ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mug...@apache.org
Subject ambari git commit: AMBARI-18425: Support PAM as an authentication option for Ranger in Ambari (Shi Wang via mugdha)
Date Tue, 22 Nov 2016 07:07:31 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 74869f980 -> a10cc80b3


AMBARI-18425: Support PAM as an authentication option for Ranger in Ambari (Shi Wang via mugdha)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a10cc80b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a10cc80b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a10cc80b

Branch: refs/heads/trunk
Commit: a10cc80b3b75fa3bfa3d51d5e0382e1b56d61913
Parents: 74869f9
Author: Shi Wang <shiwang@us.ibm.com>
Authored: Thu Nov 17 13:03:38 2016 -0800
Committer: Mugdha Varadkar <mugdha@apache.org>
Committed: Tue Nov 22 12:35:51 2016 +0530

----------------------------------------------------------------------
 .../0.4.0/package/scripts/setup_ranger_xml.py   | 18 ++++++++++++++++
 .../0.4.0/package/templates/ranger_admin_pam.j2 | 22 ++++++++++++++++++++
 .../package/templates/ranger_remote_pam.j2      | 22 ++++++++++++++++++++
 .../0.5.0/configuration/ranger-admin-site.xml   |  2 +-
 ambari-web/app/data/HDP2.3/site_properties.js   |  3 +++
 5 files changed, 66 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/a10cc80b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index f1b4797..316d207 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -166,6 +166,24 @@ def setup_ranger_admin(upgrade_type=None):
 
     Link('/usr/bin/ranger-admin',
     to=format('{ranger_home}/ews/ranger-admin-services.sh'))
+  
+  if default("/configurations/ranger-admin-site/ranger.authentication.method", "") == 'PAM':
+    d = '/etc/pam.d'
+    if os.path.isdir(d):
+        File(format('{d}/ranger-admin'),
+            content=Template('ranger_admin_pam.j2'),
+            owner = params.unix_user,
+            group = params.unix_group,
+            mode=0644
+            )
+        File(format('{d}/ranger-remote'),
+            content=Template('ranger_remote_pam.j2'),
+            owner = params.unix_user,
+            group = params.unix_group,
+            mode=0644
+            )
+    else:
+    	Logger.error("Unable to use PAM authentication, /etc/pam.d/ directory does not exist.")
 
   Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
     not_if=format("ls /usr/bin/ranger-admin"),

http://git-wip-us.apache.org/repos/asf/ambari/blob/a10cc80b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_admin_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_admin_pam.j2
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_admin_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_admin_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements.  See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership.  The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License.  You may obtain a copy of the License at
+ #
+ #   http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth    sufficient        pam_unix.so
+auth    sufficient        pam_sss.so
+account sufficient        pam_unix.so
+account sufficient        pam_sss.so

http://git-wip-us.apache.org/repos/asf/ambari/blob/a10cc80b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_remote_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_remote_pam.j2
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_remote_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/templates/ranger_remote_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements.  See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership.  The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License.  You may obtain a copy of the License at
+ #
+ #   http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth    sufficient        pam_unix.so
+auth    sufficient        pam_sss.so
+account sufficient        pam_unix.so
+account sufficient        pam_sss.so

http://git-wip-us.apache.org/repos/asf/ambari/blob/a10cc80b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
index c0e537b..c52924c 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-admin-site.xml
@@ -184,7 +184,7 @@
     <name>ranger.authentication.method</name>
     <value>UNIX</value>
     <display-name>Authentication method</display-name>
-    <description>Ranger admin Authentication - UNIX/LDAP/AD/NONE</description>
+    <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>

http://git-wip-us.apache.org/repos/asf/ambari/blob/a10cc80b/ambari-web/app/data/HDP2.3/site_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js
index 9ae68df..2dadd1b 100644
--- a/ambari-web/app/data/HDP2.3/site_properties.js
+++ b/ambari-web/app/data/HDP2.3/site_properties.js
@@ -105,6 +105,9 @@ hdp23properties.push({
         foreignKeys: ['ranger.ldap.ad.domain','ranger.ldap.ad.url','ranger.ldap.ad.base.dn','ranger.ldap.ad.bind.dn','ranger.ldap.ad.bind.password','ranger.ldap.ad.referral','ranger.ldap.ad.user.searchfilter']
       },
       {
+         displayName: 'PAM'
+      },
+      {
         displayName: 'UNIX',
         foreignKeys: ['ranger.unixauth.service.port', 'ranger.unixauth.service.hostname',
'ranger.unixauth.remote.login.enabled']
       },


Mime
View raw message