ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jmar...@apache.org
Subject [09/58] [partial] ambari git commit: [RTC 136620]: Introduce BigInsights stacks on Ambari 2.4 branch
Date Wed, 17 Aug 2016 00:33:03 GMT
http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/params.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/params.py
new file mode 100644
index 0000000..3e67850
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/params.py
@@ -0,0 +1,184 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.version import format_hdp_stack_version
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.version import compare_versions
+from resource_management.libraries.functions.constants import Direction
+
+# a map of the Ambari role to the component name
+# for use with /usr/iop/current/<component>
+SERVER_ROLE_DIRECTORY_MAP = {
+  'RANGER_ADMIN' : 'ranger-admin',
+  'RANGER_USERSYNC' : 'ranger-usersync'
+}
+
+component_directory = Script.get_component_from_role(SERVER_ROLE_DIRECTORY_MAP, "RANGER_ADMIN")
+
+config  = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+version = default("/commandParams/version", None)
+host_sys_prepped = default("/hostLevelParams/host_sys_prepped", False)
+
+stack_version_unformatted = str(config['hostLevelParams']['stack_version'])
+hdp_stack_version = format_hdp_stack_version(stack_version_unformatted)
+
+xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
+
+create_db_dbuser = config['configurations']['ranger-env']['create_db_dbuser']
+
+downgrade_from_version = default("/commandParams/downgrade_from_version", None)
+upgrade_direction = default("/commandParams/upgrade_direction", None)
+ranger_home    = '/usr/iop/current/ranger-admin'
+# ranger_conf    = '/etc/ranger/admin/conf'  # commented as we have below 
+ranger_stop    = '/usr/bin/ranger-admin-stop'
+ranger_start   = '/usr/bin/ranger-admin-start'
+usersync_home  = '/usr/iop/current/ranger-usersync'
+usersync_start = '/usr/bin/ranger-usersync-start'
+usersync_stop  = '/usr/bin/ranger-usersync-stop'
+#ranger_ugsync_conf = '/etc/ranger/usersync/conf' # commented as we have below 
+
+ranger_conf = '/usr/iop/current/ranger-admin/conf'
+ranger_ugsync_conf = '/usr/iop/current/ranger-usersync/conf'
+
+usersync_services_file = "/usr/iop/current/ranger-usersync/ranger-usersync-services.sh"
+
+java_home = config['hostLevelParams']['java_home']
+unix_user  = config['configurations']['ranger-env']['ranger_user']
+unix_group = config['configurations']['ranger-env']['ranger_group']
+ranger_pid_dir = config['configurations']['ranger-env']['ranger_pid_dir']
+usersync_log_dir = default("/configurations/ranger-env/ranger_usersync_log_dir", "/var/log/ranger/usersync")
+admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir", "/var/log/ranger/admin")
+ranger_admin_default_file = format('{ranger_conf}/ranger-admin-default-site.xml')
+security_app_context_file = format('{ranger_conf}/security-applicationContext.xml')
+ranger_ugsync_default_file = format('{ranger_ugsync_conf}/ranger-ugsync-default.xml')
+usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.xml')
+cred_validator_file = format('{usersync_home}/native/credValidator.uexe')
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+db_flavor =  (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+usersync_exturl =  config['configurations']['admin-properties']['policymgr_external_url']
+ranger_host = config['clusterHostInfo']['ranger_admin_hosts'][0]
+ugsync_host = 'localhost'
+usersync_host_info = config['clusterHostInfo']['ranger_usersync_hosts']
+if not is_empty(usersync_host_info) and len(usersync_host_info) > 0:
+  ugsync_host = config['clusterHostInfo']['ranger_usersync_hosts'][0]
+ranger_external_url = config['configurations']['admin-properties']['policymgr_external_url']
+ranger_db_name = config['configurations']['admin-properties']['db_name']
+ranger_auditdb_name = config['configurations']['admin-properties']['audit_db_name']
+
+sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+db_root_user = config['configurations']['admin-properties']['db_root_user']
+db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
+db_host =  config['configurations']['admin-properties']['db_host']
+ranger_db_user = config['configurations']['admin-properties']['db_user']
+ranger_audit_db_user = config['configurations']['admin-properties']['audit_db_user']
+ranger_db_password = unicode(config['configurations']['admin-properties']['db_password'])
+
+#ranger-env properties
+oracle_home = default("/configurations/ranger-env/oracle_home", "-")
+
+#For curl command in ranger to get db connector
+jdk_location = config['hostLevelParams']['jdk_location'] 
+java_share_dir = '/usr/share/java'
+if db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+  audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}')
+  jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
+elif db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
+  jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
+  colon_count = db_host.count(':')
