Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 40A29200B40 for ; Wed, 1 Jun 2016 17:26:00 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 3EF79160A45; Wed, 1 Jun 2016 15:26:00 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9D174160A50 for ; Wed, 1 Jun 2016 17:25:57 +0200 (CEST) Received: (qmail 88642 invoked by uid 500); 1 Jun 2016 15:25:51 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 83802 invoked by uid 99); 1 Jun 2016 15:25:46 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Jun 2016 15:25:46 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 421A7E0B2D; Wed, 1 Jun 2016 15:25:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: dmitriusan@apache.org To: commits@ambari.apache.org Date: Wed, 01 Jun 2016 15:27:11 -0000 Message-Id: <178c6fb3a9424c71b125396873d48b72@git.apache.org> In-Reply-To: <45f8eed3f7c6418a96a041d1f047a06d@git.apache.org> References: <45f8eed3f7c6418a96a041d1f047a06d@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [88/94] ambari git commit: AMBARI-16272. Ambari Upgrade shouldn't automatically add stack configs (dlysnichenko) archived-at: Wed, 01 Jun 2016 15:26:00 -0000 http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml index 1b26644..0314f0a 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml @@ -19,7 +19,6 @@ * limitations under the License. */ --> - oozie_user @@ -31,11 +30,15 @@ user false + + oozie_admin_users {oozie_user}, oozie-admin Oozie admin users. + + oozie_database @@ -45,6 +48,8 @@ false + + oozie_data_dir @@ -56,6 +61,8 @@ true false + + oozie_log_dir @@ -66,6 +73,8 @@ directory false + + oozie_tmp_dir @@ -76,6 +85,8 @@ directory false + + oozie_pid_dir @@ -87,6 +98,8 @@ true false + + oozie_admin_port @@ -97,28 +110,37 @@ false int + + oozie_heapsize 2048 Oozie heap size. + + oozie_permsize 256 Oozie permanent generation size. + + oozie_user_nofile_limit 32000 Max open files limit setting for OOZIE user. + + oozie_user_nproc_limit 16000 Max number of processes limit setting for OOZIE user. + + - content @@ -189,9 +211,10 @@ export OOZIE_ADMIN_PORT={{oozie_server_admin_port}} # export OOZIE_BASE_URL="http://${OOZIE_HTTP_HOSTNAME}:${OOZIE_HTTP_PORT}/oozie" export JAVA_LIBRARY_PATH={{hadoop_lib_home}}/native/Linux-amd64-64 - - content - + + content + + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-log4j.xml b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-log4j.xml index 7e77b8c..754770e 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-log4j.xml +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-log4j.xml @@ -19,9 +19,7 @@ * limitations under the License. */ --> - - content oozie-log4j template @@ -111,6 +109,7 @@ log4j.logger.org.apache.hadoop.security.authentication.server=WARN, oozie content false + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml index 4a8e60c..ca0fae7 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-site.xml @@ -16,9 +16,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - - - - content @@ -104,6 +102,7 @@ export JAVA_LIBRARY_PATH="$JAVA_LIBRARY_PATH:{{jdbc_libs_dir}}" content + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-log4j.xml b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-log4j.xml index 4b28116..1c9d6bb 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-log4j.xml +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-log4j.xml @@ -19,9 +19,7 @@ * limitations under the License. */ --> - - content oozie-log4j template @@ -134,6 +132,7 @@ log4j.logger.org.apache.hadoop.security.authentication.server=WARN, oozie content false + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml index 107816d..4036420 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/configuration/oozie-site.xml @@ -17,12 +17,12 @@ ~ limitations under the License. --> - oozie.authentication.kerberos.name.rules The mapping from kerberos principal names to local OS user names. + + - oozie.authentication.type simple @@ -30,23 +30,26 @@ Authentication used for Oozie HTTP endpoint, the supported values are: simple | kerberos | #AUTHENTICATION_HANDLER_CLASSNAME#. + + - oozie.base.url http://localhost:11000/oozie

