ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mug...@apache.org
Subject ambari git commit: AMBARI-18874 : Provide SSL related configurations for Ranger-Tagsync (Vishal Suvagia via mugdha)
Date Sat, 10 Dec 2016 13:34:12 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 09fba6324 -> 646cfc681


AMBARI-18874 : Provide SSL related configurations for Ranger-Tagsync (Vishal Suvagia via mugdha)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/646cfc68
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/646cfc68
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/646cfc68

Branch: refs/heads/trunk
Commit: 646cfc681f9438ac56f4e3b864c0fd2402091082
Parents: 09fba63
Author: Mugdha Varadkar <mugdha@apache.org>
Authored: Sat Dec 10 10:42:46 2016 +0530
Committer: Mugdha Varadkar <mugdha@apache.org>
Committed: Sat Dec 10 19:03:37 2016 +0530

----------------------------------------------------------------------
 .../libraries/functions/constants.py            |   1 +
 .../RANGER/0.4.0/package/scripts/params.py      |  10 +
 .../0.4.0/package/scripts/ranger_tagsync.py     |  39 +++
 .../0.4.0/package/scripts/setup_ranger_xml.py   |  54 ++++
 .../0.7.0/configuration/atlas-tagsync-ssl.xml   |  72 +++++
 .../ranger-tagsync-policymgr-ssl.xml            |  72 +++++
 .../0.7.0/configuration/ranger-tagsync-site.xml |  34 +++
 .../common-services/RANGER/0.7.0/metainfo.xml   |  32 +++
 .../HDP/2.0.6/properties/stack_features.json    |   5 +
 .../HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml |   8 +
 .../stacks/HDP/2.5/upgrades/upgrade-2.6.xml     |   8 +
 .../configuration/ranger-tagsync-site.xml       |  52 ++++
 .../RANGER/configuration/ranger-ugsync-site.xml |  52 ++++
 .../stacks/HDP/2.6/services/RANGER/metainfo.xml |   5 +
 .../stacks/2.6/RANGER/test_ranger_tagsync.py    | 270 +++++++++++++++++++
 .../2.6/configs/ranger-admin-default.json       |  54 ++--
 .../2.6/configs/ranger-admin-secured.json       |  56 ++--
 17 files changed, 789 insertions(+), 35 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
index 46562e0..7fbd6bd 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py
@@ -104,3 +104,4 @@ class StackFeature:
   RANGER_HIVE_PLUGIN_JDBC_URL = "ranger_hive_plugin_jdbc_url"
   ZKFC_VERSION_ADVERTISED = "zkfc_version_advertised"
   PHOENIX_CORE_HDFS_SITE_REQUIRED = "phoenix_core_hdfs_site_required"
+  RANGER_TAGSYNC_SSL_XML_SUPPORT="ranger_tagsync_ssl_xml_support"

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index f2cc940..da9ee18 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -71,6 +71,7 @@ stack_supports_infra_client = check_stack_feature(StackFeature.RANGER_INSTALL_IN
 stack_supports_pid = check_stack_feature(StackFeature.RANGER_PID_SUPPORT, version_for_stack_feature_checks)
 stack_supports_ranger_admin_password_change = check_stack_feature(StackFeature.RANGER_ADMIN_PASSWD_CHANGE, version_for_stack_feature_checks)
 stack_supports_ranger_setup_db_on_start = check_stack_feature(StackFeature.RANGER_SETUP_DB_ON_START, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync_ssl_xml_support = check_stack_feature(StackFeature.RANGER_TAGSYNC_SSL_XML_SUPPORT, version_for_stack_feature_checks)
 
 downgrade_from_version = default("/commandParams/downgrade_from_version", None)
 upgrade_direction = default("/commandParams/upgrade_direction", None)
@@ -81,6 +82,14 @@ ranger_tagsync_home  = format('{stack_root}/current/ranger-tagsync')
 ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
 tagsync_bin = '/usr/bin/ranger-tagsync'
 tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+security_store_path = '/etc/security/serverKeys'
+tagsync_etc_path = '/etc/ranger/tagsync/'
+ranger_tagsync_credential_file= os.path.join(tagsync_etc_path,'rangercred.jceks')
+atlas_tagsync_credential_file= os.path.join(tagsync_etc_path,'atlascred.jceks')
+ranger_tagsync_keystore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']
+ranger_tagsync_truststore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']
+atlas_tagsync_keystore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.keystore.password']
+atlas_tagsync_truststore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.truststore.password']
 
 if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.CONFIG_VERSIONING, version):
   stack_supports_rolling_upgrade = True
@@ -250,6 +259,7 @@ has_ranger_tagsync = len(ranger_tagsync_hosts) > 0
 
 tagsync_log_dir = default("/configurations/ranger-tagsync-site/ranger.tagsync.logdir", "/var/log/ranger/tagsync")
 tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.keystore.filename"]
+atlas_tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.source.atlasrest.keystore.filename"]
 tagsync_application_properties = dict(config["configurations"]["tagsync-application-properties"]) if has_ranger_tagsync else None
 tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
 tagsync_cred_lib = os.path.join(ranger_tagsync_home, "lib", "*")

