ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject [2/2] ambari git commit: AMBARI-17462. Install Log search client package with Ranger Service(Mugdha Varadkar via gautam)
Date Tue, 28 Jun 2016 12:48:39 GMT
AMBARI-17462. Install Log search client package with Ranger Service(Mugdha Varadkar via gautam)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/82d5a0b9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/82d5a0b9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/82d5a0b9

Branch: refs/heads/branch-2.4
Commit: 82d5a0b95fac9a13ad51d184d4f7413eb5d48572
Parents: 614b4c0
Author: Gautam Borad <gautam@apache.org>
Authored: Tue Jun 28 17:04:44 2016 +0530
Committer: Gautam Borad <gautam@apache.org>
Committed: Tue Jun 28 18:18:00 2016 +0530

----------------------------------------------------------------------
 .../libraries/functions/constants.py            |   2 +-
 .../libraries/functions/package_conditions.py   |   2 +-
 .../libraries/functions/solr_cloud_util.py      |   2 +-
 .../common-services/RANGER/0.4.0/metainfo.xml   |   8 -
 .../RANGER/0.4.0/package/scripts/params.py      |  40 +++-
 .../0.4.0/package/scripts/ranger_admin.py       |   2 -
 .../0.4.0/package/scripts/setup_ranger_xml.py   |  19 +-
 .../package/templates/ranger_solr_jass_conf.j2  |  26 ++
 .../RANGER/0.6.0/configuration/ranger-env.xml   |   5 +
 .../common-services/RANGER/0.6.0/metainfo.xml   |  41 ++++
 .../HDP/2.0.6/properties/stack_features.json    |   2 +-
 .../stacks/2.5/RANGER/test_ranger_admin.py      | 240 ++++++++++++++++++-
 .../2.5/configs/ranger-admin-default.json       |  54 ++++-
 .../2.5/configs/ranger-admin-secured.json       |  54 ++++-
 14 files changed, 457 insertions(+), 40 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
index c46309e..85e04e7 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
@@ -86,7 +86,7 @@ class StackFeature:
   RANGER_KERBEROS_SUPPORT = "ranger_kerberos_support"
   HIVE_METASTORE_SITE_SUPPORT = "hive_metastore_site_support"
   RANGER_USERSYNC_PASSWORD_JCEKS = "ranger_usersync_password_jceks"
-  LOGSEARCH_SUPPORT = "logsearch_support"
+  RANGER_INSTALL_LOGSEARCH_CLIENT = "ranger_install_logsearch_client"
   HBASE_HOME_DIRECTORY = "hbase_home_directory"
   ATLAS_RANGER_PLUGIN_SUPPORT = "atlas_ranger_plugin_support"
   ATLAS_UPGRADE_SUPPORT = "atlas_upgrade_support"

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py b/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py
index ecc4f49..4a2602c 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/package_conditions.py
@@ -52,7 +52,7 @@ def should_install_logsearch_solr():
 
 def should_install_logsearch_solr_client():
   config = Script.get_config()
-  return 'role' in config and (config['role'] == "LOGSEARCH_SOLR_CLIENT" or config['role'] == 'ATLAS_SERVER')
+  return 'role' in config and (config['role'] == "LOGSEARCH_SOLR_CLIENT" or config['role'] == 'ATLAS_SERVER' or config['role'] == 'RANGER_ADMIN')
 
 def should_install_logsearch_portal():
   config = Script.get_config()

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py b/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
index bab65dc..038f64d 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
@@ -46,7 +46,7 @@ def upload_configuration_to_zk(zookeeper_quorum, solr_znode, config_set, config_
   """
   solr_cli_prefix = __create_solr_cloud_cli_prefix(zookeeper_quorum, solr_znode, java64_home)
   Execute(format('{solr_cli_prefix} --download-config --config-dir {tmp_config_set_dir} --config-set {config_set} --retry {retry} --interval {interval}'),
-          only_if=as_user(format("{solr_cli_prefix} --check-config --config-set{config_set} --retry {retry} --interval {interval}"), user),
+          only_if=as_user(format("{solr_cli_prefix} --check-config --config-set {config_set} --retry {retry} --interval {interval}"), user),
           user=user
           )
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml
index 40ad69f..92527c3 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml
@@ -96,10 +96,6 @@
             <package>
               <name>ranger_${stack_version}-usersync</name>
             </package>
-            <package>
-              <name>ranger_${stack_version}-tagsync</name>
-              <condition>should_install_ranger_tagsync</condition>
-            </package>
           </packages>
         </osSpecific>
         <osSpecific>
@@ -111,10 +107,6 @@
             <package>
               <name>ranger-${stack_version}-usersync</name>
             </package>
-            <package>
-              <name>ranger-${stack_version}-tagsync</name>
-              <condition>should_install_ranger_tagsync</condition>
-            </package>
           </packages>
         </osSpecific>
       </osSpecifics>

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 817d3f7..e708843 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -64,7 +64,7 @@ stack_supports_ranger_audit_db = stack_version_formatted and check_stack_feature
 stack_supports_ranger_log4j =  stack_version_formatted and check_stack_feature(StackFeature.RANGER_LOG4J_SUPPORT, stack_version_formatted)
 stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, stack_version_formatted)
 stack_supports_usersync_passwd = stack_version_formatted and check_stack_feature(StackFeature.RANGER_USERSYNC_PASSWORD_JCEKS, stack_version_formatted)
-stack_supports_logsearch = stack_version_formatted and check_stack_feature(StackFeature.LOGSEARCH_SUPPORT, stack_version_formatted)
+stack_supports_logsearch_client = stack_version_formatted and check_stack_feature(StackFeature.RANGER_INSTALL_LOGSEARCH_CLIENT, stack_version_formatted)
 stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_PID_SUPPORT, stack_version_formatted)
 