DONT_ADD_ON_UPGRADE

Base Oozie URL. + + - oozie.credentials.credentialclasses hcat=org.apache.oozie.action.hadoop.HCatCredentials,hive2=org.apache.oozie.action.hadoop.Hive2Credentials Credential Class to be used for HCat. + + - oozie.service.HadoopAccessorService.hadoop.configurations *={{hadoop_conf_dir}} @@ -58,16 +61,18 @@ the Oozie configuration directory; though the path can be absolute (i.e. to point to Hadoop client conf/ directories in the local filesystem. + + - oozie.service.HadoopAccessorService.kerberos.enabled false Indicates if Oozie is configured to use Kerberos. + + - oozie.service.URIHandlerService.uri.handlers org.apache.oozie.dependency.FSURIHandler,org.apache.oozie.dependency.HCatURIHandler @@ -75,8 +80,9 @@ Enlist the different uri handlers supported for data availability checks. + + - oozie.services.ext @@ -86,8 +92,9 @@ To add/replace services defined in 'oozie.services' with custom implementations. Class names must be separated by commas. + + - oozie.db.schema.name oozie @@ -99,8 +106,9 @@ database false + + - oozie.service.JPAService.jdbc.username oozie @@ -112,11 +120,12 @@ db_user false + + - oozie.service.JPAService.jdbc.password - +

Database Password

PASSWORD

@@ -129,8 +138,9 @@ password false + + - oozie.service.JPAService.jdbc.driver org.apache.derby.jdbc.EmbeddedDriver @@ -147,8 +157,9 @@ oozie_database + + - oozie.service.JPAService.jdbc.url jdbc:derby:${oozie.data.dir}/${oozie.db.schema.name}-db;create=true @@ -169,8 +180,9 @@ oozie.db.schema.name + + - oozie.service.AuthorizationService.security.enabled true @@ -178,14 +190,16 @@ Specifies whether security (user name/admin role) is enabled or not. If disabled any user can manage Oozie system and manage any job. + + - oozie.authentication.simple.anonymous.allowed true Indicates if anonymous requests are allowed when using 'simple' authentication. + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-env.xml b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-env.xml index cc4a790..f654c30 100644 --- a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-env.xml +++ b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-env.xml @@ -19,7 +19,6 @@ * limitations under the License. */ --> - @@ -37,6 +36,7 @@ fi content + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-log4j.xml b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-log4j.xml index fd2d8aa..a5c908c 100644 --- a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-log4j.xml +++ b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-log4j.xml @@ -19,9 +19,7 @@ * limitations under the License. */ --> - - content pig-log4j template @@ -62,6 +60,7 @@ log4j.appender.A.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n content false + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-properties.xml b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-properties.xml index 2ef0639..60b6cae 100644 --- a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-properties.xml +++ b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/configuration/pig-properties.xml @@ -19,9 +19,7 @@ * limitations under the License. */ --> - - content pig-properties template @@ -90,6 +88,7 @@ hcat.bin=/usr/bin/hcat true false + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-profiles.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-profiles.xml b/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-profiles.xml index 442fe4a..1f8d85a 100644 --- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-profiles.xml +++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-profiles.xml @@ -19,9 +19,7 @@ * limitations under the License. */ --> - - content pxf-profiles template @@ -160,11 +158,11 @@ under the License. - ]]> - + ]]>

false

+ + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-public-classpath.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-public-classpath.xml b/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-public-classpath.xml index 59183fb..d28286a 100644 --- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-public-classpath.xml +++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-public-classpath.xml @@ -19,9 +19,7 @@ * limitations under the License. */ --> - - content pxf-public-classpath template @@ -59,6 +57,7 @@

false

+ + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-site.xml b/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-site.xml index 8ebd23e..eaebbf1 100644 --- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-site.xml +++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/configuration/pxf-site.xml @@ -15,12 +15,14 @@ See the License for the specific language governing permissions and limitations under the License. --> - - - pxf.service.kerberos.keytab - /etc/security/keytabs/pxf.service.keytab - + + + pxf.service.kerberos.keytab + /etc/security/keytabs/pxf.service.keytab + Path to the PXF keytab file, owned by PXF service and with permissions 0400. - + + + http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml index 6439a7e..fe1f95c 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml @@ -20,7 +20,6 @@ */ --> - DB_FLAVOR MYSQL @@ -41,8 +40,9 @@ 1 + + - SQL_COMMAND_INVOKER mysql @@ -51,8 +51,9 @@ false + + - SQL_CONNECTOR_JAR {{driver_curl_target}} @@ -67,8 +68,9 @@ DB_FLAVOR + + - db_root_user root @@ -77,11 +79,12 @@ false + + - db_root_password - +

PASSWORD

Database Administrator (DBA) password

Database password for the database admin username @@ -89,18 +92,20 @@ password false + + - db_host - +