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_tagsync.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_tagsync.py
index 9c6e142..008fb99 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_tagsync.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_tagsync.py
@@ -28,6 +28,7 @@ from resource_management.core.logger import Logger
 from resource_management.core import shell
 from ranger_service import ranger_service
 from setup_ranger_xml import ranger, ranger_credential_helper
+from resource_management.core.exceptions import Fail
 import upgrade
 
 class RangerTagsync(Script):
@@ -43,6 +44,12 @@ class RangerTagsync(Script):
        group = params.unix_group,
        mode = 0640
     )
+    if params.stack_supports_ranger_tagsync_ssl_xml_support:
+      Logger.info("Stack support Atlas user for Tagsync, creating keystore for same.")
+      self.create_atlas_user_keystore(env)
+    else:
+      Logger.info("Stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
     self.configure(env)
 
   def configure(self, env, upgrade_type=None):
@@ -96,5 +103,37 @@ class RangerTagsync(Script):
     import status_params
     return [status_params.tagsync_pid_file]
 
+  def configure_atlas_user_for_tagsync(self, env):
+    Logger.info("Configuring Atlas user for Tagsync service.")
+    import params
+    env.set_params(params)
+
+    upgrade_stack = stack_select._get_upgrade_stack()
+    if upgrade_stack is None:
+      raise Fail('Unable to determine the stack and stack version')
+
+    stack_name = upgrade_stack[0]
+    stack_version = upgrade_stack[1]
+
+    stack_select.select("ranger-tagsync", stack_version)
+    conf_select.select(stack_name, "ranger-tagsync", stack_version)
+    if params.stack_supports_ranger_tagsync_ssl_xml_support:
+      Logger.info("Upgrading Tagsync, stack support Atlas user for Tagsync, creating keystore for same.")
+      self.create_atlas_user_keystore(env)
+    else:
+      Logger.info("Upgrading Tagsync, stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+    Logger.info("Configuring Atlas user for Tagsync service done.")
+
+  def create_atlas_user_keystore(self,env):
+    import params
+    env.set_params(params)
+    ranger_credential_helper(params.tagsync_cred_lib, 'atlas.user.password', 'admin', params.atlas_tagsync_jceks_path)
+    File(params.atlas_tagsync_jceks_path,
+         owner = params.unix_user,
+         group = params.unix_group,
+         mode = 0640
+    )
+
 if __name__ == "__main__":
   RangerTagsync().execute()

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index 8036f28..ac5b38e 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -560,6 +560,11 @@ def setup_tagsync(upgrade_type=None):
     owner=params.unix_user,
     group=params.unix_group,
     mode=0644)
+  if params.stack_supports_ranger_tagsync_ssl_xml_support:
+    Logger.info("Stack supports tagsync-ssl configurations, performing the same.")
+    setup_tagsync_ssl_configs()
+  else:
+    Logger.info("Stack doesnt support tagsync-ssl configurations, skipping the same.")
 
   PropertiesFile(format('{ranger_tagsync_conf}/atlas-application.properties'),
     properties = params.tagsync_application_properties,
@@ -666,3 +671,52 @@ def check_znode():
     zookeeper_quorum=params.zookeeper_quorum,
     solr_znode=params.solr_znode,
     java64_home=params.java_home)
+
+
+def setup_tagsync_ssl_configs():
+  import params
+  Directory(params.security_store_path,
+            cd_access="a",
+            create_parents=True)
+
+  Directory(params.tagsync_etc_path,
+            cd_access="a",
+            owner=params.unix_user,
+            group=params.unix_group,
+            mode=0775,
+            create_parents=True)
+
+  XmlConfig("ranger-policymgr-ssl.xml",
+            conf_dir=params.ranger_tagsync_conf,
+            configurations=params.config['configurations']['ranger-tagsync-policymgr-ssl'],
+            configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-policymgr-ssl'],
+            owner=params.unix_user,
+            group=params.unix_group,
+            mode=0644)
+
+  ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.ranger_tagsync_keystore_password, params.ranger_tagsync_credential_file)
+  ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.ranger_tagsync_truststore_password, params.ranger_tagsync_credential_file)
+
+  File(params.ranger_tagsync_credential_file,
+       owner = params.unix_user,
+       group = params.unix_group,
+       mode = 0640
+       )
+
+  XmlConfig("atlas-tagsync-ssl.xml",
+            conf_dir=params.ranger_tagsync_conf,
+            configurations=params.config['configurations']['atlas-tagsync-ssl'],
+            configuration_attributes=params.config['configuration_attributes']['atlas-tagsync-ssl'],
+            owner=params.unix_user,
+            group=params.unix_group,
+            mode=0644)
+
+  ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.atlas_tagsync_keystore_password, params.atlas_tagsync_credential_file)
+  ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.atlas_tagsync_truststore_password, params.atlas_tagsync_credential_file)
+
+  File(params.atlas_tagsync_credential_file,
+       owner = params.unix_user,
+       group = params.unix_group,
+       mode = 0640
+       )
+  Logger.info("Configuring tagsync-ssl configurations done successfully.")

