ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jlun...@apache.org
Subject ambari git commit: AMBARI-17688: Ranger stack changes in Ambari to support secure Solr (Mugdha Varadkar via jluniya)
Date Fri, 15 Jul 2016 17:28:13 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.4 203930d23 -> 7cf65cbc7


AMBARI-17688: Ranger stack changes in Ambari to support secure Solr (Mugdha Varadkar via jluniya)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7cf65cbc
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7cf65cbc
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7cf65cbc

Branch: refs/heads/branch-2.4
Commit: 7cf65cbc7cb94720aec46e2b59cd97ca4d759d76
Parents: 203930d
Author: Jayush Luniya <jluniya@hortonworks.com>
Authored: Fri Jul 15 10:27:24 2016 -0700
Committer: Jayush Luniya <jluniya@hortonworks.com>
Committed: Fri Jul 15 10:28:09 2016 -0700

----------------------------------------------------------------------
 .../0.96.0.2.0/package/scripts/params_linux.py  |   2 +-
 .../0.12.0.2.0/package/scripts/params_linux.py  |   1 +
 .../RANGER/0.4.0/package/scripts/params.py      |   7 +-
 .../0.4.0/package/scripts/ranger_admin.py       |   2 +-
 .../0.5.0/configuration/ranger-admin-site.xml   |   6 +
 .../0.6.0/configuration/ranger-admin-site.xml   |  78 +++++++++++
 .../RANGER/0.6.0/themes/theme_version_3.json    |  28 ++++
 .../0.5.0.2.3/package/scripts/params.py         |   2 +-
 .../1.0.1/configuration/ranger-storm-audit.xml  | 136 +++++++++++++++++++
 .../stacks/HDP/2.2/services/stack_advisor.py    |  10 +-
 .../stacks/HDP/2.3/services/stack_advisor.py    |  11 +-
 .../ATLAS/configuration/ranger-atlas-audit.xml  | 135 ++++++++++++++++++
 .../HBASE/configuration/ranger-hbase-audit.xml  | 136 +++++++++++++++++++
 .../HDFS/configuration/ranger-hdfs-audit.xml    | 136 +++++++++++++++++++
 .../HIVE/configuration/ranger-hive-audit.xml    | 136 +++++++++++++++++++
 .../KAFKA/configuration/ranger-kafka-audit.xml  | 136 +++++++++++++++++++
 .../KNOX/configuration/ranger-knox-audit.xml    | 136 +++++++++++++++++++
 .../configuration/ranger-kms-audit.xml          | 136 +++++++++++++++++++
 .../YARN/configuration/ranger-yarn-audit.xml    | 136 +++++++++++++++++++
 .../stacks/HDP/2.5/services/stack_advisor.py    |  53 +++++++-
 .../stacks/2.2/common/test_stack_advisor.py     |  33 ++++-
 .../stacks/2.3/common/test_stack_advisor.py     |  20 ++-
 .../2.5/configs/ranger-admin-default.json       |   2 +-
 .../2.5/configs/ranger-admin-secured.json       |   2 +-
 ambari-web/app/data/HDP2/site_properties.js     |  43 ++++++
 ambari-web/app/models/stack_service.js          |   3 +-
 26 files changed, 1499 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index f5e0301..bf61493 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -188,12 +188,12 @@ user_group = config['configurations']['cluster-env']["user_group"]
 if security_enabled:
   _hostname_lowercase = config['hostname'].lower()
   master_jaas_princ = config['configurations']['hbase-site']['hbase.master.kerberos.principal'].replace('_HOST',_hostname_lowercase)
+  master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab.file']
   regionserver_jaas_princ = config['configurations']['hbase-site']['hbase.regionserver.kerberos.principal'].replace('_HOST',_hostname_lowercase)
   _queryserver_jaas_princ = config['configurations']['hbase-site']['phoenix.queryserver.kerberos.principal']
   if not is_empty(_queryserver_jaas_princ):
     queryserver_jaas_princ =_queryserver_jaas_princ.replace('_HOST',_hostname_lowercase)
 
-master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab.file']
 regionserver_keytab_path = config['configurations']['hbase-site']['hbase.regionserver.keytab.file']
 queryserver_keytab_path = config['configurations']['hbase-site']['phoenix.queryserver.keytab.file']
 smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
index 6bb2cbc..c5f8fc3 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
@@ -634,6 +634,7 @@ policy_user = config['configurations']['ranger-hive-plugin-properties']['policy_
 
 if security_enabled:
   hive_principal = hive_server_principal.replace('_HOST',hostname.lower())
+  hive_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
 