Ranger DB host

Database host false + + - db_name ranger @@ -109,8 +114,9 @@ false + + - db_user rangeradmin @@ -119,11 +125,12 @@ false + + - db_password - +

PASSWORD

Ranger DB password

Database password for the Ranger schema @@ -131,8 +138,9 @@ password false + + - audit_db_name ranger_audit @@ -141,8 +149,9 @@ false + + - audit_db_user rangerlogger @@ -151,11 +160,12 @@ false + + - audit_db_password - +

PASSWORD

Ranger Audit DB password

Database password for storing auditlog information @@ -163,11 +173,12 @@ password false + + - policymgr_external_url - +

External URL

Policy Manager external url eg: http://RANGER_HOST:6080

@@ -187,8 +198,9 @@ https.service.port

+ + - policymgr_http_enabled true @@ -197,13 +209,14 @@ false + + - authentication_method UNIX Authentication method - + false @@ -213,92 +226,103 @@ SYNC_SOURCE + + - remoteLoginEnabled true Allow remote Login - + false + + - authServiceHostName localhost - + false + + - authServicePort 5151 - + false + + - xa_ldap_url "ldap://71.127.43.33:389" - + false + + - xa_ldap_userDNpattern "uid={0},ou=users,dc=xasecure,dc=net" - + false + + - xa_ldap_groupSearchBase "ou=groups,dc=xasecure,dc=net" - + + + - xa_ldap_groupSearchFilter "(member=uid={0},ou=users,dc=xasecure,dc=net)" - + + + - xa_ldap_groupRoleAttribute "cn" - + false + + - xa_ldap_ad_domain Domain Name (AD specific) - + AD domain, only used if Authentication method is AD false + + - xa_ldap_ad_url - - + + false + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml index b436b75..99fe6dc 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml @@ -19,7 +19,6 @@ */ --> - ranger_user ranger @@ -30,8 +29,9 @@ user false + + - ranger_group ranger @@ -42,41 +42,45 @@ user false + + - ranger_admin_log_dir /var/log/ranger/admin - + directory false

true

+ + - ranger_usersync_log_dir /var/log/ranger/usersync - + directory false

true

+ + - ranger_admin_username amb_ranger_admin

TEXT

Ranger Admin username for Ambari

This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin + + - ranger_admin_password - +

PASSWORD

Ranger Admin user's password for Ambari

This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin @@ -84,14 +88,16 @@ password false + + - admin_username admin This is the username for default admin user that is used for creating ambari user in Ranger Admin - - + + + admin_password admin @@ -100,27 +106,31 @@ password + + - oracle_home -

TEXT

Oracle Home needs to be set to path where oracle is installed, this will help install Ranger Admin when used with Oracle as database. + + - xml_configurations_supported false - + + + - ranger_pid_dir /var/run/ranger - + + + - ranger-hdfs-plugin-enabled No @@ -141,8 +151,9 @@ 1 + + - ranger-hive-plugin-enabled No @@ -163,8 +174,9 @@ 1 + + - ranger-hbase-plugin-enabled No @@ -185,8 +197,9 @@ 1 + + - ranger-storm-plugin-enabled No @@ -207,8 +220,9 @@ 1 + + - ranger-knox-plugin-enabled No @@ -229,8 +243,9 @@ 1 + + - bind_anonymous Bind Anonymous @@ -251,8 +266,9 @@ 1 true + + - xasecure.audit.destination.hdfs false @@ -273,8 +289,9 @@ 1 + + - xasecure.audit.destination.hdfs.dir hdfs://localhost:8020/ranger/audit/%app-type%/%time:yyyyMMdd% @@ -287,8 +304,9 @@ fs.defaultFS + + - xasecure.audit.destination.db true @@ -309,6 +327,7 @@ 1 + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml index daab4ec..b65ac91 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml @@ -20,48 +20,54 @@ */ --> - http.service.port 6080 The http port to be used + + - https.service.port 6182 The secured https port to be used + + - https.attrib.keystoreFile /etc/ranger/admin/keys/server.jks The keystore file location + + - https.attrib.keystorePass xasecure

PASSWORD

The keystore pass to be used + + - https.attrib.keyAlias myKey The key alias to be used + + - https.attrib.clientAuth want The client auth to be used + + - http.enabled true http enabled or https enabled + + - - \ No newline at end of file + http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml index c7dbdb6..ed2fec6 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml @@ -40,102 +40,136 @@ 1 + + MIN_UNIX_USER_ID_TO_SYNC