 downgrade_from_version = default("/commandParams/downgrade_from_version", None)
@@ -263,24 +263,33 @@ ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["rang
 ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set']
 ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name']
 ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards']
-zookeeper_hosts_list = config['clusterHostInfo']['zookeeper_hosts']
-zookeeper_hosts_list.sort()
-zookeeper_hosts = ",".join(zookeeper_hosts_list)
-logsearch_solr_znode = config['configurations']['logsearch-solr-env']['logsearch_solr_znode']
+replication_factor = config['configurations']['ranger-env']['ranger_solr_replication_factor']
 ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
 logsearch_solr_hosts = default("/clusterHostInfo/logsearch_solr_hosts", [])
-replication_factor = 2 if len(logsearch_solr_hosts) > 1 else 1
 has_logsearch = len(logsearch_solr_hosts) > 0
 is_solrCloud_enabled = default('/configurations/ranger-env/is_solrCloud_enabled', False)
+solr_znode = '/ranger_audits'
+if is_solrCloud_enabled:
+  solr_znode = config['configurations']['ranger-admin-site']['ranger.audit.solr.zookeepers']
+  if solr_znode != '' and solr_znode.upper() != 'NONE':
+    solr_znode = solr_znode.split('/')[1]
+    solr_znode = format('/{solr_znode}')
+  if has_logsearch:
+    solr_znode = config['configurations']['logsearch-solr-env']['logsearch_solr_znode']
+solr_user = default('/configurations/logsearch-solr-env/logsearch_solr_user', unix_user)
+custom_log4j = True if has_logsearch else False
+
+# get comma separated list of zookeeper hosts
 zookeeper_port = default('/configurations/zoo.cfg/clientPort', None)
-# get comma separated list of zookeeper hosts from clusterHostInfo
+zookeeper_hosts = default("/clusterHostInfo/zookeeper_hosts", [])
 index = 0
 zookeeper_quorum = ""
-for host in config['clusterHostInfo']['zookeeper_hosts']:
+for host in zookeeper_hosts:
   zookeeper_quorum += host + ":" + str(zookeeper_port)
   index += 1
-  if index < len(config['clusterHostInfo']['zookeeper_hosts']):
+  if index < len(zookeeper_hosts):
     zookeeper_quorum += ","
+solr_jaas_file = None
 
 if security_enabled:
   if has_ranger_tagsync:
@@ -288,6 +297,19 @@ if security_enabled:
     tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
     tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
 
+  if stack_supports_ranger_kerberos:
+    ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
+    ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
+    ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab']
+
+    if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+      if stack_supports_logsearch_client and is_solrCloud_enabled:
+        solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jass.conf')
+        solr_kerberos_principal = ranger_admin_jaas_principal
+        solr_kerberos_keytab = ranger_admin_keytab
+    else:
+      solr_jaas_file = None
+
 # logic to create core-site.xml if hdfs not installed
 if stack_supports_ranger_kerberos and not has_namenode:
   core_site_property = {

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
index f48720c..6367281 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
@@ -82,8 +82,6 @@ class RangerAdmin(Script):
     env.set_params(params)
     self.configure(env, upgrade_type=upgrade_type)
 
-    if params.stack_supports_logsearch and params.has_logsearch and params.is_solrCloud_enabled:
-      setup_ranger_audit_solr()
     ranger_service('ranger_admin')
 
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index e1b5bc5..23bb764 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -22,7 +22,7 @@ import re
 import random
 from resource_management.core.logger import Logger
 from resource_management.core.resources.system import File, Directory, Execute, Link
-from resource_management.core.source import DownloadSource, InlineTemplate
+from resource_management.core.source import DownloadSource, InlineTemplate, Template
 from resource_management.libraries.resources.xml_config import XmlConfig
 from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
 from resource_management.libraries.resources.properties_file import PropertiesFile
@@ -191,6 +191,10 @@ def setup_ranger_admin(upgrade_type=None):
 
   create_core_site_xml(ranger_conf)
 
+  if params.stack_supports_logsearch_client and params.is_solrCloud_enabled:
+    solr_cloud_util.setup_solr_client(params.config, user = params.solr_user, custom_log4j = params.custom_log4j)
+    setup_ranger_audit_solr()
+
 def setup_ranger_db(stack_version=None):
   import params
   
@@ -557,9 +561,15 @@ def setup_ranger_audit_solr():
   random_num = random.random()
   tmp_config_set_folder = format('{tmp_dir}/ranger_config_{ranger_solr_config_set}_{random_num}')
 
+  if params.security_enabled and params.stack_supports_ranger_kerberos:
+    File(format("{solr_jaas_file}"),
+      content=Template("ranger_solr_jass_conf.j2"),
+      owner=params.unix_user
+    )
+
   solr_cloud_util.upload_configuration_to_zk(
     zookeeper_quorum = params.zookeeper_quorum,
-    solr_znode = params.logsearch_solr_znode,
+    solr_znode = params.solr_znode,
     config_set = params.ranger_solr_config_set,
     config_set_dir = params.ranger_solr_conf,
     tmp_config_set_dir = tmp_config_set_folder,
@@ -569,10 +579,11 @@ def setup_ranger_audit_solr():
 
   solr_cloud_util.create_collection(
     zookeeper_quorum = params.zookeeper_quorum,
-    solr_znode = params.logsearch_solr_znode,
+    solr_znode = params.solr_znode,
     collection = params.ranger_solr_collection_name,
     config_set = params.ranger_solr_config_set,
     java64_home = params.java_home,
     user = params.unix_user,
     shards = params.ranger_solr_shards,
-    replication_factor = params.replication_factor)
+    replication_factor = int(params.replication_factor),
+    jaas_file = params.solr_jaas_file)

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
new file mode 100644
index 0000000..a456688
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
@@ -0,0 +1,26 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+
+Client {
+  com.sun.security.auth.module.Krb5LoginModule required
+  useKeyTab=true
+  storeKey=true
+  useTicketCache=false
+  keyTab="{{solr_kerberos_keytab}}"
+  principal="{{solr_kerberos_principal}}";
+};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
index eff0cd2..6b6c0bc 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
@@ -40,6 +40,11 @@
     <on-ambari-upgrade add="true"/>
   </property>
   <property>
+    <name>ranger_solr_replication_factor</name>
+    <value>1</value>
+    <on-ambari-upgrade add="true"/>
+  </property>
+  <property>
     <name>ranger-atlas-plugin-enabled</name>
     <value>No</value>
     <display-name>Atlas Ranger Plugin</display-name>

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
index adfb8ff..4e7458a 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml
@@ -53,6 +53,47 @@
         </theme>
       </themes>
 