 #For curl command in ranger plugin to get db connector
 if has_ranger_admin:

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index fad4b9b..84e90e0 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -262,6 +262,7 @@ ugsync_policymgr_alias = config["configurations"]["ranger-ugsync-site"]["ranger.
 ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.keystore"]
 
 # ranger solr
+audit_solr_enabled = default('/configurations/ranger-env/xasecure.audit.destination.solr', False)
 ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set']
 ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name']
 ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards']
@@ -298,12 +299,14 @@ solr_jaas_file = None
 if security_enabled:
   if has_ranger_tagsync:
     ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
-    tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
+    if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+      tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
     tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
 
   if stack_supports_ranger_kerberos:
     ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
-    ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
+    if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+      ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
     ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab']
 
     if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
index 529ac8c..c0534f3 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py
@@ -86,7 +86,7 @@ class RangerAdmin(Script):
     env.set_params(params)
     self.configure(env, upgrade_type=upgrade_type)
 
-    if params.stack_supports_logsearch_client and params.is_solrCloud_enabled:
+    if params.stack_supports_logsearch_client and params.audit_solr_enabled and params.is_solrCloud_enabled:
       solr_cloud_util.setup_solr_client(params.config, user = params.solr_user, custom_log4j = params.custom_log4j)
       setup_ranger_audit_solr()
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
index 1b2b5e0..c41c90c 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
@@ -503,6 +503,12 @@
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
+    <depends-on>
+      <property>
+       <type>gateway-site</type>
+       <name>gateway.port</name>
+      </property>
+    </depends-on>
     <on-ambari-upgrade add="true"/>
   </property>
   <property>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
index 341cff7..477df7a 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
@@ -322,4 +322,82 @@
     </depends-on>
     <on-ambari-upgrade add="true"/>
   </property>
+
+  <property>
+    <name>ranger.is.solr.kerberised</name>
+    <display-name>Kerberos Solr</display-name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>ON</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>OFF</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{ranger_admin_jaas_principal}}</value>
+    <description/>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{ranger_admin_keytab}}</value>
+    <description/>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value>com.sun.security.auth.module.Krb5LoginModule</value>
+    <description/>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value>required</value>
+    <description/>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>true</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value>solr</value>
+    <description/>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
index 3f50774..e65c9b2 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
@@ -308,6 +308,28 @@
               }
             }
           ]
+        },
+        {
+          "config": "ranger-admin-site/ranger.is.solr.kerberised",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/xasecure.audit.destination.solr"
+              ],
+              "if": "${ranger-env/xasecure.audit.destination.solr}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
         }
       ]
     },
@@ -389,6 +411,12 @@
         "widget": {
           "type": "toggle"
         }
+      },
+      {
+        "config": "ranger-admin-site/ranger.is.solr.kerberised",
+        "widget": {
+          "type": "toggle"
+        }
       }
     ]
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index dfcad32..73cfbff 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -232,12 +232,12 @@ hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition
 hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None)
 
 # kms kerberos from stack 2.5 onward
-rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab']
 rangerkms_bare_principal = 'rangerkms'
 
 if stack_supports_ranger_kerberos:
   if security_enabled:
     rangerkms_principal = config['configurations']['dbks-site']['ranger.ks.kerberos.principal']
+    rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab']
     if not is_empty(rangerkms_principal) and rangerkms_principal != '':
       rangerkms_bare_principal = get_bare_principal(rangerkms_principal)
       rangerkms_principal = rangerkms_principal.replace('_HOST', kms_host.lower())