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/atlas-tagsync-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/atlas-tagsync-ssl.xml
new file mode 100644
index 0000000..d43c010
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/atlas-tagsync-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore</name>
+    <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value>
+    <description>Java Keystore files</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore.password</name>
+    <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
+    <description>password for keystore</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore</name>
+    <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value>
+    <description>java truststore file</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore.password</name>
+    <value>changeit</value>
+    <property-type>PASSWORD</property-type>
+    <description>java truststore password</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+    <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+    <description>java keystore credential file</description>
+    <on-ambari-upgrade add="false" />
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+    <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+    <description>java truststore credential file</description>
+    <on-ambari-upgrade add="false" />
+  </property>
+
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-policymgr-ssl.xml
new file mode 100644
index 0000000..a4c9441
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-policymgr-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore</name>
+    <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value>
+    <description>Java Keystore files</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore.password</name>
+    <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
+    <description>password for keystore</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore</name>
+    <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value>
+    <description>java truststore file</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore.password</name>
+    <value>changeit</value>
+    <property-type>PASSWORD</property-type>
+    <description>java truststore password</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+    <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+    <description>java keystore credential file</description>
+    <on-ambari-upgrade add="false" />
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+    <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+    <description>java truststore credential file</description>
+    <on-ambari-upgrade add="false" />
+  </property>
+
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-site.xml
new file mode 100644
index 0000000..d186625
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-tagsync-site.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+  <property>
+    <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
+    <value>/etc/ranger/tagsync/conf/ranger-policymgr-ssl.xml</value>
+    <description>Keystore and truststore information used for tagsync, required if tagsync to ranger admin communication is SSL enabled</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
+    <value>/etc/ranger/tagsync/conf/atlas-tagsync-ssl.xml</value>
+    <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/common-services/RANGER/0.7.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/metainfo.xml
new file mode 100644
index 0000000..c9f3a9b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/metainfo.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+  <schemaVersion>2.0</schemaVersion>
+  <services>
+    <service>
+      <name>RANGER</name>
+      <displayName>Ranger</displayName>
+      <comment>Comprehensive security for Hadoop</comment>
+      <extends>common-services/RANGER/0.6.0</extends>
+      <version>0.7.0</version>
+    </service>
+  </services>
+</metainfo>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
index 27a755c..dde3e00 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json
@@ -323,6 +323,11 @@
       "name": "phoenix_core_hdfs_site_required",
       "description": "HDFS and CORE site required for Phoenix",
       "max_version": "2.5.9.9"
+    },
+    {
+      "name": "ranger_tagsync_ssl_xml_support",
+      "description": "Ranger Tagsync ssl xml support.",
+      "min_version": "2.6.0.0"
     }
   ]
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
index 66f872d..7ccd96d 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml
@@ -784,6 +784,14 @@
       </component>
 
       <component name="RANGER_TAGSYNC">
+
+        <pre-upgrade>
+          <task xsi:type="execute" hosts="all">
+            <script>scripts/ranger_tagsync.py</script>
+            <function>configure_atlas_user_for_tagsync</function>
+          </task>
+        </pre-upgrade>
+
         <upgrade>
           <task xsi:type="restart-task"/>
         </upgrade>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
index 1f7c1a8..abd8fb9 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml
@@ -518,6 +518,14 @@
       </component>
 