+      <osSpecifics>
+        <osSpecific>
+          <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+          <packages>
+            <package>
+              <name>ranger_${stack_version}-admin</name>
+            </package>
+            <package>
+              <name>ranger_${stack_version}-usersync</name>
+            </package>
+            <package>
+              <name>ranger_${stack_version}-tagsync</name>
+              <condition>should_install_ranger_tagsync</condition>
+            </package>
+            <package>
+              <name>ambari-logsearch-solr-client</name>
+              <condition>should_install_logsearch_solr_client</condition>
+            </package>
+          </packages>
+        </osSpecific>
+        <osSpecific>
+          <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
+          <packages>
+            <package>
+              <name>ranger-${stack_version}-admin</name>
+            </package>
+            <package>
+              <name>ranger-${stack_version}-usersync</name>
+            </package>
+            <package>
+              <name>ranger-${stack_version}-tagsync</name>
+              <condition>should_install_ranger_tagsync</condition>
+            </package>
+            <package>
+              <name>ambari-logsearch-solr-client</name>
+              <condition>should_install_logsearch_solr_client</condition>
+            </package>
+          </packages>
+        </osSpecific>
+      </osSpecifics>
+
       <configuration-dependencies>
         <config-type>admin-log4j</config-type>
         <config-type>usersync-log4j</config-type>

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
index 789c5ba..ca000d1 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
@@ -227,7 +227,7 @@
       "min_version": "2.5.0.0"
     },
     {
-      "name": "logsearch_support",
+      "name": "ranger_install_logsearch_client",
       "description": "LogSearch Service support",
       "min_version": "2.5.0.0"
     },

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
index 9b3c631..9b2ef3f 100644
--- a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
+++ b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
@@ -85,7 +85,26 @@ class TestRangerAdmin(RMFTestCase):
       stack_version = self.STACK_VERSION,
       target = RMFTestCase.TARGET_COMMON_SERVICES
     )
-    self.assert_configure_default()
+    self.assert_configure_secured()
+    self.assertTrue(isfile_mock.called)
+    self.assertNoMoreResources()
+
+  @patch("os.path.isfile")
+  def test_start_secured(self, isfile_mock):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py",
+      classname = "RangerAdmin",
+      command = "start",
+      config_file="ranger-admin-secured.json",
+      stack_version = self.STACK_VERSION,
+      target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_secured()
+    self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start',
+      environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+      not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep',
+      user = 'ranger',
+    )
+
     self.assertTrue(isfile_mock.called)
     self.assertNoMoreResources()
 
