ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jlun...@apache.org
Subject [2/2] ambari git commit: AMBARI-17902: Config changes to support external solr and internal solr for Ranger (Mugdha Varadkar via jluniya)
Date Wed, 27 Jul 2016 20:21:09 GMT
AMBARI-17902: Config changes to support external solr and internal solr for Ranger (Mugdha Varadkar via jluniya)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/567037bb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/567037bb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/567037bb

Branch: refs/heads/trunk
Commit: 567037bbfb20e9dfac5a8944fdda7229980ee335
Parents: d6b8617
Author: Jayush Luniya <jluniya@hortonworks.com>
Authored: Wed Jul 27 13:20:56 2016 -0700
Committer: Jayush Luniya <jluniya@hortonworks.com>
Committed: Wed Jul 27 13:20:56 2016 -0700

----------------------------------------------------------------------
 .../HDFS/2.1.0.2.0/kerberos.json                |   2 +-
 .../RANGER/0.4.0/package/scripts/params.py      |  32 ++-
 .../0.4.0/package/scripts/setup_ranger_xml.py   |   5 +-
 .../package/templates/ranger_solr_jaas_conf.j2  |  26 ++
 .../package/templates/ranger_solr_jass_conf.j2  |  26 --
 .../0.6.0/configuration/ranger-admin-site.xml   |  77 +-----
 .../RANGER/0.6.0/configuration/ranger-env.xml   |  47 ++++
 .../common-services/RANGER/0.6.0/kerberos.json  |  15 +-
 .../RANGER/0.6.0/themes/theme_version_3.json    | 273 ++++++++++++++++++-
 .../1.0.1/configuration/ranger-storm-audit.xml  | 136 ---------
 .../common-services/STORM/1.0.1/kerberos.json   |  19 ++
 .../stacks/HDP/2.3/upgrades/config-upgrade.xml  |   9 +
 .../HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml |   4 +
 .../stacks/HDP/2.3/upgrades/upgrade-2.5.xml     |   1 +
 .../stacks/HDP/2.4/upgrades/config-upgrade.xml  |   9 +
 .../HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml |   4 +
 .../stacks/HDP/2.4/upgrades/upgrade-2.5.xml     |   1 +
 .../ATLAS/configuration/ranger-atlas-audit.xml  | 135 ---------
 .../HBASE/configuration/ranger-hbase-audit.xml  | 136 ---------
 .../stacks/HDP/2.5/services/HBASE/kerberos.json |  19 ++
 .../HDFS/configuration/ranger-hdfs-audit.xml    | 135 ---------
 .../stacks/HDP/2.5/services/HDFS/kerberos.json  | 246 +++++++++++++++++
 .../HIVE/configuration/ranger-hive-audit.xml    | 136 ---------
 .../stacks/HDP/2.5/services/HIVE/kerberos.json  |  19 ++
 .../KAFKA/configuration/ranger-kafka-audit.xml  | 135 ---------
 .../stacks/HDP/2.5/services/KAFKA/kerberos.json |  69 +++++
 .../KNOX/configuration/ranger-knox-audit.xml    | 135 ---------
 .../stacks/HDP/2.5/services/KNOX/kerberos.json  |  81 ++++++
 .../configuration/ranger-kms-audit.xml          | 135 ---------
 .../HDP/2.5/services/RANGER_KMS/kerberos.json   |  19 ++
 .../YARN/configuration/ranger-yarn-audit.xml    | 135 ---------
 .../stacks/HDP/2.5/services/YARN/kerberos.json  |  19 ++
 .../stacks/HDP/2.5/services/stack_advisor.py    |  67 +----
 .../stacks/2.5/RANGER/test_ranger_admin.py      |   4 +-
 34 files changed, 924 insertions(+), 1387 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index 3d6e25c..e8c96cb 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -186,7 +186,7 @@
                 },
                 "configuration": "hdfs-site/nfs.keytab.file"
               }
-            },
+            }
           ]
         },
         {