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
index d3f9143..1c869ed 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
@@ -54,4 +54,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{storm_jaas_principal}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{storm_keytab_path}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index e570a5b7..1598d0e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -1491,6 +1491,8 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
     validationItems = []
     ranger_plugin_properties = getSiteProperties(configurations, "ranger-kafka-plugin-properties")
     ranger_plugin_enabled = ranger_plugin_properties['ranger-kafka-plugin-enabled'] if ranger_plugin_properties else 'No'
+    servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+    security_enabled = self.isSecurityEnabled(services)
     if ranger_plugin_enabled.lower() == 'yes':
       # ranger-hdfs-plugin must be enabled in ranger-env
       ranger_env = getServicesSiteProperties(services, 'ranger-env')
@@ -1499,6 +1501,11 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
         validationItems.append({"config-name": 'ranger-kafka-plugin-enabled',
                                 "item": self.getWarnItem(
                                   "ranger-kafka-plugin-properties/ranger-kafka-plugin-enabled must correspond ranger-env/ranger-kafka-plugin-enabled")})
+
+    if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'yes') and not security_enabled:
+      validationItems.append({"config-name": "ranger-kafka-plugin-enabled",
+                              "item": self.getWarnItem(
+                              "Ranger Kafka plugin should not be enabled in non-kerberos environment.")})
     return self.toConfigurationValidationProblems(validationItems, "ranger-kafka-plugin-properties")
 
   def validateStormRangerPluginConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
@@ -1506,6 +1513,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
     ranger_plugin_properties = getSiteProperties(configurations, "ranger-storm-plugin-properties")
     ranger_plugin_enabled = ranger_plugin_properties['ranger-storm-plugin-enabled'] if ranger_plugin_properties else 'No'
     servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+    security_enabled = self.isSecurityEnabled(services)
     if ranger_plugin_enabled.lower() == 'yes':
       # ranger-hdfs-plugin must be enabled in ranger-env
       ranger_env = getServicesSiteProperties(services, 'ranger-env')
@@ -1514,7 +1522,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
         validationItems.append({"config-name": 'ranger-storm-plugin-enabled',
                                 "item": self.getWarnItem(
                                   "ranger-storm-plugin-properties/ranger-storm-plugin-enabled must correspond ranger-env/ranger-storm-plugin-enabled")})
-    if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()) and not 'KERBEROS' in servicesList:
+    if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()) and not security_enabled:
       validationItems.append({"config-name": "ranger-storm-plugin-enabled",
                               "item": self.getWarnItem(
                                 "Ranger Storm plugin should not be enabled in non-kerberos environment.")})

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index 2a2a3a3..373553c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -942,11 +942,6 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
                                 "If Ranger Kafka Plugin is enabled."\
                                 "{0} needs to be set to {1}".format(prop_name,prop_val))})
 
-    if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()) and not 'KERBEROS' in servicesList:
-      validationItems.append({"config-name": "ranger-kafka-plugin-enabled",
-                              "item": self.getWarnItem(
-                                "Ranger Kafka plugin should not be enabled in non-kerberos environment.")})
-
     return self.toConfigurationValidationProblems(validationItems, "kafka-broker")
 
   def validateYARNConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
@@ -981,11 +976,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
     parentValidationProblems = super(HDP23StackAdvisor, self).validateRangerConfigurationsEnv(properties, recommendedDefaults, configurations, services, hosts)
     ranger_env_properties = properties
     validationItems = []
-    security_enabled = False
-
-    servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-    if 'KERBEROS' in servicesList:
-      security_enabled = True
+    security_enabled = self.isSecurityEnabled(services)
 
     if "ranger-kafka-plugin-enabled" in ranger_env_properties and ranger_env_properties["ranger-kafka-plugin-enabled"].lower() == 'yes' and not security_enabled:
       validationItems.append({"config-name": "ranger-kafka-plugin-enabled",

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
index efeea5f..ac22729 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
@@ -128,4 +128,139 @@
     <on-ambari-upgrade add="true"/>
   </property>
 