Minimum User ID

1000 - + + + POLICY_MGR_URL {{usersync_exturl}} Policy Manager external url + + SYNC_INTERVAL 1 - + + + SYNC_LDAP_URL LDAP (AD) URL - + LDAP server URL. Example value = ldap://localhost:389 + + SYNC_LDAP_BIND_DN Bind User - + Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. Example: cn=admin,ou=users,dc=hadoop,dc=apache,dc-org + + SYNC_LDAP_BIND_PASSWORD Bind User Password - + PASSWORD - + password + + CRED_KEYSTORE_FILENAME /usr/lib/xausersync/.jceks/xausersync.jceks - + + + SYNC_LDAP_USER_SEARCH_BASE User Search Base - + sample value would be ou=users,dc=hadoop,dc=apache,dc=org + + SYNC_LDAP_USER_SEARCH_SCOPE

User Search Scope

sub default value: sub + + SYNC_LDAP_USER_OBJECT_CLASS

User Object Class

person default value: person + + SYNC_LDAP_USER_SEARCH_FILTER User Search Filter - + default value is empty true - + + + SYNC_LDAP_USER_NAME_ATTRIBUTE

Username Attribute

cn default value: cn + + SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE

User Group Name Attribute

memberof,ismemberof - + + + SYNC_LDAP_USERNAME_CASE_CONVERSION none possible values: none, lower, upper + + SYNC_LDAP_GROUPNAME_CASE_CONVERSION none possible values: none, lower, upper + + logdir logs user sync log path + + - \ No newline at end of file + http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/admin-properties.xml index 7203ed1..cd0304a 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/admin-properties.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/admin-properties.xml @@ -20,7 +20,6 @@ */ --> - DB_FLAVOR MYSQL @@ -53,11 +52,12 @@ 1 + + - policymgr_external_url - +

External URL

Policy Manager external url eg: http://RANGER_HOST:6080

@@ -77,71 +77,85 @@ ranger.service.https.port

+ + - policymgr_http_enabled true + + - authentication_method true + + - remoteLoginEnabled true + + - authServiceHostName true + + - authServicePort true + + - xa_ldap_url true + + - xa_ldap_userDNpattern true + + - xa_ldap_groupSearchBase true + + - xa_ldap_groupSearchFilter true + + - xa_ldap_groupRoleAttribute true + + - xa_ldap_ad_domain true + + - xa_ldap_ad_url true + + - SQL_COMMAND_INVOKER true + + - http://git-wip-us.apache.org/repos/asf/ambari/blob/98d86419/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml index b358f27..ef57bc3 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml @@ -15,15 +15,14 @@ See the License for the specific language governing permissions and limitations under the License. --> - - ranger.service.host {{ranger_host}} Host where ranger service to be installed + + - ranger.service.http.enabled true @@ -33,38 +32,44 @@ false boolean + + - ranger.service.http.port 6080 HTTP port + + - ranger.service.https.port 6182 HTTPS port (if SSL is enabled) - - + + + ranger.service.https.attrib.ssl.enabled false true/false, set to true if using SSL + + - ranger.service.https.attrib.clientAuth want Needs to be set to want for two way SSL - - + + + ranger.service.https.attrib.keystore.keyalias rangeradmin Alias for Ranger Admin key in keystore + + - ranger.service.https.attrib.keystore.pass xasecure @@ -73,14 +78,16 @@ password + + - ranger.https.attrib.keystore.file /etc/ranger/admin/conf/ranger-admin-keystore.jks Ranger admin keystore (specify full path) + + - ranger.externalurl {{ranger_external_url}} @@ -90,8 +97,9 @@ false false + + - ranger.jpa.jdbc.driver com.mysql.jdbc.Driver @@ -106,8 +114,9 @@ DB_FLAVOR + + - ranger.jpa.jdbc.url jdbc:mysql://localhost @@ -130,14 +139,16 @@ db_name - - + + + ranger.jpa.jdbc.user {{ranger_db_user}} JDBC user + + - ranger.jpa.jdbc.password _ @@ -146,20 +157,23 @@ password + + - ranger.jpa.jdbc.credential.alias rangeradmin Alias name for storing JDBC password + + - ranger.credential.provider.path /etc/ranger/admin/rangeradmin.jceks File for credential store, provide full file path + + - ranger.audit.source.type solr @@ -174,14 +188,16 @@ xasecure.audit.destination.db + + - ranger.audit.solr.urls - + Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits + + - ranger.authentication.method UNIX @@ -196,8 +212,9 @@ ranger.usersync.source.impl.class + + - ranger.ldap.url LDAP URL @@ -206,8 +223,9 @@ false - - + + + ranger.ldap.user.dnpattern uid={0},ou=users,dc=xasecure,dc=net @@ -215,22 +233,25 @@ false + + - ranger.ldap.group.searchbase