+  if colon_count == 2 or colon_count == 0:
+    audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}')
+  else:
+    audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}')
+elif db_flavor.lower() == 'postgres':
+  jdbc_jar_name = "postgresql.jar"
+  jdbc_symlink_name = "postgres-jdbc-driver.jar"
+  audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}')
+  jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
+elif db_flavor.lower() == 'mssql':
+  jdbc_jar_name = "sqljdbc4.jar"
+  jdbc_symlink_name = "mssql-jdbc-driver.jar"
+  audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}')
+  jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
+elif db_flavor.lower() == 'sqla':
+  jdbc_jar_name = "sajdbc4.jar"
+  jdbc_symlink_name = "sqlanywhere-jdbc-driver.tar.gz"
+  audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}')
+  jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+
+if db_flavor.lower() == 'sqla':
+  downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
+  jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/{jdbc_jar_name}")
+  libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
+  jdbc_libs_dir = format("{ranger_home}/native/lib64")
+  ld_lib_path = format("{jdbc_libs_dir}")
+
+#for db connection
+check_db_connection_jar_name = "DBConnectionVerification.jar"
+check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
+ranger_jdbc_connection_url = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.url"]
+ranger_jdbc_driver = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.driver"]
+
+ranger_credential_provider_path = config["configurations"]["ranger-admin-site"]["ranger.credential.provider.path"]
+ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"]
+ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"])
+
+ranger_jpa_audit_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.audit.jdbc.credential.alias"]
+ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"])
+
+ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"]
+cred_lib_path = os.path.join(ranger_home,"cred","lib","*")
+cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+ranger_audit_source_type = config["configurations"]["ranger-admin-site"]["ranger.audit.source.type"]
+
+if xml_configurations_supported:
+  ranger_usersync_keystore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.password"])
+  ranger_usersync_ldap_ldapbindpassword = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.ldapbindpassword"])
+  ranger_usersync_truststore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.truststore.password"])
+  ranger_usersync_keystore_file = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.file"]
+  default_dn_name = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
+
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
+is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
+ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"]
+ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
+ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
+ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]
+current_host = config['hostname']
+if current_host in ranger_admin_hosts:
+  ranger_host = current_host

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_admin.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_admin.py
new file mode 100644
index 0000000..bf99928
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_admin.py
@@ -0,0 +1,125 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+import upgrade
+import os, errno
+
+class RangerAdmin(Script):
+
+  upgrade_marker_file = '/tmp/rangeradmin_ru.inprogress'
+
+  def get_stack_to_component(self):
+    return {"BigInsights": "ranger-admin"}
+
+  def install(self, env):
+    self.install_packages(env)
+    import params
+    env.set_params(params)
+    if params.xml_configurations_supported:
+      from setup_ranger_xml import setup_ranger_db
+      setup_ranger_db()
+
+    self.configure(env)
+
+    if params.xml_configurations_supported:
+      from setup_ranger_xml import setup_java_patch
+      setup_java_patch()
+
+  def stop(self, env, upgrade_type=None):
+    import params
+
+    env.set_params(params)
+    Execute(format('{params.ranger_stop}'), environment={'JAVA_HOME': params.java_home},
user=params.unix_user)
+
+
+  def pre_upgrade_restart(self, env, upgrade_type=None):
+    import params
+    env.set_params(params)
+
+    upgrade.prestart(env, "ranger-admin")
+
+    if params.xml_configurations_supported:
+      from setup_ranger_xml import ranger, setup_ranger_db, setup_java_patch
+      ranger('ranger_admin', upgrade_type=upgrade_type)
+      setup_ranger_db(upgrade_type=upgrade_type)
+      setup_java_patch(upgrade_type=upgrade_type)
+
+    self.set_ru_rangeradmin_in_progress()
+
+  def post_upgrade_restart(self,env, upgrade_type=None):
+     if os.path.isfile(RangerAdmin.upgrade_marker_file):
+        os.remove(RangerAdmin.upgrade_marker_file) 
+
+  def start(self, env, upgrade_type=None):
+    import params
+    env.set_params(params)