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{atlas_jaas_principal}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{atlas_keytab_path}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
index d3f9143..cc9f0d2 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -54,4 +54,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{master_jaas_princ}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{master_keytab_path}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
index 019602a..0a04953 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
@@ -55,4 +55,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{nn_principal_name}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{nn_keytab}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
index d3f9143..671c08e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
@@ -54,4 +54,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{hive_principal}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{hive_keytab}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
index d3f9143..6aca7e7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
@@ -54,4 +54,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{kafka_jaas_principal}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{kafka_keytab_path}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
index d3f9143..bdd1994 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
@@ -54,4 +54,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{knox_principal_name}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{knox_keytab_path}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
index 02b7565..8c8278a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/ranger-kms-audit.xml
@@ -81,4 +81,140 @@
     </depends-on>
     <on-ambari-upgrade add="true"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{rangerkms_principal}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{rangerkms_keytab}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
index d3f9143..da24576 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/YARN/configuration/ranger-yarn-audit.xml
@@ -54,4 +54,140 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.principal</name>
+    <value>{{rm_principal_name}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.keyTab</name>
+    <value>{{rm_keytab}}</value>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.storeKey</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.storeKey</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>xasecure.audit.jaas.Client.option.serviceName</name>
+    <value></value>
+    <description/>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>xasecure.audit.jaas.Client.option.serviceName</name>
+      </property>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.is.solr.kerberised</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="true"/>
+  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index 5fccb2a..66d2ef7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -57,7 +57,8 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
       "HIVE": {"hive-interactive-env": self.validateHiveInteractiveEnvConfigurations,
                "hive-interactive-site": self.validateHiveInteractiveSiteConfigurations},
       "YARN": {"yarn-site": self.validateYarnConfigurations},
-      "RANGER": {"ranger-tagsync-site": self.validateRangerTagsyncConfigurations}
+      "RANGER": {"ranger-tagsync-site": self.validateRangerTagsyncConfigurations,
+                "ranger-admin-site": self.validateRangerAdminConfigurations}
     }
     self.mergeValidators(parentValidators, childValidators)
     return parentValidators
@@ -1526,6 +1527,11 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
     else:
       putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE')
 
+    if 'ranger-admin-site' in services['configurations'] and 'ranger.is.solr.kerberised' in services['configurations']['ranger-admin-site']['properties']:
+      is_solr_kerberised = services['configurations']['ranger-admin-site']['properties']['ranger.is.solr.kerberised'] == 'true'
+    else:
+      is_solr_kerberised = False
+
     ranger_services = [
       {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'},
       {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'},
@@ -1556,6 +1562,37 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
                 rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
               putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
 
+          if is_solr_kerberised:
+            ranger_solr_kerberised = [
+              {'configname': 'xasecure.audit.jaas.Client.loginModuleName'},
+              {'configname': 'xasecure.audit.jaas.Client.loginModuleControlFlag'},
+              {'configname': 'xasecure.audit.jaas.Client.option.useKeyTab'},
+              {'configname': 'xasecure.audit.jaas.Client.option.storeKey'},
+              {'configname': 'xasecure.audit.jaas.Client.option.serviceName'}
+            ]
+
+            for item in ranger_solr_kerberised:
+              if 'ranger-admin-site' in services['configurations'] and item['configname'] in services["configurations"]['ranger-admin-site']["properties"]:
+                if 'ranger-admin-site' in configurations and item['configname'] in configurations['ranger-admin-site']["properties"]:
+                  solrKerberisedProperty = configurations['ranger-admin-site']["properties"][item['configname']]
+                else:
+                  solrKerberisedProperty = services['configurations']['ranger-admin-site']['properties'][item['configname']]
+                putRangerAuditProperty(item['configname'], solrKerberisedProperty)
+
+            putRangerAuditProperty('xasecure.audit.destination.solr.force.use.inmemory.jaas.config', 'true')
+          else:
+            set_solr_kerberised_default = [
+              {'configname': 'xasecure.audit.jaas.Client.loginModuleName', 'default_value': ''},
+              {'configname': 'xasecure.audit.jaas.Client.loginModuleControlFlag', 'default_value': ''},
+              {'configname': 'xasecure.audit.jaas.Client.option.useKeyTab', 'default_value': 'false'},
+              {'configname': 'xasecure.audit.jaas.Client.option.storeKey', 'default_value': 'false'},
+              {'configname': 'xasecure.audit.jaas.Client.option.serviceName', 'default_value': ''},
+              {'configname': 'xasecure.audit.destination.solr.force.use.inmemory.jaas.config', 'default_value': 'false'}
+            ]
+
+            for item in set_solr_kerberised_default:
+              putRangerAuditProperty(item['configname'], item['default_value'])
+
     if "HDFS" in servicesList:
       hdfs_user = None
       if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]:
@@ -1615,7 +1652,7 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
         putAtlasRangerAuditProperty('xasecure.audit.destination.solr',xasecure_audit_destination_solr)
 
   def validateRangerTagsyncConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
-    ranger_tagsync_properties = getSiteProperties(configurations, "ranger-tagsync-site")
+    ranger_tagsync_properties = properties
     validationItems = []
     servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
 
@@ -1631,6 +1668,18 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
 
     return self.toConfigurationValidationProblems(validationItems, "ranger-tagsync-site")
 