@@ -230,3 +249,222 @@ class TestRangerAdmin(RMFTestCase):
       configuration_attributes = self.getConfig()['configuration_attributes']['core-site'],
       mode = 0644
     )
+    self.assertResourceCalled('Directory', '/var/log/ambari-logsearch-solr-client',
+        owner = 'logsearch-solr',
+        group = 'hadoop',
+        create_parents = True,
+        mode = 0755,
+        cd_access = 'a',
+    )
+    self.assertResourceCalled('Directory', '/usr/lib/ambari-logsearch-solr-client',
+        group = 'hadoop',
+        cd_access = 'a',
+        create_parents = True,
+        mode = 0755,
+        owner = 'logsearch-solr',
+        recursive_ownership = True,
+    )
+    self.assertResourceCalled('File', '/usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh',
+        content = StaticFile('/usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh'),
+        owner = 'logsearch-solr',
+        group = 'hadoop',
+        mode = 0755,
+    )
+    self.assertResourceCalled('File', '/usr/lib/ambari-logsearch-solr-client/log4j.properties',
+        owner = 'logsearch-solr',
+        content = InlineTemplate(self.getConfig()['configurations']['logsearch-solr-client-log4j']['content']),
+        group = 'hadoop',
+        mode = 0644,
+    )
+    self.assertResourceCalled('File', '/var/log/ambari-logsearch-solr-client/solr-client.log',
+        content = '',
+        owner = 'logsearch-solr',
+        group = 'hadoop',
+        mode = 0664,
+    )
+    self.assertResourceCalledRegexp('^Execute$', '^export JAVA_HOME=/usr/jdk64/jdk1.7.0_45 ; /usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr --download-config --config-dir /tmp/ranger_config_ranger_audits_0.[0-9]* --config-set ranger_audits --retry 30 --interval 5')
+    self.assertResourceCalledRegexp('^Execute$', '^export JAVA_HOME=/usr/jdk64/jdk1.7.0_45 ; /usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr --upload-config --config-dir /usr/hdp/current/ranger-admin/contrib/solr_for_audit_setup/conf --config-set ranger_audits --retry 30 --interval 5')
+    self.assertResourceCalledRegexp('^Execute$', '^export JAVA_HOME=/usr/jdk64/jdk1.7.0_45 ; /usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr --create-collection --collection ranger_audits --config-set ranger_audits --shards 1 --replication 1 --max-shards 1 --retry 5 --interval 10')
+
+  def assert_configure_secured(self):
+
+    self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-admin/conf',
+      owner = 'ranger',
+      group = 'ranger',
+      create_parents = True
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java-old.jar',
+        action = ['delete'],
+    )
+
+    self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar',
+      content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-connector-java.jar'),
+      mode = 0644
+    )
+
+    self.assertResourceCalled('Execute', ('cp', '--remove-destination', '/tmp/mysql-connector-java.jar', '/usr/hdp/current/ranger-admin/ews/lib'),
+      sudo = True,
+      path = ['/bin', '/usr/bin/']
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar',
+      mode = 0644
+    )
+
+    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties',
+      properties = self.getConfig()['configurations']['admin-properties'],
+      owner = 'ranger'
+    )
+
+    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties',
+      owner = 'ranger',
+      properties = {'SQL_CONNECTOR_JAR': '/usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar'}
+    )
+
+    self.assertResourceCalled('File', '/usr/lib/ambari-agent/DBConnectionVerification.jar',
+      content = DownloadSource('http://c6401.ambari.apache.org:8080/resources/DBConnectionVerification.jar'),
+      mode = 0644
+    )
+
+    self.assertResourceCalled('Execute',
+      '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/hdp/current/ranger-admin/ews/lib/mysql-connector-java.jar:/usr/hdp/current/ranger-admin/ews/lib/* org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6401.ambari.apache.org:3306/ranger01\' rangeradmin01 rangeradmin01 com.mysql.jdbc.Driver',
+      path=['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'],
+      tries=5,
+      try_sleep=10,
+      environment = {}
+    )
+
+    self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf', '/usr/hdp/current/ranger-admin/conf'),
+      not_if = 'ls /usr/hdp/current/ranger-admin/conf',
+      only_if = 'ls /usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/classes/conf',
+      sudo = True
+    )
+
+    self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-admin/',
+      owner='ranger',
+      group='ranger',
+      recursive_ownership = True
+    )
+
+    self.assertResourceCalled('Directory', '/var/run/ranger',
+      mode=0755,
+      owner = 'ranger',
+      group = 'hadoop',
+      cd_access = "a",
+      create_parents=True
+    )
+
+    self.assertResourceCalled('Directory', '/var/log/ranger/admin',
+      owner='ranger',
+      group='ranger',
+      create_parents = True,
+      cd_access = 'a',
+      mode = 0755
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/conf/ranger-admin-env-logdir.sh',
+      content = 'export RANGER_ADMIN_LOG_DIR=/var/log/ranger/admin',
+      owner = 'ranger',
+      group = 'ranger',
+      mode = 0755
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/conf/ranger-admin-default-site.xml',
+      owner = 'ranger',
+      group = 'ranger'
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/conf/security-applicationContext.xml',
+      owner = 'ranger',
+      group = 'ranger'
+    )
+
+    self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh', '/usr/bin/ranger-admin'),
+      not_if = 'ls /usr/bin/ranger-admin',
+      only_if = 'ls /usr/hdp/current/ranger-admin/ews/ranger-admin-services.sh',
+      sudo = True
+    )
+
+    self.assertResourceCalled('XmlConfig', 'ranger-admin-site.xml',
+      owner = 'ranger',
+      group = 'ranger',
+      conf_dir = '/usr/hdp/current/ranger-admin/conf',
+      configurations = self.getConfig()['configurations']['ranger-admin-site'],
+      configuration_attributes = self.getConfig()['configuration_attributes']['ranger-admin-site'],
+      mode = 0644
+    )
+
+    self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-admin/conf/ranger_jaas',
+      owner ='ranger',
+      group ='ranger',
+      mode = 0700
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/ews/webapp/WEB-INF/log4j.properties',
+      owner = 'ranger',
+      group = 'ranger',
+      content = self.getConfig()['configurations']['admin-log4j']['content'],
+      mode = 0644
+    )
+
+    self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-admin/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'rangeradmin', '-value', 'rangeradmin01', '-provider', 'jceks://file/etc/ranger/admin/rangeradmin.jceks'),
+      environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+      logoutput=True,
+      sudo = True
+    )
+