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 3ec4b53..3db3256 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -275,6 +275,7 @@ ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
 logsearch_solr_hosts = default("/clusterHostInfo/logsearch_solr_hosts", [])
 has_logsearch = len(logsearch_solr_hosts) > 0
 is_solrCloud_enabled = default('/configurations/ranger-env/is_solrCloud_enabled', False)
+is_external_solrCloud_enabled = default('/configurations/ranger-env/is_external_solrCloud_enabled', False)
 solr_znode = '/ranger_audits'
 if stack_supports_logsearch_client and is_solrCloud_enabled:
   solr_znode = default('/configurations/ranger-admin-site/ranger.audit.solr.zookeepers', 'NONE')
@@ -283,10 +284,12 @@ if stack_supports_logsearch_client and is_solrCloud_enabled:
     if len(solr_znode) > 1 and len(solr_znode) == 2:
       solr_znode = solr_znode[1]
       solr_znode = format('/{solr_znode}')
-  if has_logsearch:
+  if has_logsearch and not is_external_solrCloud_enabled:
     solr_znode = config['configurations']['logsearch-solr-env']['logsearch_solr_znode']
-solr_user = default('/configurations/logsearch-solr-env/logsearch_solr_user', unix_user)
-custom_log4j = has_logsearch
+solr_user = unix_user
+if has_logsearch and not is_external_solrCloud_enabled:
+  solr_user = default('/configurations/logsearch-solr-env/logsearch_solr_user', unix_user)
+custom_log4j = has_logsearch and not is_external_solrCloud_enabled
 
 # get comma separated list of zookeeper hosts
 zookeeper_port = default('/configurations/zoo.cfg/clientPort', None)
@@ -301,7 +304,7 @@ for host in zookeeper_hosts:
 
 # solr kerberised
 solr_jaas_file = None
-is_solr_kerberos_enabled = default('/configurations/ranger-admin-site/ranger.is.solr.kerberised', False)
+is_external_solrCloud_kerberos = default('/configurations/ranger-env/is_external_solrCloud_kerberos', False)
 
 if security_enabled:
   if has_ranger_tagsync:
@@ -315,12 +318,14 @@ if security_enabled:
     ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
     if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
       ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
-      if stack_supports_logsearch_client and is_solrCloud_enabled and is_solr_kerberos_enabled:
-        solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jass.conf')
+      if stack_supports_logsearch_client and is_solrCloud_enabled and is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+        solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+        solr_kerberos_principal = ranger_admin_jaas_principal
+        solr_kerberos_keytab = ranger_admin_keytab
+      if stack_supports_logsearch_client and is_solrCloud_enabled and not is_external_solrCloud_enabled and not is_external_solrCloud_kerberos:
+        solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
         solr_kerberos_principal = ranger_admin_jaas_principal
         solr_kerberos_keytab = ranger_admin_keytab
-      else:
-        solr_jaas_file = None
 
 # logic to create core-site.xml if hdfs not installed
 if stack_supports_ranger_kerberos and not has_namenode:
@@ -369,4 +374,13 @@ ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
 # admin credential
 admin_username = config['configurations']['ranger-env']['admin_username']
 admin_password = config['configurations']['ranger-env']['admin_password']
-default_admin_password = 'admin'
\ No newline at end of file
+default_admin_password = 'admin'
+
+ranger_is_solr_kerberised = "false"
+if audit_solr_enabled and is_solrCloud_enabled:
+  # Check internal solrCloud
+  if security_enabled and not is_external_solrCloud_enabled:
+    ranger_is_solr_kerberised = "true"
+  # Check external solrCloud
+  if is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+    ranger_is_solr_kerberised = "true"

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index 1670d69..24ac487 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -559,10 +559,11 @@ def create_core_site_xml(conf_dir):
 def setup_ranger_audit_solr():
   import params
 