+    self.configure(env)
+    ranger_service('ranger_admin')
+
+
+  def status(self, env):
+    cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
+    code, output = shell.call(cmd, timeout=20)
+
+    if code != 0:
+      if self.is_ru_rangeradmin_in_progress():
+         Logger.info('Ranger admin process not running - skipping as rolling upgrade is in
progress')
+      else:
+         Logger.debug('Ranger admin process not running')
+         raise ComponentIsNotRunning()
+    pass
+
+  def configure(self, env):
+    import params
+    env.set_params(params)
+    if params.xml_configurations_supported:
+      from setup_ranger_xml import ranger
+    else:
+      from setup_ranger import ranger
+
+    ranger('ranger_admin')
+
+  def set_ru_rangeradmin_in_progress(self):
+    config_dir = os.path.dirname(RangerAdmin.upgrade_marker_file)
+    try:
+       msg = "Starting Upgrade"
+       if (not os.path.exists(config_dir)):
+          os.makedirs(config_dir)
+       ofp = open(RangerAdmin.upgrade_marker_file, 'w')
+       ofp.write(msg)
+       ofp.close()
+    except OSError as exc:
+       if exc.errno == errno.EEXIST and os.path.isdir(config_dir): 
+          pass
+       else:
+          raise
+
+  def is_ru_rangeradmin_in_progress(self):
+    return os.path.isfile(RangerAdmin.upgrade_marker_file)
+
+if __name__ == "__main__":
+  RangerAdmin().execute()
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_service.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_service.py
new file mode 100644
index 0000000..3458acd
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_service.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management import *
+
+def ranger_service(name, action=None):
+  import params
+  env_dict = {'JAVA_HOME': params.java_home}
+  if params.db_flavor.lower() == 'sqla':
+    env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_lib_path}
+  
+  if name == 'ranger_admin':
+    no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
+    Execute(params.ranger_start, environment=env_dict, user=params.unix_user, not_if=no_op_test)
+  elif name == 'ranger_usersync':
+    no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
+
+    # Assume we always need this, need to verify - this was hdp23 specific 
+    Execute(('chown','-R', format('{unix_user}:{unix_group}'), format('{usersync_log_dir}/')),
sudo=True)
+    Execute(params.usersync_start,
+              environment=env_dict,
+              not_if=no_op_test,
+              user=params.unix_user,
+    )
+    # else:  # we need to verify which version to run as
+      # Usersync requires to be run as root for 2.2
+     # Execute((params.usersync_start,),
+     #         environment={'JAVA_HOME': params.java_home},        
+     #         not_if=no_op_test,
+     #         sudo=True,
+     # )

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_usersync.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_usersync.py
new file mode 100644
index 0000000..6cdf723
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/ranger_usersync.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+import upgrade
+
+class RangerUsersync(Script):
+  
+  def install(self, env):
+    self.install_packages(env)
+    self.configure(env)
+    
+  def configure(self, env):
+    import params
+    env.set_params(params)
+
+    if params.xml_configurations_supported:
+      from setup_ranger_xml import ranger
+    else:
+      from setup_ranger import ranger    
+    
+    ranger('ranger_usersync')
+    
+  def start(self, env, upgrade_type=None):
+    import params
+    env.set_params(params)
+    
+    self.configure(env)
+    ranger_service('ranger_usersync')
+    
+  def stop(self, env, upgrade_type=None):
+    import params
+    env.set_params(params)
+    
+    Execute((params.usersync_stop,), environment={'JAVA_HOME': params.java_home}, sudo=True)
+    
+  def status(self, env):
+    cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
+    code, output = shell.call(cmd, timeout=20)
+
+    if code != 0:
+      Logger.debug('Ranger usersync process not running')
+      raise ComponentIsNotRunning()
+    pass
+
+  def pre_upgrade_restart(self, env, upgrade_type=None):
+    import params
+    env.set_params(params)
+    upgrade.prestart(env, "ranger-usersync")
+
+    if params.xml_configurations_supported:
+      from setup_ranger_xml import ranger
+      ranger('ranger_usersync', upgrade_type=upgrade_type)
+  def get_stack_to_component(self):
+    return {"BigInsights": "ranger-usersync"}
+
+
+if __name__ == "__main__":
+  RangerUsersync().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/service_check.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/service_check.py
new file mode 100644
index 0000000..699e3c4
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/service_check.py
@@ -0,0 +1,51 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+import os
+
+
+class RangerServiceCheck(Script):
+
+  upgrade_marker_file = '/tmp/rangeradmin_ru.inprogress'
+