+    self.assertResourceCalled('File', '/etc/ranger/admin/rangeradmin.jceks',
+      owner = 'ranger',
+      group = 'ranger',
+      mode = 0640
+    )
+
+    self.assertResourceCalled('XmlConfig', 'core-site.xml',
+      owner = 'ranger',
+      group = 'ranger',
+      conf_dir = '/usr/hdp/current/ranger-admin/conf',
+      configurations = self.getConfig()['configurations']['core-site'],
+      configuration_attributes = self.getConfig()['configuration_attributes']['core-site'],
+      mode = 0644
+    )
+    self.assertResourceCalled('Directory', '/var/log/ambari-logsearch-solr-client',
+        owner = 'logsearch-solr',
+        group = 'hadoop',
+        create_parents = True,
+        mode = 0755,
+        cd_access = 'a',
+    )
+    self.assertResourceCalled('Directory', '/usr/lib/ambari-logsearch-solr-client',
+        group = 'hadoop',
+        cd_access = 'a',
+        create_parents = True,
+        mode = 0755,
+        owner = 'logsearch-solr',
+        recursive_ownership = True,
+    )
+    self.assertResourceCalled('File', '/usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh',
+        content = StaticFile('/usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh'),
+        owner = 'logsearch-solr',
+        group = 'hadoop',
+        mode = 0755,
+    )
+    self.assertResourceCalled('File', '/usr/lib/ambari-logsearch-solr-client/log4j.properties',
+        owner = 'logsearch-solr',
+        content = InlineTemplate(self.getConfig()['configurations']['logsearch-solr-client-log4j']['content']),
+        group = 'hadoop',
+        mode = 0644,
+    )
+    self.assertResourceCalled('File', '/var/log/ambari-logsearch-solr-client/solr-client.log',
+        content = '',
+        owner = 'logsearch-solr',
+        group = 'hadoop',
+        mode = 0664,
+    )
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-admin/conf/ranger_solr_jass.conf',
+      content = Template('ranger_solr_jass_conf.j2'),
+      owner = 'ranger',
+    )
+    self.assertResourceCalledRegexp('^Execute$', '^export JAVA_HOME=/usr/jdk64/jdk1.7.0_45 ; /usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr --download-config --config-dir /tmp/ranger_config_ranger_audits_0.[0-9]* --config-set ranger_audits --retry 30 --interval 5')
+    self.assertResourceCalledRegexp('^Execute$', '^export JAVA_HOME=/usr/jdk64/jdk1.7.0_45 ; /usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr --upload-config --config-dir /usr/hdp/current/ranger-admin/contrib/solr_for_audit_setup/conf --config-set ranger_audits --retry 30 --interval 5')
+    self.assertResourceCalledRegexp('^Execute$', '^export JAVA_HOME=/usr/jdk64/jdk1.7.0_45 ; /usr/lib/ambari-logsearch-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr --create-collection --collection ranger_audits --config-set ranger_audits --shards 1 --replication 1 --max-shards 1 --retry 5 --interval 10')    
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
index 53da262..67b00a1 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
@@ -8,7 +8,9 @@
         "ZOOKEEPER_CLIENT", 
         "RANGER_USERSYNC", 
         "RANGER_ADMIN", 
-        "RANGER_TAGSYNC"
+        "RANGER_TAGSYNC",
+        "LOGSEARCH_SOLR",
+        "LOGSEARCH_SOLR_CLIENT"
     ], 
     "configuration_attributes": {
         "ranger-hdfs-audit": {}, 
@@ -48,7 +50,9 @@
         "tagsync-log4j": {}, 
         "ranger-hdfs-security": {}, 
         "usersync-properties": {}, 
-        "zookeeper-env": {}, 
+        "zookeeper-env": {},
+        "logsearch-solr-env": {},
+        "logsearch-solr-client-log4j": {},
         "cluster-env": {}
     }, 
     "public_hostname": "c6401.ambari.apache.org", 
@@ -143,7 +147,13 @@
         }, 
         "zookeeper-env": {
             "tag": "version1"
-        }, 
+        },
+        "logsearch-solr-env": {
+            "tag": "version1467098537360"
+        },
+        "logsearch-solr-client-log4j": {
+            "tag": "version1467096917836"
+        },
         "cluster-env": {
             "tag": "version1"
         }
@@ -235,6 +245,9 @@
         ], 
         "zookeeper_hosts": [
             "c6401.ambari.apache.org"
+        ],
+        "logsearch_solr_hosts": [
+            "c6401.ambari.apache.org"
         ]
     }, 
     "configurations": {
@@ -292,7 +305,7 @@
             "ranger.truststore.password": "changeit", 
             "ranger.ldap.bind.password": "{{ranger_usersync_ldap_ldapbindpassword}}", 
             "ranger.audit.solr.password": "NONE", 
-            "ranger.audit.solr.zookeepers": "NONE", 
+            "ranger.audit.solr.zookeepers": "c6401.ambari.apache.org:2181/ambari-solr",
             "ranger.lookup.kerberos.principal": "", 
             "ranger.service.https.port": "6182", 
             "ranger.plugins.storm.serviceuser": "storm", 
@@ -346,6 +359,7 @@
             "ranger_solr_shards": "1", 
             "ranger_solr_config_set": "ranger_audits", 
             "ranger_user": "ranger", 
+            "ranger_solr_replication_factor": "1",
             "xml_configurations_supported": "true", 
             "ranger-atlas-plugin-enabled": "No", 
             "ranger-hbase-plugin-enabled": "No", 
@@ -353,7 +367,7 @@
             "bind_anonymous": "false", 
             "ranger_admin_username": "amb_ranger_admin", 
             "admin_password": "admin", 
-            "is_solrCloud_enabled": "false", 
+            "is_solrCloud_enabled": "true", 
             "ranger-storm-plugin-enabled": "No", 
             "ranger-hdfs-plugin-enabled": "No", 
             "ranger_group": "ranger", 
@@ -630,7 +644,35 @@
             "zk_server_heapsize": "1024m", 
             "zk_pid_dir": "/var/run/zookeeper", 
             "zk_user": "zookeeper"
-        }, 
+        },
+        "logsearch-solr-env": {
+            "logsearch_solr_datadir": "/opt/logsearch_solr/data", 
+            "logsearch_solr_keystore_location": "/etc/security/serverKeys/logsearch.keyStore.jks", 
+            "logsearch_solr_kerberos_name_rules": "DEFAULT", 
+            "logsearch_solr_user": "logsearch-solr", 
+            "logsearch_solr_maxmem": "1024", 
+            "content": "#!/bin/bash\n# Licensed to the Apache Software Foundation (ASF) under one or more\n# contributor license agreements. See the NOTICE file distributed with\n# this work for additional information regarding copyright ownership.\n# The ASF licenses this file to You under the Apache License, Version 2.0\n# (the \"License\"); you may not use this file except in compliance with\n# the License. You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# By default the script will use JAVA_HOME to determine which java\n# to use, but you can set a specific path for Solr to use without\n# affecting other Java applica