-  if params.security_enabled and params.stack_supports_ranger_kerberos and params.is_solr_kerberos_enabled:
+  if params.security_enabled and params.stack_supports_ranger_kerberos:
+
     if params.solr_jaas_file is not None:
       File(format("{solr_jaas_file}"),
-        content=Template("ranger_solr_jass_conf.j2"),
+        content=Template("ranger_solr_jaas_conf.j2"),
         owner=params.unix_user
       )
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2
new file mode 100644
index 0000000..a456688
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jaas_conf.j2
@@ -0,0 +1,26 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+
+Client {
+  com.sun.security.auth.module.Krb5LoginModule required
+  useKeyTab=true
+  storeKey=true
+  useTicketCache=false
+  keyTab="{{solr_kerberos_keytab}}"
+  principal="{{solr_kerberos_principal}}";
+};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
deleted file mode 100644
index a456688..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_solr_jass_conf.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-
-Client {
-  com.sun.security.auth.module.Krb5LoginModule required
-  useKeyTab=true
-  storeKey=true
-  useTicketCache=false
-  keyTab="{{solr_kerberos_keytab}}"
-  principal="{{solr_kerberos_principal}}";
-};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
index eacf541..c75f2fd 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-admin-site.xml
@@ -54,7 +54,7 @@
   </property>
   <property>
     <name>ranger.admin.kerberos.cookie.domain</name>
-    <value/>
+    <value>{{ranger_host}}</value>
     <description/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
@@ -152,6 +152,10 @@
         <type>ranger-env</type>
         <name>is_solrCloud_enabled</name>
       </property>
+      <property>
+        <type>ranger-env</type>
+        <name>is_external_solrCloud_enabled</name>
+      </property>
     </depends-on>
     <on-ambari-upgrade add="true"/>
   </property>
@@ -325,79 +329,12 @@
 
   <property>
     <name>ranger.is.solr.kerberised</name>
-    <display-name>Kerberos Solr</display-name>
-    <value>false</value>
-    <description/>
+    <value>{{ranger_is_solr_kerberised}}</value>
     <value-attributes>
-      <overridable>false</overridable>
-      <type>value-list</type>
-      <entries>
-        <entry>
-          <value>true</value>
-          <label>ON</label>
-        </entry>
-        <entry>
-          <value>false</value>
-          <label>OFF</label>
-        </entry>
-      </entries>
-      <selection-cardinality>1</selection-cardinality>
+      <visible>false</visible>
     </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{ranger_admin_jaas_principal}}</value>
-    <description/>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{ranger_admin_keytab}}</value>
     <description/>
     <on-ambari-upgrade add="true"/>
   </property>
 
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value>com.sun.security.auth.module.Krb5LoginModule</value>
-    <description/>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value>required</value>
-    <description/>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>true</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value>solr</value>
-    <description/>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
index 2cf3539..83a8096 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-env.xml
@@ -67,4 +67,51 @@
     </value-attributes>
     <on-ambari-upgrade add="true"/>
   </property>
+
+  <property>
+    <name>is_external_solrCloud_enabled</name>
+    <display-name>External SolrCloud</display-name>
+    <value>false</value>
+    <description>Using Externally managed solr cloud ?</description>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>ON</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>OFF</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
+  <property>
+    <name>is_external_solrCloud_kerberos</name>
+    <display-name>External SolrCloud kerberos</display-name>
+    <value>false</value>
+    <description>Is Externally managed solr cloud kerberos ?</description>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>ON</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>OFF</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
index ffebb11..253e32e 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
@@ -13,7 +13,11 @@
       "configurations": [
         {
           "ranger-admin-site": {
-            "ranger.admin.kerberos.cookie.domain": "{{ranger_host}}"
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr"
           }
         }
       ],
@@ -59,6 +63,15 @@
               "keytab": {
                 "configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
               }
+            },
+            {
+              "name": "/RANGER/RANGER_ADMIN/rangeradmin",
+              "principal": {
+                "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.keyTab"
+              }
             }
           ]
         },

