ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject ambari git commit: AMBARI-15752. Ambari support for additional config params for Ranger KMS to support HSM (Mugdha Varadkar via gautam)
Date Thu, 21 Apr 2016 13:54:26 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 346dfe7eb -> 8006d3d6a


AMBARI-15752. Ambari support for additional config params for Ranger KMS to support HSM (Mugdha
Varadkar via gautam)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8006d3d6
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8006d3d6
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8006d3d6

Branch: refs/heads/trunk
Commit: 8006d3d6a77615b43aeb619bac6231d9f3ff2b75
Parents: 346dfe7
Author: Gautam Borad <gautam@apache.org>
Authored: Wed Apr 20 16:38:11 2016 +0530
Committer: Gautam Borad <gautam@apache.org>
Committed: Thu Apr 21 19:24:01 2016 +0530

----------------------------------------------------------------------
 .../libraries/functions/constants.py            |   3 +-
 .../libraries/functions/stack_features.py       |   7 +-
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py |   2 +
 .../0.5.0.2.3/package/scripts/params.py         |   5 +
 .../HDP/2.0.6/properties/stack_features.json    |   7 +-
 .../RANGER_KMS/configuration/dbks-site.xml      |  78 ++++++++++++
 .../RANGER_KMS/configuration/kms-env.xml        |  34 +++++
 .../HDP/2.5/services/RANGER_KMS/metainfo.xml    |  10 +-
 .../RANGER_KMS/themes/theme_version_2.json      | 124 +++++++++++++++++++
 9 files changed, 266 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
index 658c56f..36df2e8 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
@@ -76,4 +76,5 @@ class StackFeature:
   HIVE_WEBHCAT_SPECIFIC_CONFIGS = "hive_webhcat_specific_configs"
   HIVE_PURGE_TABLE = "hive_purge_table"
   HIVE_SERVER2_KERBERIZED_ENV = "hive_server2_kerberized_env"
-  HIVE_ENV_HEAPSIZE = "hive_env_heapsize"
\ No newline at end of file
+  HIVE_ENV_HEAPSIZE = "hive_env_heapsize"
+  RANGER_KMS_HSM_SUPPORT = "ranger_kms_hsm_support"
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py
b/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py
index cf56acf..2e9123f 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py
@@ -218,7 +218,12 @@ _DEFAULT_STACK_FEATURES = {
       "name": "hive_env_heapsize",
       "description": "Hive heapsize property defined in hive-env (AMBARI-12801)",
       "min_version": "2.2.0.0"
-     }
+    },
+    {
+      "name": "ranger_kms_hsm_support",
+      "description": "Ranger KMS HSM support (AMBARI-15752)",
+      "min_version": "2.5.0.0"
+    }
   ]
 }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index f63d660..9e54649 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -237,6 +237,8 @@ def kms(upgrade_type=None):
 
     do_keystore_setup(params.credential_provider_path, params.jdbc_alias, params.db_password)
     do_keystore_setup(params.credential_provider_path, params.masterkey_alias, params.kms_master_key_password)
+    if params.stack_support_kms_hsm and params.enable_kms_hsm:
+      do_keystore_setup(params.credential_provider_path, params.hms_partition_alias, unicode(params.hms_partition_passwd))
 
     XmlConfig("dbks-site.xml",
       conf_dir=params.kms_conf_dir,

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index 4bdbd80..ce136b2 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -207,3 +207,8 @@ ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jd
 
 jce_name = default("/hostLevelParams/jce_name", None)
 jce_source_dir = format('{tmp_dir}/jce_dir')
+
+#kms hsm support
+enable_kms_hsm = default("/configurations/dbks-site/ranger.ks.hsm.enabled", False)
+hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition.password.alias",
"ranger.kms.hsm.partition.password")
+hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None)