 tions on your server/workstation.\nSOLR_JAVA_HOME={{java64_home}}\n\n# Increase Java Min/Max Heap as needed to support your indexing / query needs\nSOLR_JAVA_MEM=\"-Xms{{logsearch_solr_min_mem}}m -Xmx{{logsearch_solr_max_mem}}m\"\n\n# Enable verbose GC logging\nGC_LOG_OPTS=\"-verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails \\\n-XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime\"\n\n# These GC settings have shown to work well for a number of common Solr workloads\nGC_TUNE=\"-XX:NewRatio=3 \\\n-XX:SurvivorRatio=4 \\\n-XX:TargetSurvivorRatio=90 \\\n-XX:MaxTenuringThreshold=8 \\\n-XX:+UseConcMarkSweepGC \\\n-XX:+UseParNewGC \\\n-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 \\\n-XX:+CMSScavengeBeforeRemark \\\n-XX:PretenureSizeThreshold=64m \\\n-XX:+UseCMSInitiatingOccupancyOnly \\\n-XX:CMSInitiatingOccupancyFraction=50 \\\n-XX:CMSMaxAbortablePrecleanTime=6000 \\\n-XX:+CMSParallelRemarkEnabled \\\n-XX:+ParallelRefProcEnabled\"\
 n\n# Set the ZooKeeper connection string if using an external ZooKeeper ensemble\n# e.g. host1:2181,host2:2181/chroot\n# Leave empty if not using SolrCloud\nZK_HOST=\"{{zookeeper_quorum}}{{logsearch_solr_znode}}\"\n\n# Set the ZooKeeper client timeout (for SolrCloud mode)\nZK_CLIENT_TIMEOUT=\"60000\"\n\n# By default the start script uses \"localhost\"; override the hostname here\n# for production SolrCloud environments to control the hostname exposed to cluster state\n#SOLR_HOST=\"192.168.1.1\"\n\n# By default the start script uses UTC; override the timezone if needed\n#SOLR_TIMEZONE=\"UTC\"\n\n# Set to true to activate the JMX RMI connector to allow remote JMX client applications\n# to monitor the JVM hosting Solr; set to \"false\" to disable that behavior\n# (false is recommended in production environments)\nENABLE_REMOTE_JMX_OPTS=\"true\"\n\n# The script will use SOLR_PORT+10000 for the RMI_PORT or you can set it here\nRMI_PORT={{logsearch_solr_jmx_port}}\n\n# Anything you add to
  the SOLR_OPTS variable will be included in the java\n# start command line as-is, in ADDITION to other options. If you specify the\n# -a option on start script, those options will be appended as well. Examples:\n#SOLR_OPTS=\"$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000\"\n#SOLR_OPTS=\"$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000\"\n#SOLR_OPTS=\"$SOLR_OPTS -Dsolr.clustering.enabled=true\"\n\n# Location where the bin/solr script will save PID files for running instances\n# If not set, the script will create PID files in $SOLR_TIP/bin\nSOLR_PID_DIR={{logsearch_solr_piddir}}\n\n# Path to a directory where Solr creates index files, the specified directory\n# must contain a solr.xml; by default, Solr will use server/solr\nSOLR_HOME={{logsearch_solr_datadir}}\n\n# Solr provides a default Log4J configuration properties file in server/resources\n# however, you may want to customize the log settings and file appender location\n# so you can point the script to use a different log4j.properties f
 ile\nLOG4J_PROPS={{logsearch_solr_conf}}/log4j.properties\n\n# Location where Solr should write logs to; should agree with the file appender\n# settings in server/resources/log4j.properties\nSOLR_LOGS_DIR={{logsearch_solr_log_dir}}\n\n# Sets the port Solr binds to, default is 8983\nSOLR_PORT={{logsearch_solr_port}}\n\n# Be sure to update the paths to the correct keystore for your environment\n{% if logsearch_solr_ssl_enabled %}\nSOLR_SSL_KEY_STORE={{logsearch_solr_keystore_location}}\nSOLR_SSL_KEY_STORE_PASSWORD={{logsearch_solr_keystore_password}}\nSOLR_SSL_TRUST_STORE={{logsearch_solr_keystore_location}}\nSOLR_SSL_TRUST_STORE_PASSWORD={{logsearch_solr_keystore_password}}\nSOLR_SSL_NEED_CLIENT_AUTH=false\nSOLR_SSL_WANT_CLIENT_AUTH=false\n{% endif %}\n\n# Uncomment to set a specific SSL port (-Djetty.ssl.port=N); if not set\n# and you are using SSL, then the start script will use SOLR_PORT for the SSL port\n#SOLR_SSL_PORT=\n\n{% if security_enabled -%}\nSOLR_HOST=`hostname -f`\nSOLR
 _JAAS_FILE={{logsearch_solr_jaas_file}}\nSOLR_KERB_KEYTAB={{logsearch_solr_web_kerberos_keytab}}\nSOLR_KERB_PRINCIPAL={{logsearch_solr_web_kerberos_principal}}\nSOLR_KERB_NAME_RULES={{logsearch_solr_kerberos_name_rules}}\n\nSOLR_AUTHENTICATION_CLIENT_CONFIGURER=\"org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer\"\nSOLR_AUTHENTICATION_OPTS=\" -DauthenticationPlugin=org.apache.solr.security.KerberosPlugin -Djava.security.auth.login.config=$SOLR_JAAS_FILE -Dsolr.kerberos.principal=${SOLR_KERB_PRINCIPAL} -Dsolr.kerberos.keytab=${SOLR_KERB_KEYTAB} -Dsolr.kerberos.cookie.domain=${SOLR_HOST} -Dsolr.kerberos.name.rules=${SOLR_KERB_NAME_RULES}\"\n{% endif %}", 
+            "logsearch_solr_pid_dir": "/var/run/ambari-logsearch-solr", 
+            "logsearch_solr_truststore_password": "bigdata", 
+            "logsearch_solr_truststore_type": "jks", 
+            "logsearch_solr_keystore_type": "jks", 
+            "logsearch_solr_log_dir": "/var/log/ambari-logsearch-solr", 
+            "logsearch_solr_web_kerberos_keytab": "/etc/security/keytabs/spnego.service.keytab", 
+            "logsearch_solr_ssl_enabled": "false", 
+            "logsearch_solr_client_log_dir": "/var/log/ambari-logsearch-solr-client", 
+            "logsearch_solr_web_kerberos_principal": "HTTP/_HOST@EXAMPLE.COM", 
+            "logsearch_solr_znode": "/ambari-solr", 
+            "logsearch_solr_keystore_password": "bigdata", 
+            "logsearch_solr_port": "8886", 
+            "logsearch_solr_kerberos_principal": "logsearch-solr/_HOST@EXAMPLE.COM", 
+            "logsearch_solr_jmx_port": "18886", 
+            "logsearch_solr_truststore_location": "/etc/security/serverKeys/logsearch.trustStore.jks", 
+            "logsearch_solr_minmem": "512", 
+            "logsearch_solr_kerberos_keytab": "/etc/security/keytabs/logsearch-solr.service.keytab"
+        },
+        "logsearch-solr-client-log4j": {
+            "content": "# Copyright 2011 The Apache Software Foundation\n#\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements.  See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership.  The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License.  You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\nlog4j.rootLogger=INFO,file,stdout,stderr\n\nlog4j.appender.file=org.apache.log4j.RollingFileAppender\nlog4j.appender
 .file.File={{logsearch_solr_client_log}}\nlog4j.appender.file.MaxFileSize=80MB\nlog4j.appender.file.MaxBackupIndex=60\nlog4j.appender.file.layout=org.apache.log4j.PatternLayout\nlog4j.appender.file.layout.ConversionPattern=%d{DATE} %5p [%t] %c{1}:%L - %m%n\n\nlog4j.appender.stdout=org.apache.log4j.ConsoleAppender\nlog4j.appender.stdout.Threshold=INFO\nlog4j.appender.stdout.Target=System.out\nlog4j.appender.stdout.layout=org.apache.log4j.PatternLayout\nlog4j.appender.stdout.layout.ConversionPattern=%m%n\n\nlog4j.appender.stderr=org.apache.log4j.ConsoleAppender\nlog4j.appender.stderr.Threshold=ERROR\nlog4j.appender.stderr.Target=System.err\nlog4j.appender.stderr.layout=org.apache.log4j.PatternLayout\nlog4j.appender.stderr.layout.ConversionPattern=%m%n"
+        },
         "cluster-env": {
             "security_enabled": "false", 
             "override_uid": "true", 