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
index e65c9b2..cbe28a3 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/themes/theme_version_3.json
@@ -5,6 +5,54 @@
         "name": "default",
         "tabs": [
           {
+            "name": "ranger_audit_settings",
+            "display-name": "Ranger Audit",
+            "layout": {
+              "tab-columns": "2",
+              "tab-rows": "2",
+              "sections": [
+                {
+                  "name": "section-ranger-audit-solr",
+                  "display-name": "Audit to Solr",
+                  "row-index": "0",
+                  "column-index": "0",
+                  "row-span": "1",
+                  "column-span": "1",
+                  "section-columns": "1",
+                  "section-rows": "1",
+                  "subsections": [
+                    {
+                      "name": "subsection-ranger-solr-row1-col1",
+                      "row-index": "0",
+                      "column-index": "0",
+                      "row-span": "1",
+                      "column-span": "1"
+                    }
+                  ]
+                },
+                {
+                  "name": "section-ranger-audit-hdfs",
+                  "display-name": "Audit to HDFS",
+                  "row-index": "0",
+                  "column-index": "1",
+                  "row-span": "1",
+                  "column-span": "1",
+                  "section-columns": "1",
+                  "section-rows": "1",
+                  "subsections": [
+                    {
+                      "name": "subsection-ranger-hdfs-row1-col2",
+                      "row-index": "0",
+                      "column-index": "0",
+                      "row-span": "1",
+                      "column-span": "1"
+                    }
+                  ]
+                }
+              ]
+            }
+          },
+          {
             "name": "ranger_tagsync",
             "display-name": "Ranger Tagsync",
             "layout": {
@@ -310,7 +358,11 @@
           ]
         },
         {
-          "config": "ranger-admin-site/ranger.is.solr.kerberised",
+          "config": "ranger-env/xasecure.audit.destination.solr",
+          "subsection-name": "subsection-ranger-solr-row1-col1"
+        },
+        {
+          "config": "ranger-env/is_solrCloud_enabled",
           "subsection-name": "subsection-ranger-solr-row1-col1",
           "depends-on": [
             {
@@ -330,6 +382,169 @@
               }
             }
           ]
+        },
+        {
+          "config": "ranger-env/is_external_solrCloud_enabled",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/xasecure.audit.destination.solr",
+                "ranger-env/is_solrCloud_enabled"
+              ],
+              "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
+        },
+        {
+          "config": "ranger-env/is_external_solrCloud_kerberos",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/xasecure.audit.destination.solr",
+                "ranger-env/is_solrCloud_enabled",
+                "ranger-env/is_external_solrCloud_enabled"
+              ],
+              "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled} && ${ranger-env/is_external_solrCloud_enabled}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
+        },
+        {
+          "config": "ranger-admin-site/ranger.audit.solr.urls",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/is_solrCloud_enabled",
+                "ranger-env/xasecure.audit.destination.solr"
+              ],
+              "if": "${ranger-env/is_solrCloud_enabled} === false && ${ranger-env/xasecure.audit.destination.solr}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
+        },
+        {
+          "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/is_solrCloud_enabled",
+                "ranger-env/xasecure.audit.destination.solr"
+              ],
+              "if": "${ranger-env/is_solrCloud_enabled} && ${ranger-env/xasecure.audit.destination.solr}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
+        },
+        {
+          "config": "ranger-admin-site/ranger.audit.solr.username",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/xasecure.audit.destination.solr"