+  def validateRangerAdminConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
+    ranger_admin_properties = properties
+    validationItems = []
+    security_enabled = self.isSecurityEnabled(services)
+
+    if 'ranger.is.solr.kerberised' in ranger_admin_properties and ranger_admin_properties['ranger.is.solr.kerberised'].lower() == 'true'\
+      and not security_enabled:
+      validationItems.append({"config-name": "ranger.is.solr.kerberised",
+                              "item": self.getWarnItem("Kerberos Solr (ranger.is.solr.kerberised) should not be enabled in non-kerberos environment.")})
+
+    return self.toConfigurationValidationProblems(validationItems, "ranger-admin-site")
+
   """
   Returns the host(s) on which a requested service's component is hosted.
   Parameters :

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index 86bf14d..cf5918a 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -3894,13 +3894,25 @@ class TestHDP22StackAdvisor(TestCase):
         "properties":{
           "ranger-kafka-plugin-enabled":"Yes",
           }
+      },
+      "cluster-env": {
+        "properties": {
+          "security_enabled" : "true"
+        }
       }
     }
     services = {
+      "services":
+      [
+        {
+          "StackServices": {
+           "service_name" : "RANGER"
+          }
+        }
+      ],      
       "configurations": configurations
     }
     res_expected = []
-
     res = self.stackAdvisor.validateKafkaRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {})
     self.assertEquals(res, res_expected)
 
@@ -3912,6 +3924,12 @@ class TestHDP22StackAdvisor(TestCase):
                      'config-name': 'ranger-kafka-plugin-enabled',
                      'level': 'WARN'}]
 
+    # Test to check security_enabled is false
+    services['configurations']['cluster-env']['properties']['security_enabled'] = "false"
+    res_expected.append({'config-type': 'ranger-kafka-plugin-properties', 'message': 'Ranger Kafka plugin should not be enabled in non-kerberos environment.', 'type': 'configuration', 'config-name': 'ranger-kafka-plugin-enabled', 'level': 'WARN'})
+    res = self.stackAdvisor.validateKafkaRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {})
+    self.assertEquals(res, res_expected)
+
     res = self.stackAdvisor.validateKafkaRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {})
     self.assertEquals(res, res_expected)
 
@@ -3930,6 +3948,11 @@ class TestHDP22StackAdvisor(TestCase):
         "properties":{
           "ranger-storm-plugin-enabled":"Yes",
           }
+      },
+      "cluster-env": {
+        "properties": {
+          "security_enabled" : "true"
+        }
       }
     }
     services = {
@@ -3937,14 +3960,13 @@ class TestHDP22StackAdvisor(TestCase):
         [
           {
             "StackServices": {
-              "service_name" : "STORM"
+              "service_name" : "RANGER"
             }
           }
         ],
       "configurations": configurations
     }
     res_expected = []
-
     res = self.stackAdvisor.validateStormRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {})
     self.assertEquals(res, res_expected)
 
@@ -3959,6 +3981,11 @@ class TestHDP22StackAdvisor(TestCase):
     res = self.stackAdvisor.validateStormRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {})
     self.assertEquals(res, res_expected)
 
+    # Test to check security_enabled is false
+    services['configurations']['cluster-env']['properties']['security_enabled'] = "false"
+    res_expected.append({'config-type': 'ranger-storm-plugin-properties', 'message': 'Ranger Storm plugin should not be enabled in non-kerberos environment.', 'type': 'configuration', 'config-name': 'ranger-storm-plugin-enabled', 'level': 'WARN'})
+    res = self.stackAdvisor.validateStormRangerPluginConfigurations(properties, recommendedDefaults, configurations, services, {})
+    self.assertEquals(res, res_expected)
 
   def test_recommendRangerConfigurations(self):
     clusterData = {}

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
index a6baeea..a30d5fc 100644
--- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
@@ -2146,14 +2146,28 @@ class TestHDP23StackAdvisor(TestCase):
         [
           {
             "StackServices": {
-              "service_name" : "KAFKA"
+              "service_name" : "RANGER"
             }
           }
-        ]
+        ],
+      "configurations": {
+        "cluster-env": {
+          "properties": {
+            "security_enabled" : "false"
+          },
+          "property_attributes": {}
+        }
       }
+    }
 