http://git-wip-us.apache.org/repos/asf/ambari/blob/82d5a0b9/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
index 14571bd..9911e10 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
@@ -9,7 +9,9 @@
         "RANGER_USERSYNC", 
         "ZOOKEEPER_SERVER", 
         "ZOOKEEPER_CLIENT", 
-        "KERBEROS_CLIENT"
+        "KERBEROS_CLIENT",
+        "LOGSEARCH_SOLR",
+        "LOGSEARCH_SOLR_CLIENT"
     ], 
     "configuration_attributes": {
         "ranger-hdfs-audit": {}, 
@@ -51,7 +53,9 @@
         "tagsync-log4j": {}, 
         "ranger-hdfs-security": {}, 
         "usersync-properties": {}, 
-        "zookeeper-env": {}, 
+        "zookeeper-env": {},
+        "logsearch-solr-env": {},
+        "logsearch-solr-client-log4j": {},
         "cluster-env": {}
     }, 
     "public_hostname": "c6401.ambari.apache.org", 
@@ -152,7 +156,13 @@
         }, 
         "zookeeper-env": {
             "tag": "version1467016680492"
-        }, 
+        },
+        "logsearch-solr-env": {
+            "tag": "version1467098537360"
+        },
+        "logsearch-solr-client-log4j": {
+            "tag": "version1467096917836"
+        },
         "cluster-env": {
             "tag": "version1467016680567"
         }
@@ -244,6 +254,9 @@
         ], 
         "zookeeper_hosts": [
             "c6401.ambari.apache.org"
+        ],
+        "logsearch_solr_hosts": [
+            "c6401.ambari.apache.org"
         ]
     }, 
     "configurations": {
@@ -301,7 +314,7 @@
             "ranger.truststore.password": "changeit", 
             "ranger.ldap.bind.password": "{{ranger_usersync_ldap_ldapbindpassword}}", 
             "ranger.audit.solr.password": "NONE", 
-            "ranger.audit.solr.zookeepers": "NONE", 
+            "ranger.audit.solr.zookeepers": "c6401.ambari.apache.org:2181/ambari-solr", 
             "ranger.lookup.kerberos.principal": "rangerlookup/_HOST@EXAMPLE.COM",
             "ranger.service.https.port": "6182", 
             "ranger.plugins.storm.serviceuser": "storm", 
@@ -364,6 +377,7 @@
             "ranger_solr_shards": "1", 
             "ranger_solr_config_set": "ranger_audits", 
             "ranger_user": "ranger", 
+            "ranger_solr_replication_factor": "1",
             "xml_configurations_supported": "true", 
             "ranger-atlas-plugin-enabled": "No", 
             "ranger-hbase-plugin-enabled": "No", 
@@ -371,7 +385,7 @@
             "bind_anonymous": "false", 
             "ranger_admin_username": "amb_ranger_admin", 
             "admin_password": "admin", 
-            "is_solrCloud_enabled": "false", 
+            "is_solrCloud_enabled": "true", 
             "ranger-storm-plugin-enabled": "No", 
             "ranger-hdfs-plugin-enabled": "No", 
             "ranger_group": "ranger", 
@@ -696,7 +710,35 @@
             "content": "\nexport JAVA_HOME={{java64_home}}\nexport ZOOKEEPER_HOME={{zk_home}}\nexport ZOO_LOG_DIR={{zk_log_dir}}\nexport ZOOPIDFILE={{zk_pid_file}}\nexport SERVER_JVMFLAGS={{zk_server_heapsize}}\nexport JAVA=$JAVA_HOME/bin/java\nexport CLASSPATH=$CLASSPATH:/usr/share/zookeeper/*\n\n{% if security_enabled %}\nexport SERVER_JVMFLAGS=\"$SERVER_JVMFLAGS -Djava.security.auth.login.config={{zk_server_jaas_file}}\"\nexport CLIENT_JVMFLAGS=\"$CLIENT_JVMFLAGS -Djava.security.auth.login.config={{zk_client_jaas_file}}\"\n{% endif %}", 
             "zk_pid_dir": "/var/run/zookeeper", 
             "zookeeper_principal_name": "zookeeper/_HOST@EXAMPLE.COM"
-        }, 
+        },
+        "logsearch-solr-env": {
+            "logsearch_solr_datadir": "/opt/logsearch_solr/data", 
+            "logsearch_solr_keystore_location": "/etc/security/serverKeys/logsearch.keyStore.jks", 
+            "logsearch_solr_kerberos_name_rules": "DEFAULT", 
+            "logsearch_solr_user": "logsearch-solr", 
+            "logsearch_solr_maxmem": "1024", 
+            "content": "#!/bin/bash\n# Licensed to the Apache Software Foundation (ASF) under one or more\n# contributor license agreements. See the NOTICE file distributed with\n# this work for additional information regarding copyright ownership.\n# The ASF licenses this file to You under the Apache License, Version 2.0\n# (the \"License\"); you may not use this file except in compliance with\n# the License. You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n# By default the script will use JAVA_HOME to determine which java\n# to use, but you can set a specific path for Solr to use without\n# affecting other Java applica
 tions on your server/workstation.\nSOLR_JAVA_HOME={{java64_home}}\n\n# Increase Java Min/Max Heap as needed to support your indexing / query needs\nSOLR_JAVA_MEM=\"-Xms{{logsearch_solr_min_mem}}m -Xmx{{logsearch_solr_max_mem}}m\"\n\n# Enable verbose GC logging\nGC_LOG_OPTS=\"-verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails \\\n-XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime\"\n\n# These GC settings have shown to work well for a number of common Solr workloads\nGC_TUNE=\"-XX:NewRatio=3 \\\n-XX:SurvivorRatio=4 \\\n-XX:TargetSurvivorRatio=90 \\\n-XX:MaxTenuringThreshold=8 \\\n-XX:+UseConcMarkSweepGC \\\n-XX:+UseParNewGC \\\n-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 \\\n-XX:+CMSScavengeBeforeRemark \\\n-XX:PretenureSizeThreshold=64m \\\n-XX:+UseCMSInitiatingOccupancyOnly \\\n-XX:CMSInitiatingOccupancyFraction=50 \\\n-XX:CMSMaxAbortablePrecleanTime=6000 \\\n-XX:+CMSParallelRemarkEnabled \\\n-XX:+ParallelRefProcEnabled\"\