+              ],
+              "if": "${ranger-env/xasecure.audit.destination.solr}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
+        },
+        {
+          "config": "ranger-admin-site/ranger.audit.solr.password",
+          "subsection-name": "subsection-ranger-solr-row1-col1",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/xasecure.audit.destination.solr"
+              ],
+              "if": "${ranger-env/xasecure.audit.destination.solr}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
+        },
+        {
+          "config": "ranger-env/xasecure.audit.destination.hdfs",
+          "subsection-name": "subsection-ranger-hdfs-row1-col2"
+        },
+        {
+          "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+          "subsection-name": "subsection-ranger-hdfs-row1-col2",
+          "depends-on": [
+            {
+              "configs":[
+                "ranger-env/xasecure.audit.destination.hdfs"
+              ],
+              "if": "${ranger-env/xasecure.audit.destination.hdfs}",
+              "then": {
+                "property_value_attributes": {
+                  "visible": true
+                }
+              },
+              "else": {
+                "property_value_attributes": {
+                  "visible": false
+                }
+              }
+            }
+          ]
         }
       ]
     },
@@ -413,10 +628,64 @@
         }
       },
       {
-        "config": "ranger-admin-site/ranger.is.solr.kerberised",
+        "config": "ranger-env/xasecure.audit.destination.solr",
+        "widget": {
+          "type": "toggle"
+        }
+      },
+      {
+        "config": "ranger-env/is_solrCloud_enabled",
+        "widget": {
+          "type": "toggle"
+        }
+      },
+      {
+        "config": "ranger-env/is_external_solrCloud_enabled",
+        "widget": {
+          "type": "toggle"
+        }
+      },
+      {
+        "config": "ranger-env/is_external_solrCloud_kerberos",
+        "widget": {
+          "type": "toggle"
+        }
+      },
+      {
+        "config": "ranger-admin-site/ranger.audit.solr.urls",
+        "widget": {
+          "type": "text-field"
+        }
+      },
+      {
+        "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+        "widget": {
+          "type": "text-field"
+        }
+      },
+      {
+        "config": "ranger-admin-site/ranger.audit.solr.username",
+        "widget": {
+          "type": "text-field"
+        }
+      },
+      {
+        "config": "ranger-admin-site/ranger.audit.solr.password",
+        "widget": {
+          "type": "password"
+        }
+      },
+      {
+        "config": "ranger-env/xasecure.audit.destination.hdfs",
         "widget": {
           "type": "toggle"
         }
+      },
+      {
+        "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+        "widget": {
+          "type": "text-field"
+        }
       }
     ]
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
index 1c869ed..d3f9143 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/configuration/ranger-storm-audit.xml
@@ -54,140 +54,4 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{storm_jaas_principal}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{storm_keytab_path}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json b/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
index f9fa30d..3068226 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
@@ -55,6 +55,16 @@
             "nimbus.supervisor.users": "['{{storm_bare_jaas_principal}}']",
             "ui.filter.params": "{'type': 'kerberos', 'kerberos.principal': '{{storm_ui_jaas_principal}}', 'kerberos.keytab': '{{storm_ui_keytab_path}}', 'kerberos.name.rules': 'DEFAULT'}"
           }
+        },
+        {
+          "ranger-storm-audit": {
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+          }
         }
       ],
       "components": [
@@ -94,6 +104,15 @@
                 },
                 "configuration": "storm-env/nimbus_keytab"
               }
+            },
+            {
+              "name": "/STORM/NIMBUS/nimbus_server",
+              "principal": {
+                "configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
             }
           ]
         },