Group Search Base

{{ranger_ug_ldap_group_searchbase}} LDAP group searchbase, only used if Authentication method is LDAP + + - ranger.ldap.group.searchfilter

Group Search Filter

{{ranger_ug_ldap_group_searchfilter}} LDAP group search filter, only used if Authentication method is LDAP + + - ranger.ldap.user.searchfilter User Search Filter @@ -239,8 +260,9 @@ false + + - ranger.ldap.group.roleattribute cn @@ -248,8 +270,9 @@ false + + - ranger.ldap.base.dn dc=example,dc=com @@ -257,8 +280,9 @@ false + + - ranger.ldap.bind.dn Bind User @@ -267,8 +291,9 @@ false + + - ranger.ldap.bind.password Bind User Password @@ -279,8 +304,9 @@ password false + + - ranger.ldap.referral ignore @@ -288,18 +314,20 @@ false + + - ranger.ldap.ad.domain Domain Name (Only for AD) - + AD domain, only used if Authentication method is AD false + + - ranger.ldap.ad.url {{ranger_ug_ldap_url}} @@ -307,8 +335,9 @@ false + + - ranger.ldap.ad.base.dn dc=example,dc=com @@ -316,8 +345,9 @@ false + + - ranger.ldap.ad.bind.dn {{ranger_ug_ldap_bind_dn}} @@ -325,8 +355,9 @@ false + + - ranger.ldap.ad.bind.password {{ranger_usersync_ldap_ldapbindpassword}} @@ -336,8 +367,9 @@ password false + + - ranger.ldap.ad.user.searchfilter {{ranger_ug_ldap_user_searchfilter}} @@ -345,8 +377,9 @@ false + + - ranger.ldap.ad.referral ignore @@ -354,26 +387,30 @@ false + + - ranger.jpa.audit.jdbc.driver {{ranger_jdbc_driver}} JDBC driver class name - for audit DB + + - ranger.jpa.audit.jdbc.url {{audit_jdbc_url}} JDBC connect string - auto populated based on other values + + - ranger.jpa.audit.jdbc.user {{ranger_audit_db_user}} JDBC user - audit - - + + + ranger.jpa.audit.jdbc.password _ @@ -382,14 +419,16 @@ password + + - ranger.jpa.audit.jdbc.credential.alias rangeraudit Alias name for storing JDBC password - for audit user + + - ranger.unixauth.remote.login.enabled true @@ -411,8 +450,9 @@ 1 + + - ranger.unixauth.service.hostname {{ugsync_host}} @@ -420,8 +460,9 @@ false + + - ranger.unixauth.service.port 5151 @@ -430,20 +471,23 @@ int false - - + + + ranger.jpa.jdbc.dialect {{jdbc_dialect}} JDBC dialect used for policy DB + + - ranger.jpa.audit.jdbc.dialect {{jdbc_dialect}} JDBC dialect used for audit DB + + - ranger.audit.solr.zookeepers NONE @@ -458,14 +502,16 @@ is_solrCloud_enabled - - + + + ranger.audit.solr.username ranger_solr Solr username - - + + + ranger.audit.solr.password NONE @@ -474,29 +520,32 @@ password - - + + + ranger.sso.providerurl - +

SSO provider url

Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso

true

+ + - ranger.sso.publicKey - +

SSO public key

Public key for SSO cookie verification multiLine

true

+ + - ranger.sso.cookiename hadoop-jwt @@ -505,15 +554,17 @@

true

+ + - ranger.sso.enabled false Enable Ranger SSO - + + + - ranger.sso.query.param.originalurl originalUrl @@ -522,8 +573,9 @@

true

+ + - ranger.sso.browser.useragent Mozilla,chrome @@ -532,6 +584,7 @@

true

+ + -