+  def service_check(self, env):
+    import params
+
+    env.set_params(params)
+    self.check_ranger_admin_service(params.ranger_external_url)
+
+  def check_ranger_admin_service(self, ranger_external_url):
+    if (self.is_ru_rangeradmin_in_progress()):
+      Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+    else:
+      Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp
| grep 200"),
+        tries = 10,
+        try_sleep=3,
+        logoutput=True)
+
+  def is_ru_rangeradmin_in_progress(self):
+    return os.path.isfile(RangerServiceCheck.upgrade_marker_file)
+
+if __name__ == "__main__":
+  RangerServiceCheck().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger.py
new file mode 100644
index 0000000..2379dd3
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger.py
@@ -0,0 +1,137 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import sys
+import fileinput
+import os
+from resource_management import *
+from resource_management.core.logger import Logger
+
+def ranger(name=None):
+  if name == 'ranger_admin':
+    setup_ranger_admin()
+
+  if name == 'ranger_usersync':
+    setup_usersync()
+
+def setup_ranger_admin():
+  import params
+
+  check_db_connnection()
+  
+  File(params.downloaded_custom_connector,
+      content = DownloadSource(params.driver_curl_source),
+      mode = 0644
+  )
+
+  Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+          path=["/bin", "/usr/bin/"],
+          sudo=True)
+
+  File(params.driver_curl_target, mode=0644)
+  
+  ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+    properties = params.config['configurations']['admin-properties']
+  )
+
+  custom_config = dict()
+  custom_config['unix_user'] = params.unix_user
+  custom_config['unix_group'] = params.unix_group
+
+  ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+    properties=custom_config
+  )
+  ##if db flavor == oracle - set oracle home env variable
+  if params.db_flavor.lower() == 'oracle' and params.oracle_home:
+    env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}

+  else: 
+    env_dict = {'JAVA_HOME': params.java_home}
+  
+  setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
+  Execute(setup_sh, 
+          environment=env_dict, 
+          logoutput=True,
+  )
+  
+  ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"),
+       properties = params.config['configurations']['ranger-site'],
+  )
+
+  ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"),
+    properties = params.config['configurations']['ranger-site'],
+    mode=0744
+  )
+
+  Directory(params.admin_log_dir,
+    owner = params.unix_user,
+    group = params.unix_group
+  )
+
+def setup_usersync():
+  import params
+
+  PropertiesFile(format("{usersync_home}/install.properties"),
+    properties = params.config['configurations']['usersync-properties'],
+  )
+
+  custom_config = dict()
+  custom_config['unix_user'] = params.unix_user
+  custom_config['unix_group'] = params.unix_group
+
+  ModifyPropertiesFile(format("{usersync_home}/install.properties"),
+    properties=custom_config
+  )
+
+  cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')])
+  Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+  
+  File([params.usersync_start, params.usersync_stop],
+       owner = params.unix_user
+  )
+  File(params.usersync_services_file,
+    mode = 0755,
+  )
+
+  Directory(params.usersync_log_dir,
+    owner = params.unix_user,
+    group = params.unix_group
+  )
+
+def check_db_connnection():
+  import params
+
+  Logger.info('Checking DB connection')
+  env_dict = {}
+  if params.db_flavor.lower() == 'mysql':
+    cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password!p}
-h {db_host}  -s -e "select version();"')
+  elif params.db_flavor.lower() == 'oracle':
+    cmd = format("{sql_command_invoker} '{db_root_user}/\"{db_root_password}\"@{db_host}'
AS SYSDBA")
+    env_dict = {'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
+  elif params.db_flavor.lower() == 'postgres':
+    cmd = 'true'
+  elif params.db_flavor.lower() == 'mssql':
+    cmd = 'true'
+
+  try:
+    Execute(cmd,
+      environment=env_dict,
+      logoutput=True)
+  except Fail as ex:
+    Logger.error(str(ex))
+    raise Fail('Ranger Database connection check failed')

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger_xml.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger_xml.py
new file mode 100644
index 0000000..f088784
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/setup_ranger_xml.py
@@ -0,0 +1,383 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+import re
+from resource_management.core.logger import Logger
+from resource_management.core.resources.system import File, Directory, Execute
+from resource_management.core.source import DownloadSource, InlineTemplate
+from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.core.utils import PasswordString
+from resource_management.core.shell import as_sudo
+
+# This file contains functions used for setup/configure of Ranger Admin and Ranger Usersync.
