
+      raise Fail("Error getting {0} service. Reason - {1}.".format(name, e.reason))

http://git-wip-us.apache.org/repos/asf/ambari/blob/bd31090a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
index 1604629..cc9a78c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml
@@ -179,7 +179,7 @@
   <property>
     <name>ranger.ldap.url</name>
     <display-name>​LDAP URL</display-name>
-    <value>ldap://71.127.43.33:389</value>
+    <value>{{ranger_ug_ldap_url}}</value>
     <description>LDAP Server URL, only used if Authentication method is LDAP</description>
     <value-attributes>
       <overridable>false</overridable>
@@ -198,21 +198,21 @@
   <property>
     <name>ranger.ldap.group.searchbase</name>
     <display-name>Group Search Base</display-name>
-    <value>ou=groups,dc=xasecure,dc=net</value>
+    <value>{{ranger_ug_ldap_group_searchbase}}</value>
     <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
   </property>
 
   <property>
     <name>ranger.ldap.group.searchfilter</name>
     <display-name>Group Search Filter</display-name>
-    <value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value>
+    <value>{{ranger_ug_ldap_group_searchfilter}}</value>
     <description>LDAP group search filter, only used if Authentication method is LDAP</description>
   </property>
 
   <property>
     <name>ranger.ldap.user.searchfilter</name>
     <display-name>User Search Filter</display-name>
-    <value>(uid={0})</value>
+    <value>{{ranger_ug_ldap_user_searchfilter}}</value>
     <description>Search filter used for Bind Authentication</description>
     <value-attributes>
       <overridable>false</overridable>
@@ -240,7 +240,7 @@
   <property>
     <name>ranger.ldap.bind.dn</name>
     <display-name>Bind User</display-name>
-    <value>cn=adadmin,cn=Users,dc=example,dc=com</value>
+    <value>{{ranger_ug_ldap_bind_dn}}</value>
     <description>Full distinguished name (DN), including common name (CN), of an LDAP
user account that has privileges to search for users. </description>
     <value-attributes>
       <overridable>false</overridable>
@@ -250,7 +250,7 @@
   <property>
     <name>ranger.ldap.bind.password</name>
     <display-name>​Bind User Password</display-name>
-    <value></value>
+    <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
     <property-type>PASSWORD</property-type>
     <description>Password for the account that can search for users</description>
     <value-attributes>
@@ -280,7 +280,7 @@
 
   <property>
     <name>ranger.ldap.ad.url</name>
-    <value>ldap://ad.xasecure.net:389</value>
+    <value>{{ranger_ug_ldap_url}}</value>
     <description>AD URL, only used if Authentication method is AD</description>
     <value-attributes>
       <overridable>false</overridable>
@@ -298,7 +298,7 @@
 
   <property>
     <name>ranger.ldap.ad.bind.dn</name>
-    <value>cn=adadmin,cn=Users,dc=example,dc=com</value>
+    <value>{{ranger_ug_ldap_bind_dn}}</value>
     <description>Full distinguished name (DN), including common name (CN), of an LDAP
user account that has privileges to search for users.</description>
     <value-attributes>
       <overridable>false</overridable>
@@ -307,7 +307,7 @@
 
   <property>
     <name>ranger.ldap.ad.bind.password</name>
-    <value></value>
+    <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
     <property-type>PASSWORD</property-type>
     <description>Password for the account that can search for users</description>
     <value-attributes>
@@ -317,7 +317,7 @@
 
   <property>
     <name>ranger.ldap.ad.user.searchfilter</name>
-    <value>(sAMAccountName={0})</value>
+    <value>{{ranger_ug_ldap_user_searchfilter}}</value>
     <description>Search filter used for Bind Authentication</description>
     <value-attributes>
       <overridable>false</overridable>

http://git-wip-us.apache.org/repos/asf/ambari/blob/bd31090a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
index c8bd2db..22e53dc 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -363,7 +363,7 @@
 
   <property>
     <name>ranger.usersync.group.searchscope</name>
-    <value> </value>
+    <value></value>
     <description>"# search scope for the groups, only base, one and sub are supported
values
 # please customize the value to suit your deployment
 # default value: sub"</description>


Mime
View raw message