 n\n# Set the ZooKeeper connection string if using an external ZooKeeper ensemble\n# e.g. host1:2181,host2:2181/chroot\n# Leave empty if not using SolrCloud\nZK_HOST=\"{{zookeeper_quorum}}{{logsearch_solr_znode}}\"\n\n# Set the ZooKeeper client timeout (for SolrCloud mode)\nZK_CLIENT_TIMEOUT=\"60000\"\n\n# By default the start script uses \"localhost\"; override the hostname here\n# for production SolrCloud environments to control the hostname exposed to cluster state\n#SOLR_HOST=\"192.168.1.1\"\n\n# By default the start script uses UTC; override the timezone if needed\n#SOLR_TIMEZONE=\"UTC\"\n\n# Set to true to activate the JMX RMI connector to allow remote JMX client applications\n# to monitor the JVM hosting Solr; set to \"false\" to disable that behavior\n# (false is recommended in production environments)\nENABLE_REMOTE_JMX_OPTS=\"true\"\n\n# The script will use SOLR_PORT+10000 for the RMI_PORT or you can set it here\nRMI_PORT={{logsearch_solr_jmx_port}}\n\n# Anything you add to
  the SOLR_OPTS variable will be included in the java\n# start command line as-is, in ADDITION to other options. If you specify the\n# -a option on start script, those options will be appended as well. Examples:\n#SOLR_OPTS=\"$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000\"\n#SOLR_OPTS=\"$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000\"\n#SOLR_OPTS=\"$SOLR_OPTS -Dsolr.clustering.enabled=true\"\n\n# Location where the bin/solr script will save PID files for running instances\n# If not set, the script will create PID files in $SOLR_TIP/bin\nSOLR_PID_DIR={{logsearch_solr_piddir}}\n\n# Path to a directory where Solr creates index files, the specified directory\n# must contain a solr.xml; by default, Solr will use server/solr\nSOLR_HOME={{logsearch_solr_datadir}}\n\n# Solr provides a default Log4J configuration properties file in server/resources\n# however, you may want to customize the log settings and file appender location\n# so you can point the script to use a different log4j.properties f
 ile\nLOG4J_PROPS={{logsearch_solr_conf}}/log4j.properties\n\n# Location where Solr should write logs to; should agree with the file appender\n# settings in server/resources/log4j.properties\nSOLR_LOGS_DIR={{logsearch_solr_log_dir}}\n\n# Sets the port Solr binds to, default is 8983\nSOLR_PORT={{logsearch_solr_port}}\n\n# Be sure to update the paths to the correct keystore for your environment\n{% if logsearch_solr_ssl_enabled %}\nSOLR_SSL_KEY_STORE={{logsearch_solr_keystore_location}}\nSOLR_SSL_KEY_STORE_PASSWORD={{logsearch_solr_keystore_password}}\nSOLR_SSL_TRUST_STORE={{logsearch_solr_keystore_location}}\nSOLR_SSL_TRUST_STORE_PASSWORD={{logsearch_solr_keystore_password}}\nSOLR_SSL_NEED_CLIENT_AUTH=false\nSOLR_SSL_WANT_CLIENT_AUTH=false\n{% endif %}\n\n# Uncomment to set a specific SSL port (-Djetty.ssl.port=N); if not set\n# and you are using SSL, then the start script will use SOLR_PORT for the SSL port\n#SOLR_SSL_PORT=\n\n{% if security_enabled -%}\nSOLR_HOST=`hostname -f`\nSOLR
 _JAAS_FILE={{logsearch_solr_jaas_file}}\nSOLR_KERB_KEYTAB={{logsearch_solr_web_kerberos_keytab}}\nSOLR_KERB_PRINCIPAL={{logsearch_solr_web_kerberos_principal}}\nSOLR_KERB_NAME_RULES={{logsearch_solr_kerberos_name_rules}}\n\nSOLR_AUTHENTICATION_CLIENT_CONFIGURER=\"org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer\"\nSOLR_AUTHENTICATION_OPTS=\" -DauthenticationPlugin=org.apache.solr.security.KerberosPlugin -Djava.security.auth.login.config=$SOLR_JAAS_FILE -Dsolr.kerberos.principal=${SOLR_KERB_PRINCIPAL} -Dsolr.kerberos.keytab=${SOLR_KERB_KEYTAB} -Dsolr.kerberos.cookie.domain=${SOLR_HOST} -Dsolr.kerberos.name.rules=${SOLR_KERB_NAME_RULES}\"\n{% endif %}", 
+            "logsearch_solr_pid_dir": "/var/run/ambari-logsearch-solr", 
+            "logsearch_solr_truststore_password": "bigdata", 
+            "logsearch_solr_truststore_type": "jks", 
+            "logsearch_solr_keystore_type": "jks", 
+            "logsearch_solr_log_dir": "/var/log/ambari-logsearch-solr", 
+            "logsearch_solr_web_kerberos_keytab": "/etc/security/keytabs/spnego.service.keytab", 
+            "logsearch_solr_ssl_enabled": "false", 
+            "logsearch_solr_client_log_dir": "/var/log/ambari-logsearch-solr-client", 
+            "logsearch_solr_web_kerberos_principal": "HTTP/_HOST@EXAMPLE.COM", 
+            "logsearch_solr_znode": "/ambari-solr", 
+            "logsearch_solr_keystore_password": "bigdata", 
+            "logsearch_solr_port": "8886", 
+            "logsearch_solr_kerberos_principal": "logsearch-solr/_HOST@EXAMPLE.COM", 
+            "logsearch_solr_jmx_port": "18886", 
+            "logsearch_solr_truststore_location": "/etc/security/serverKeys/logsearch.trustStore.jks", 
+            "logsearch_solr_minmem": "512", 
+            "logsearch_solr_kerberos_keytab": "/etc/security/keytabs/logsearch-solr.service.keytab"
+        },
+        "logsearch-solr-client-log4j": {
+            "content": "# Copyright 2011 The Apache Software Foundation\n#\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements.  See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership.  The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License.  You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\nlog4j.rootLogger=INFO,file,stdout,stderr\n\nlog4j.appender.file=org.apache.log4j.RollingFileAppender\nlog4j.appender
 .file.File={{logsearch_solr_client_log}}\nlog4j.appender.file.MaxFileSize=80MB\nlog4j.appender.file.MaxBackupIndex=60\nlog4j.appender.file.layout=org.apache.log4j.PatternLayout\nlog4j.appender.file.layout.ConversionPattern=%d{DATE} %5p [%t] %c{1}:%L - %m%n\n\nlog4j.appender.stdout=org.apache.log4j.ConsoleAppender\nlog4j.appender.stdout.Threshold=INFO\nlog4j.appender.stdout.Target=System.out\nlog4j.appender.stdout.layout=org.apache.log4j.PatternLayout\nlog4j.appender.stdout.layout.ConversionPattern=%m%n\n\nlog4j.appender.stderr=org.apache.log4j.ConsoleAppender\nlog4j.appender.stderr.Threshold=ERROR\nlog4j.appender.stderr.Target=System.err\nlog4j.appender.stderr.layout=org.apache.log4j.PatternLayout\nlog4j.appender.stderr.layout.ConversionPattern=%m%n"
+        },
         "cluster-env": {
             "security_enabled": "true", 
             "override_uid": "true", 


Mime
View raw message