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
index 4cead39..f4bd028 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
@@ -195,6 +195,11 @@
       "name": "hive_env_heapsize",
       "description": "Hive heapsize property defined in hive-env (AMBARI-12801)",
       "min_version": "2.2.0.0"
-     }
+    },
+    {
+      "name": "ranger_kms_hsm_support",
+      "description": "Ranger KMS HSM support (AMBARI-15752)",
+      "min_version": "2.5.0.0"
+    }
   ]
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
new file mode 100644
index 0000000..b652574
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration>
+
+  <property>
+    <name>ranger.ks.hsm.type</name>
+    <display-name>HSM Type</display-name>
+    <value>LunaProvider</value>
+    <description>HSM type</description>
+  </property>
+
+  <property>
+    <name>ranger.ks.hsm.enabled</name>
+    <display-name>HSM Enabled</display-name>
+    <value>false</value>
+    <description>Enable HSM ?</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.ks.hsm.partition.name</name>
+    <display-name>HSM partition name</display-name>
+    <value>par19</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>ranger.ks.hsm.partition.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>HSM partition password</description>
+  </property>
+
+  <property>
+    <name>ranger.ks.hsm.partition.password.alias</name>
+    <display-name>HSM partition password alias</display-name>
+    <value>ranger.kms.hsm.partition.password</value>
+    <description>HSM partition password alias</description>
+  </property>
+
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml
new file mode 100644
index 0000000..1093e37
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="true">
+
+  <property>
+    <name>hsm_partition_password</name>
+    <display-name>HSM partition password</display-name>
+    <value></value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>HSM partition password</description>
+  </property>
+
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml
index 02fb6aa..796c9df 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml
@@ -23,7 +23,15 @@
   <services>
     <service>
       <name>RANGER_KMS</name>
-      <version>0.5.0.2.5</version>
+      <version>0.6.0.2.5</version>
+
+      <themes>
+        <theme>
+          <fileName>theme_version_2.json</fileName>
+          <default>true</default>
+        </theme>
+      </themes>
+
     </service>
   </services>
 </metainfo>

http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json
new file mode 100644
index 0000000..cce73e0
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json
@@ -0,0 +1,124 @@
+{
+  "configuration": {
+    "layouts": [
+      {
+        "name": "default",
+        "tabs": [
+          {
+            "name": "kms_hsm",
+            "display-name": "KMS HSM",
+            "layout": {
+              "tab-columns": "1",
+              "tab-rows": "1",
+              "sections": [
+                {
+                  "name": "section-kms-hms",
+                  "display-name": "",
+                  "row-index": "0",
+                  "column-index": "0",
+                  "row-span": "2",
+                  "column-span": "1",
+                  "section-columns": "1",
+                  "section-rows": "2",
+                  "subsections": [
+                    {
+                      "name": "subsection-kms-hsm-row1-col1",
+                      "display-name": "Ranger KMS HSM Enabled",
+                      "row-index": "0",
+                      "column-index": "0",
+                      "row-span": "1",
+                      "column-span": "1"
+                    },
+                    {
+                      "name": "subsection-kms-hsm-row2-col1",
+                      "display-name": "Configuration Settings",
+                      "row-index": "1",
+                      "column-index": "0",
+                      "row-span": "1",
+                      "column-span": "1",
+                      "depends-on": [
+                        {
+                          "configs": [
+                            "dbks-site/ranger.ks.hsm.enabled"
+                          ],
+                          "if": "${dbks-site/ranger.ks.hsm.enabled}",
+                          "then": {
+                            "property_value_attributes": {
+                              "visible": true
+                            }
+                          },
+                          "else": {
+                            "property_value_attributes": {
+                              "visible": false
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        ]
+      }
+    ],
+    "placement": {
+      "configuration-layout": "default",
+      "configs": [
+        {
+          "config": "dbks-site/ranger.ks.hsm.enabled",
+          "subsection-name": "subsection-kms-hsm-row1-col1"
+        },
+        {
+          "config": "dbks-site/ranger.ks.hsm.type",
+          "subsection-name": "subsection-kms-hsm-row2-col1"
+        },
+        {
+          "config": "dbks-site/ranger.ks.hsm.partition.name",
+          "subsection-name": "subsection-kms-hsm-row2-col1"
+        },
+        {
+          "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
+          "subsection-name": "subsection-kms-hsm-row2-col1"
+        },
+        {
+          "config": "kms-env/hsm_partition_password",
+          "subsection-name": "subsection-kms-hsm-row2-col1"
+        }
+      ]
+    },
+    "widgets": [
+      {
+        "config": "dbks-site/ranger.ks.hsm.enabled",
+        "widget": {
+          "type": "toggle"
+        }
+      },
+      {
+        "config": "dbks-site/ranger.ks.hsm.type",
+        "widget": {
+          "type": "text-field"
+        }
+      },
+      {
+        "config": "dbks-site/ranger.ks.hsm.partition.name",
+        "widget": {
+          "type": "text-field"
+        }
+      },
+      {
+        "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
+        "widget": {
+          "type": "text-field"
+        }
+      },
+      {
+        "config": "kms-env/hsm_partition_password",
+        "widget": {
+          "type": "password"
+        }
+      }
+    ]
+  }
+}
\ No newline at end of file


Mime
View raw message