+# The design is to mimic what is done by the setup.sh script bundled by Ranger component
currently.
+
+def ranger(name=None, upgrade_type=None):
+  """
+  parameter name: name of ranger service component
+  """
+  if name == 'ranger_admin':
+    setup_ranger_admin(upgrade_type=upgrade_type)
+
+  if name == 'ranger_usersync':
+    setup_usersync(upgrade_type=upgrade_type)
+
+def setup_ranger_admin(upgrade_type=None):
+  import params
+
+  ranger_home = params.ranger_home
+  ranger_conf = params.ranger_conf
+
+  Directory(ranger_conf,
+    owner = params.unix_user,
+    group = params.unix_group,
+    recursive = True
+  )
+
+  if upgrade_type is not None:
+    ranger_home = format("/usr/iop/current/ranger-admin")
+    ranger_conf = format("/usr/iop/current/ranger-admin/conf")
+
+  File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
+    content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
+    mode = 0644,
+  )
+
+  cp = format("{check_db_connection_jar}")
+  if params.db_flavor.lower() == 'sqla':
+    cp = cp + os.pathsep + format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+  else:
+    cp = cp + os.pathsep + format("{driver_curl_target}")
+  cp = cp + os.pathsep + format("{ranger_home}/ews/webapp/WEB-INF/lib/*")
+
+  db_connection_check_command = format(
+    "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_jdbc_connection_url}'
{ranger_db_user} {ranger_db_password!p} {ranger_jdbc_driver}")
+
+  env_dict = {}
+  if params.db_flavor.lower() == 'sqla':
+    env_dict = {'LD_LIBRARY_PATH':params.ld_lib_path}
+
+  Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin',
tries=5, try_sleep=10, environment=env_dict)
+
+  Execute(('ln','-sf', format('{ranger_home}/ews/webapp/WEB-INF/classes/conf'), format('{ranger_home}/conf')),
+    not_if=format("ls {ranger_home}/conf"),
+    only_if=format("ls {ranger_home}/ews/webapp/WEB-INF/classes/conf"),
+    sudo=True)
+
+  if upgrade_type is not None:
+    src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+    dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+    Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+    src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+    dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+
+    Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+  Execute(('chown','-R',format('{unix_user}:{unix_group}'), format('{ranger_home}/')), sudo=True)
+  Directory(params.admin_log_dir,
+    owner = params.unix_user,
+    group = params.unix_group
+  )
+
+  if os.path.isfile(params.ranger_admin_default_file):
+    File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+
+  if os.path.isfile(params.security_app_context_file):
+    File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+
+  Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
+    not_if=format("ls /usr/bin/ranger-admin"),
+    only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
+    sudo=True)
+
+  XmlConfig("ranger-admin-site.xml",
+    conf_dir=ranger_conf,
+    configurations=params.config['configurations']['ranger-admin-site'],
+    configuration_attributes=params.config['configuration_attributes']['ranger-admin-site'],
+    owner=params.unix_user,
+    group=params.unix_group,
+    mode=0644)
+
+  Directory(os.path.join(ranger_conf,'ranger_jaas'),
+    mode=0700,
+    owner=params.unix_user,
+    group=params.unix_group,
+  )
+
+  do_keystore_setup(upgrade_type=upgrade_type)
+
+
+def setup_ranger_db(upgrade_type=None):
+  import params
+  
+  File(params.downloaded_custom_connector,
+    content = DownloadSource(params.driver_curl_source),
+    mode = 0644
+  )
+
+  Directory(params.java_share_dir,
+    mode=0755,
+    recursive=True,
+    cd_access="a"
+  )
+
+  if params.db_flavor.lower() != 'sqla':
+    Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+      path=["/bin", "/usr/bin/"],
+      sudo=True)
+
+    File(params.driver_curl_target, mode=0644)
+
+  ranger_home = params.ranger_home
+  if upgrade_type is not None:
+    ranger_home = format("/usr/iop/current/ranger-admin")
+
+  if params.db_flavor.lower() == 'sqla':
+    Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo
= True)
+
+    Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(params.ranger_home,
'ews', 'lib')),
+      path=["/bin", "/usr/bin/"],
+      sudo=True)
+
+    Directory(params.jdbc_libs_dir,
+      cd_access="a",
+      recursive=True)
+
+    Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir],
auto_escape=False),
+            path=["/bin", "/usr/bin/"])
+  else:
+    Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(params.ranger_home,
'ews', 'lib')),
+      path=["/bin", "/usr/bin/"],
+      sudo=True)
+
+  File(os.path.join(params.ranger_home, 'ews', 'lib',params.jdbc_jar_name), mode=0644)
+
+  ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+    properties = params.config['configurations']['admin-properties'],
+    owner = params.unix_user,
+  )
+
+  if params.db_flavor.lower() == 'sqla':
+    ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+      properties = {'SQL_CONNECTOR_JAR': format('{ranger_home}/ews/lib/{jdbc_jar_name}')},
+      owner = params.unix_user,
+    )
+
+  env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+  if params.db_flavor.lower() == 'sqla':
+    env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+  # User wants us to setup the DB user and DB?