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
index c49e18e..b295cc9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
@@ -303,6 +303,15 @@
             <transfer operation="delete" delete-key="ranger.sso.cookiename" />
             <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" />
           </definition>
+
+          <definition xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag">
+            <condition type="ranger-env" key="is_solrCloud_enabled" value="true">
+              <type>ranger-env</type>
+              <key>is_external_solrCloud_enabled</key>
+              <value>true</value>
+            </condition>
+          </definition>
+
         </changes>
       </component>
     </service>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
index 133db26..7197e29 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
@@ -383,6 +383,10 @@
         <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/>
       </execute-stage>
 
+      <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+        <task xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag"/>
+      </execute-stage>
+
       <execute-stage service="RANGER" component="RANGER_ADMIN" title="Calculating Ranger Properties">
         <task xsi:type="server_action" summary="Calculating Ranger Properties" class="org.apache.ambari.server.serveraction.upgrades.RangerKerberosConfigCalculation"/>
       </execute-stage>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
index ff5d4d9..7a3a19e 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
@@ -547,6 +547,7 @@
           <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties" />
           <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site" />
           <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property" />
+          <task xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag"/>
 
           <task xsi:type="server_action" summary="Calculating Ranger Properties" class="org.apache.ambari.server.serveraction.upgrades.RangerKerberosConfigCalculation"/>
           <task xsi:type="server_action" summary="Configuring Ranger Alerts" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction"/>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
index 473d8a0..d230a68 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
@@ -159,6 +159,15 @@
             <transfer operation="delete" delete-key="ranger.sso.cookiename" />
             <transfer operation="delete" delete-key="ranger.sso.query.param.originalurl" />
           </definition>
+
+          <definition xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag">
+            <condition type="ranger-env" key="is_solrCloud_enabled" value="true">
+              <type>ranger-env</type>
+              <key>is_external_solrCloud_enabled</key>
+              <value>true</value>
+            </condition>
+          </definition>
+
         </changes>
       </component>
     </service>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
index d648638..902c421 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
@@ -313,6 +313,10 @@
         <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property"/>
       </execute-stage>
 
+      <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin">
+        <task xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag"/>
+      </execute-stage>
+
       <execute-stage service="RANGER" component="RANGER_ADMIN" title="Calculating Ranger Properties">
         <task xsi:type="server_action" summary="Calculating Ranger Properties" class="org.apache.ambari.server.serveraction.upgrades.RangerKerberosConfigCalculation"/>
       </execute-stage>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
index e67aebb..2168868 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
@@ -542,6 +542,7 @@
           <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_admin_properties" />
           <task xsi:type="configure" id="hdp_2_5_0_0_remove_audit_db_ranger_admin_site" />
           <task xsi:type="configure" id="hdp_2_5_0_0_remove_sso_property" />
+          <task xsi:type="configure" id="hdp_2_5_0_0_set_external_solrCloud_flag"/>
 
           <task xsi:type="server_action" summary="Calculating Ranger Properties" class="org.apache.ambari.server.serveraction.upgrades.RangerKerberosConfigCalculation"/>
           <task xsi:type="server_action" summary="Configuring Ranger Alerts" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction"/>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
index ac22729..efeea5f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/ATLAS/configuration/ranger-atlas-audit.xml
@@ -128,139 +128,4 @@
     <on-ambari-upgrade add="true"/>
   </property>
 
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{atlas_jaas_principal}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{atlas_keytab_path}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
index cc9f0d2..d3f9143 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/configuration/ranger-hbase-audit.xml
@@ -54,140 +54,4 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{master_jaas_princ}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{master_keytab_path}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json
index ada02ad..501bcd3 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HBASE/kerberos.json
@@ -43,6 +43,16 @@
             "hbase.bulkload.staging.dir": "/apps/hbase/staging",
             "hbase.master.ui.readonly": "true"
           }
+        },
+        {
+          "ranger-hbase-audit": {
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+          }
         }
       ],
       "components": [
@@ -81,6 +91,15 @@
               "keytab": {
                 "configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.keytab"
               }
+            },
+            {
+              "name": "/HBASE/HBASE_MASTER/hbase_master_hbase",
+              "principal": {
+                "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-hbase-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
             }
           ]
         },

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
index 0a04953..fad3da7 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/configuration/ranger-hdfs-audit.xml
@@ -56,139 +56,4 @@
     <on-ambari-upgrade add="false"/>
   </property>
 