     # Test with ranger plugin enabled, validation fails
     res_expected = [{'config-type': 'ranger-env', 'message': 'Ranger Kafka plugin should not be enabled in non-kerberos environment.', 'type': 'configuration', 'config-name': 'ranger-kafka-plugin-enabled', 'level': 'WARN'}]
+    res = self.stackAdvisor.validateRangerConfigurationsEnv(properties, recommendedDefaults, configurations, services, {})
+    self.assertEquals(res, res_expected)
 
+    # Test for security_enabled is true
+    services['configurations']['cluster-env']['properties']['security_enabled'] = "true"
+    configurations['cluster-env']['properties']['security_enabled'] = "true"
+    res_expected = []
     res = self.stackAdvisor.validateRangerConfigurationsEnv(properties, recommendedDefaults, configurations, services, {})
-    self.assertEquals(res, res_expected)
\ No newline at end of file
+    self.assertEquals(res, res_expected)

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
index 67b00a1..934007b 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-default.json
@@ -376,7 +376,7 @@
             "ranger-kafka-plugin-enabled": "No", 
             "ranger_privelege_user_jdbc_url": "jdbc:mysql://c6401.ambari.apache.org:3306", 
             "ranger-hive-plugin-enabled": "No", 
-            "xasecure.audit.destination.solr": "false", 
+            "xasecure.audit.destination.solr": "true", 
             "ranger_pid_dir": "/var/run/ranger", 
             "xasecure.audit.destination.hdfs": "true", 
             "admin_username": "admin", 

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
index 9911e10..53e26a6 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/ranger-admin-secured.json
@@ -394,7 +394,7 @@
             "ranger-kafka-plugin-enabled": "No", 
             "ranger_privelege_user_jdbc_url": "jdbc:mysql://c6401.ambari.apache.org:3306", 
             "ranger-hive-plugin-enabled": "No", 
-            "xasecure.audit.destination.solr": "false", 
+            "xasecure.audit.destination.solr": "true", 
             "ranger_pid_dir": "/var/run/ranger", 
             "xasecure.audit.destination.hdfs": "true", 
             "admin_username": "admin", 

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-web/app/data/HDP2/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2/site_properties.js b/ambari-web/app/data/HDP2/site_properties.js
index 23fbf5e..13b9cde 100644
--- a/ambari-web/app/data/HDP2/site_properties.js
+++ b/ambari-web/app/data/HDP2/site_properties.js
@@ -1783,6 +1783,49 @@ var hdp2properties = [
     "category": "MetricCollector",
     "index": 3
   },
+  /*ranger-admin-site*/
+  {
+    "name": "xasecure.audit.jaas.Client.option.principal",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
+  {
+    "name": "xasecure.audit.jaas.Client.option.keyTab",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
+  {
+    "name": "xasecure.audit.jaas.Client.loginModuleName",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
+  {
+    "name": "xasecure.audit.jaas.Client.loginModuleControlFlag",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
+  {
+    "name": "xasecure.audit.jaas.Client.option.useKeyTab",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
+  {
+    "name": "xasecure.audit.jaas.Client.option.storeKey",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
+  {
+    "name": "xasecure.audit.jaas.Client.option.serviceName",
+    "serviceName": "RANGER",
+    "filename": "ranger-admin-site.xml",
+    "category": "SolrKerberosSettings"
+  },
 /************************************************LOGSEARCH******************************************/
   /*logfeeder-properties*/
   {

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cf65cbc/ambari-web/app/models/stack_service.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/models/stack_service.js b/ambari-web/app/models/stack_service.js
index c63df3d..4114ec6 100644
--- a/ambari-web/app/models/stack_service.js
+++ b/ambari-web/app/models/stack_service.js
@@ -355,7 +355,8 @@ App.StackService.configCategories = function () {
         App.ServiceConfigCategory.create({ name: 'UnixAuthenticationSettings', displayName: 'Unix Authentication Settings'}),
         App.ServiceConfigCategory.create({ name: 'ADSettings', displayName: 'AD Settings'}),
         App.ServiceConfigCategory.create({ name: 'LDAPSettings', displayName: 'LDAP Settings'}),
-        App.ServiceConfigCategory.create({ name: 'KnoxSSOSettings', displayName: 'Knox SSO Settings'})
+        App.ServiceConfigCategory.create({ name: 'KnoxSSOSettings', displayName: 'Knox SSO Settings'}),
+        App.ServiceConfigCategory.create({ name: 'SolrKerberosSettings', displayName: 'Solr Kerberos Settings'})
       ]);
       break;
     case 'ACCUMULO':


Mime
View raw message