+  if params.create_db_dbuser:
+    Logger.info('Setting up Ranger DB and DB User')
+    dba_setup = format('python {ranger_home}/dba_script.py -q')
+    Execute(dba_setup, 
+            environment=env_dict,
+            logoutput=True,
+            user=params.unix_user,
+    )
+  else:
+    Logger.info('Separate DBA property not set. Assuming Ranger DB and DB User exists!')
+
+  db_setup = format('python {ranger_home}/db_setup.py')
+  Execute(db_setup, 
+          environment=env_dict,
+          logoutput=True,
+          user=params.unix_user,
+  )
+
+
+def setup_java_patch(upgrade_type=None):
+  import params
+
+  ranger_home = params.ranger_home
+  if upgrade_type is not None:
+    ranger_home = format("/usr/iop/current/ranger-admin")
+
+  env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+  if params.db_flavor.lower() == 'sqla':
+    env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+  setup_java_patch = format('python {ranger_home}/db_setup.py -javapatch')
+  Execute(setup_java_patch, 
+          environment=env_dict,
+          logoutput=True,
+          user=params.unix_user,
+  )
+
+
+def do_keystore_setup(upgrade_type=None):
+  import params
+
+  ranger_home = params.ranger_home
+  cred_lib_path = params.cred_lib_path
+  cred_setup_prefix = params.cred_setup_prefix
+
+  if upgrade_type is not None:
+    ranger_home = format("/usr/iop/current/ranger-admin")
+    cred_lib_path = os.path.join(ranger_home,"cred","lib","*")
+    cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+
+  if not is_empty(params.ranger_credential_provider_path):    
+    jceks_path = params.ranger_credential_provider_path
+    cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_jdbc_credential_alias,
'-v', PasswordString(params.ranger_ambari_db_password), '-c', '1')
+
+    Execute(cred_setup, 
+            environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home},

+            logoutput=True, 
+            sudo=True
+    )
+    File(params.ranger_credential_provider_path,
+      owner = params.unix_user,
+      group = params.unix_group,
+      mode = 0640
+    )
+
+  if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower()
== 'db' and not is_empty(params.ranger_ambari_audit_db_password):
+    jceks_path = params.ranger_credential_provider_path
+    cred_setup = cred_setup_prefix + ('-f', jceks_path, '-k', params.ranger_jpa_audit_jdbc_credential_alias,
'-v', PasswordString(params.ranger_ambari_audit_db_password), '-c', '1')
+    Execute(cred_setup, 
+            environment={'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME': params.java_home},

+            logoutput=True, 
+            sudo=True
+    )
+
+    File(params.ranger_credential_provider_path,
+      owner = params.unix_user,
+      group = params.unix_group,
+      mode = 0640
+    )
+
+def password_validation(password):
+  import params
+  if password.strip() == "":
+    raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+  if re.search("[\\\`'\"]",password):
+    raise Fail("LDAP/AD bind password contains one of the unsupported special characters
like \" ' \ `")
+  else:
+    Logger.info("password validated")
+ 
+def setup_usersync(upgrade_type=None):
+  import params
+
+  usersync_home = params.usersync_home
+  ranger_home = params.ranger_home
+  ranger_ugsync_conf = params.ranger_ugsync_conf
+
+  if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source
== 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+    password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
+  if upgrade_type is not None:
+    usersync_home = format("/usr/iop/current/ranger-usersync")
+    ranger_home = format("/usr/iop/current/ranger-admin")
+    ranger_ugsync_conf = format("/usr/iop/current/ranger-usersync/conf")
+
+  Directory(params.ranger_pid_dir,
+    mode=0750,
+    owner = params.unix_user,
+    group = params.unix_group
+  )  
+
+  Directory(params.usersync_log_dir,
+    owner = params.unix_user,
+    group = params.unix_group