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{nn_principal_name}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{nn_keytab}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
new file mode 100644
index 0000000..974a69c
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -0,0 +1,246 @@
+{
+  "services": [
+    {
+      "name": "HDFS",
+      "identities": [
+        {
+          "name": "/spnego",
+          "principal": {
+            "configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
+          },
+          "keytab": {
+            "configuration": "hdfs-site/dfs.web.authentication.kerberos.keytab"
+          }
+        },
+        {
+          "name": "/smokeuser"
+        }
+      ],
+      "auth_to_local_properties" : [
+        "core-site/hadoop.security.auth_to_local"
+      ],
+      "configurations": [
+        {
+          "core-site": {
+            "hadoop.security.authentication": "kerberos",
+            "hadoop.security.authorization": "true",
+            "hadoop.proxyuser.HTTP.groups": "${hadoop-env/proxyuser_group}"
+          }
+        },
+        {
+          "ranger-hdfs-audit": {
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name":  "HDFS_CLIENT",
+          "identities": [
+            {
+              "name": "/HDFS/NAMENODE/hdfs"
+            }
+          ]
+        },
+        {
+          "name": "NAMENODE",
+          "identities": [
+            {
+              "name": "hdfs",
+              "principal": {
+                "value": "${hadoop-env/hdfs_user}-${cluster_name|toLower()}@${realm}",
+                "type" : "user" ,
+                "configuration": "hadoop-env/hdfs_principal_name",
+                "local_username" : "${hadoop-env/hdfs_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/hdfs.headless.keytab",
+                "owner": {
+                  "name": "${hadoop-env/hdfs_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": "r"
+                },
+                "configuration": "hadoop-env/hdfs_user_keytab"
+              }
+            },
+            {
+              "name": "namenode_nn",
+              "principal": {
+                "value": "nn/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "hdfs-site/dfs.namenode.kerberos.principal",
+                "local_username" : "${hadoop-env/hdfs_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/nn.service.keytab",
+                "owner": {
+                  "name": "${hadoop-env/hdfs_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "hdfs-site/dfs.namenode.keytab.file"
+              }
+            },
+            {
+              "name": "/spnego",
+              "principal": {
+                "configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal"
+              }
+            },
+            {
+              "name": "/HDFS/NAMENODE/namenode_nn",
+              "principal": {
+                "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal"                
+              },
+              "keytab": {
+                "configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
+            }
+          ],
+          "configurations": [
+            {
+              "hdfs-site": {
+                "dfs.block.access.token.enable": "true"
+              }
+            }
+          ]
+        },
+        {
+          "name": "DATANODE",
+          "identities": [
+            {
+              "name": "datanode_dn",
+              "principal": {
+                "value": "dn/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "hdfs-site/dfs.datanode.kerberos.principal",
+                "local_username" : "${hadoop-env/hdfs_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/dn.service.keytab",
+                "owner": {
+                  "name": "${hadoop-env/hdfs_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "hdfs-site/dfs.datanode.keytab.file"
+              }
+            }
+          ],
+          "configurations" : [
+            {
+              "hdfs-site" : {
+                "dfs.datanode.address" : "0.0.0.0:1019",
+                "dfs.datanode.http.address": "0.0.0.0:1022"
+              }
+            }
+          ]
+        },
+        {
+          "name": "SECONDARY_NAMENODE",
+          "identities": [
+            {
+              "name": "secondary_namenode_nn",
+              "principal": {
+                "value": "nn/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal",
+                "local_username" : "${hadoop-env/hdfs_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/nn.service.keytab",
+                "owner": {
+                  "name": "${hadoop-env/hdfs_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "hdfs-site/dfs.secondary.namenode.keytab.file"
+              }
+            },
+            {
+              "name": "/spnego",
+              "principal": {
+                "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal"
+              }
+            }
+          ]
+        },
+        {
+          "name": "NFS_GATEWAY",
+          "identities": [
+            {
+              "name": "nfsgateway",
+              "principal": {
+                "value": "nfs/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "hdfs-site/nfs.kerberos.principal",
+                "local_username" : "${hadoop-env/hdfs_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/nfs.service.keytab",
+                "owner": {
+                  "name": "${hadoop-env/hdfs_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "hdfs-site/nfs.keytab.file"
+              }
+            }
+          ]
+        },
+        {
+          "name": "JOURNALNODE",
+          "identities": [
+            {
+              "name": "journalnode_jn",
+              "principal": {
+                "value": "jn/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "hdfs-site/dfs.journalnode.kerberos.principal",
+                "local_username" : "${hadoop-env/hdfs_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/jn.service.keytab",
+                "owner": {
+                  "name": "${hadoop-env/hdfs_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "hdfs-site/dfs.journalnode.keytab.file"
+              }
+            },
+            {
+              "name": "/spnego",
+              "principal": {
+                "configuration": "hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
index 671c08e..d3f9143 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/configuration/ranger-hive-audit.xml
@@ -54,140 +54,4 @@
     <deleted>true</deleted>
     <on-ambari-upgrade add="false"/>
   </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{hive_principal}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{hive_keytab}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
index f9a0caf..499aa32 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
@@ -34,6 +34,16 @@
             "hadoop.security.authorization": "true",
             "hive.llap.daemon.work.dirs": "/hadoop/llap/local"
           }
+        },
+        {
+          "ranger-hive-audit": {
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+          }
         }
       ],
       "components": [
@@ -95,6 +105,15 @@
               "keytab": {
                 "configuration": "hive-site/hive.server2.authentication.spnego.keytab"
               }
+            },
+            {
+              "name": "/HIVE/HIVE_SERVER/hive_server_hive",
+              "principal": {
+                "configuration": "ranger-hive-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-hive-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
             }
           ]
         },

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
index 6aca7e7..fff9132 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/configuration/ranger-kafka-audit.xml
@@ -55,139 +55,4 @@
     <on-ambari-upgrade add="false"/>
   </property>
 
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{kafka_jaas_principal}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{kafka_keytab_path}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json
new file mode 100644
index 0000000..e1e6461
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/kerberos.json
@@ -0,0 +1,69 @@
+{
+  "services": [
+    {
+      "name": "KAFKA",
+      "identities": [
+        {
+          "name": "/smokeuser"
+        }
+      ],
+      "configurations": [
+        {
+          "kafka-broker": {
+              "authorizer.class.name": "kafka.security.auth.SimpleAclAuthorizer",
+              "principal.to.local.class":"kafka.security.auth.KerberosPrincipalToLocal",
+              "super.users": "user:${kafka-env/kafka_user}",
+              "security.inter.broker.protocol": "PLAINTEXTSASL",
+              "zookeeper.set.acl": "true"
+          }
+        },
+        {
+          "ranger-kafka-audit": {
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name": "KAFKA_BROKER",
+          "identities": [
+            {
+              "name": "kafka_broker",
+              "principal": {
+                "value": "${kafka-env/kafka_user}/_HOST@${realm}",
+                "type": "service",
+                "configuration": "kafka-env/kafka_principal_name"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/kafka.service.keytab",
+                "owner": {
+                  "name": "${kafka-env/kafka_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "kafka-env/kafka_keytab"
+              }
+            },
+            {
+              "name": "/KAFKA/KAFKA_BROKER/kafka_broker",
+              "principal": {
+                "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/567037bb/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
index bdd1994..fff9132 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KNOX/configuration/ranger-knox-audit.xml
@@ -55,139 +55,4 @@
     <on-ambari-upgrade add="false"/>
   </property>
 
-  <property>
-    <name>xasecure.audit.jaas.Client.option.principal</name>
-    <value>{{knox_principal_name}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.keyTab</name>
-    <value>{{knox_keytab_path}}</value>
-    <description/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.loginModuleControlFlag</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.useKeyTab</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.storeKey</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.storeKey</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
-
-  <property>
-    <name>xasecure.audit.jaas.Client.option.serviceName</name>
-    <value></value>
-    <description/>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>xasecure.audit.jaas.Client.option.serviceName</name>
-      </property>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>xasecure.audit.destination.solr.force.use.inmemory.jaas.config</name>
-    <value>false</value>
-    <description/>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>ranger-admin-site</type>
-        <name>ranger.is.solr.kerberised</name>
-      </property>
-    </depends-on>
-    <on-ambari-upgrade add="true"/>
-  </property>
 </configuration>


Mime
View raw message