+  )
+  
+  Directory(format("{ranger_ugsync_conf}/"),
+       owner = params.unix_user
+  )
+
+  if upgrade_type is not None:
+    src_file = format('{usersync_home}/conf.dist/ranger-ugsync-default.xml')
+    dst_file = format('{usersync_home}/conf/ranger-ugsync-default.xml')
+    Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+    src_file = format('{usersync_home}/conf.dist/log4j.xml')
+    dst_file = format('{usersync_home}/conf/log4j.xml')
+    Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+  XmlConfig("ranger-ugsync-site.xml",
+    conf_dir=ranger_ugsync_conf,
+    configurations=params.config['configurations']['ranger-ugsync-site'],
+    configuration_attributes=params.config['configuration_attributes']['ranger-ugsync-site'],
+    owner=params.unix_user,
+    group=params.unix_group,
+    mode=0644)
+
+  if os.path.isfile(params.ranger_ugsync_default_file):
+    File(params.ranger_ugsync_default_file, owner=params.unix_user, group=params.unix_group)
+
+  if os.path.isfile(params.usgsync_log4j_file):
+    File(params.usgsync_log4j_file, owner=params.unix_user, group=params.unix_group)
+
+  if os.path.isfile(params.cred_validator_file):
+    File(params.cred_validator_file, group=params.unix_group, mode=04555)
+
+  cred_file = format('{ranger_home}/ranger_credential_helper.py')
+  if os.path.isfile(format('{usersync_home}/ranger_credential_helper.py')):
+    cred_file = format('{usersync_home}/ranger_credential_helper.py')
+
+  cred_lib = os.path.join(usersync_home,"lib","*")
+  cred_setup_prefix = (cred_file, '-l', cred_lib)
+
+  cred_setup = cred_setup_prefix + ('-f', params.ugsync_jceks_path, '-k', 'usersync.ssl.key.password',
'-v', PasswordString(params.ranger_usersync_keystore_password), '-c', '1')
+  Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+  cred_setup = cred_setup_prefix + ('-f', params.ugsync_jceks_path, '-k', 'ranger.usersync.ldap.bindalias',
'-v', PasswordString(params.ranger_usersync_ldap_ldapbindpassword), '-c', '1')
+  Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+  cred_setup = cred_setup_prefix + ('-f', params.ugsync_jceks_path, '-k', 'usersync.ssl.truststore.password',
'-v', PasswordString(params.ranger_usersync_truststore_password), '-c', '1')
+  Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+  File(params.ugsync_jceks_path,
+       owner = params.unix_user,
+       group = params.unix_group,
+       mode = 0640
+  )
+  
+  File([params.usersync_start, params.usersync_stop],
+       owner = params.unix_user,
+       group = params.unix_group
+  )
+
+  File(params.usersync_services_file,
+    mode = 0755,
+  )
+
+  Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+    not_if=format("ls /usr/bin/ranger-usersync"),
+    only_if=format("ls {usersync_services_file}"),
+    sudo=True)
+
+  if not os.path.isfile(params.ranger_usersync_keystore_file):
+    cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore
'{ranger_usersync_keystore_file}' -keypass {ranger_usersync_keystore_password!p} -storepass
{ranger_usersync_keystore_password!p} -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
+
+    Execute(cmd, logoutput=True, user = params.unix_user)
+
+    File(params.ranger_usersync_keystore_file,
+        owner = params.unix_user,
+        group = params.unix_group,
+        mode = 0640
+    )

http://git-wip-us.apache.org/repos/asf/ambari/blob/66984d9a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/upgrade.py
b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/upgrade.py
new file mode 100644
index 0000000..d0e0c78
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/package/scripts/upgrade.py
@@ -0,0 +1,30 @@
+
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import iop_select
+from resource_management.libraries.functions.format import format
+
+def prestart(env, iop_component):
+  import params
+
+  conf_select.select(params.stack_name, iop_component, params.version)
+  iop_select.select(iop_component, params.version)


Mime
View raw message