       <component name="RANGER_TAGSYNC">
+
+        <pre-upgrade>
+          <task xsi:type="execute" hosts="all">
+            <script>scripts/ranger_tagsync.py</script>
+            <function>configure_atlas_user_for_tagsync</function>
+          </task>
+        </pre-upgrade>
+
         <upgrade>
           <task xsi:type="restart-task" />
         </upgrade>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-tagsync-site.xml
new file mode 100644
index 0000000..76be757
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-tagsync-site.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+  <property>
+    <name>ranger.tagsync.keystore.filename</name>
+    <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value>
+    <description>Keystore file</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.tagsync.source.atlasrest.keystore.filename</name>
+    <value>/usr/hdp/current/ranger-tagsync/conf/atlasuser.jceks</value>
+    <description>Tagsync atlasrest keystore file</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
+    <value>{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml</value>
+    <description>Keystore and truststore information used for tagsync, required if tagsync -&gt; ranger admin communication is SSL enabled</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
+    <value>{{stack_root}}/current/ranger-tagsync/conf/atlas-tagsync-ssl.xml</value>
+    <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-ugsync-site.xml
new file mode 100644
index 0000000..e51e884
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<configuration>
+  <property>
+    <name>ranger.usersync.keystore.file</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
+    <description>Keystore file used for usersync</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.usersync.truststore.file</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
+    <description>Truststore used for usersync, required if usersync -&gt; ranger admin communication is SSL enabled</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.usersync.ldap.bindkeystore</name>
+    <value/>
+    <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.usersync.credstore.filename</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+    <description>Credential store file name for user sync, specify full path</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.usersync.policymgr.keystore</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+    <description/>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
index a115134..cc25d44 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER/metainfo.xml
@@ -23,7 +23,12 @@
   <services>
     <service>
       <name>RANGER</name>
+      <extends>common-services/RANGER/0.7.0</extends>
       <version>0.7.0.2.6</version>
+      <credential-store>
+        <supported>true</supported>
+        <enabled>false</enabled>
+      </credential-store>
     </service>
   </services>
 </metainfo>

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_tagsync.py b/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_tagsync.py
new file mode 100644
index 0000000..42f75e2
--- /dev/null
+++ b/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_tagsync.py
@@ -0,0 +1,270 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+import json
+from mock.mock import MagicMock, patch
+from stacks.utils.RMFTestCase import *
+from only_for_platform import not_for_platform, PLATFORM_WINDOWS
+
+@not_for_platform(PLATFORM_WINDOWS)
+class TestRangerTagsync(RMFTestCase):
+  COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package"
+  STACK_VERSION = "2.6"
+
+  def test_configure_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_tagsync.py",
+                   classname = "RangerTagsync",
+                   command = "configure",
+                   config_file="ranger-admin-default.json",
+                   stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertNoMoreResources()
+
+  def test_start_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_tagsync.py",
+                   classname = "RangerTagsync",
+                   command = "start",
+                   config_file="ranger-admin-default.json",
+                   stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertResourceCalled('Execute', '/usr/hdp/current/ranger-tagsync/ranger-tagsync-services.sh start',
+        environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+        not_if = 'ps -ef | grep proc_rangertagsync | grep -v grep',
+        user = 'ranger',
+    )
+    self.assertNoMoreResources()
+    
+  def test_stop_default(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_tagsync.py",
+                   classname = "RangerTagsync",
+                   command = "stop",
+                   config_file="ranger-admin-default.json",
+                   stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assertResourceCalled('Execute', '/usr/hdp/current/ranger-tagsync/ranger-tagsync-services.sh stop',
+        environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+        user = 'ranger'
+    )
+
+    self.assertResourceCalled('File', '/var/run/ranger/tagsync.pid',
+      action = ['delete']
+    )
+    self.assertNoMoreResources()
+
+  def test_configure_secured(self):
+    self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_tagsync.py",
+                   classname = "RangerTagsync",
+                   command = "configure",
+                   config_file="ranger-admin-secured.json",
+                   stack_version = self.STACK_VERSION,
+                   target = RMFTestCase.TARGET_COMMON_SERVICES
+    )
+    self.assert_configure_default()
+    self.assertNoMoreResources()
+
+  def assert_configure_default(self):
+    self.assertResourceCalled('Directory', '/usr/hdp/current/ranger-tagsync/conf',
+      owner = 'ranger',
+      group = 'ranger',
+      create_parents = True
+    )
+
+    self.assertResourceCalled('Directory', '/var/run/ranger',
+      mode=0755,
+      owner = 'ranger',
+      group = 'hadoop',
+      cd_access = "a",
+      create_parents=True
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-tagsync/conf/ranger-tagsync-env-piddir.sh',
+      content = 'export TAGSYNC_PID_DIR_PATH=/var/run/ranger\nexport UNIX_TAGSYNC_USER=ranger',
+      owner = 'ranger',
+      group = 'ranger',
+      mode = 0755
+    )
+
+    self.assertResourceCalled('Directory', '/var/log/ranger/tagsync',
+      owner = 'ranger',
+      group = 'ranger',
+      cd_access = "a",
+      mode=0755,
+      create_parents = True
+    )
+
+    self.assertResourceCalled('File',
+      '/usr/hdp/current/ranger-tagsync/conf/ranger-tagsync-env-logdir.sh',
+      owner = 'ranger',
+      content = 'export RANGER_TAGSYNC_LOG_DIR=/var/log/ranger/tagsync',
+      group = 'ranger',
+      mode=0755
+    )
+
+    self.assertResourceCalled('XmlConfig', 'ranger-tagsync-site.xml',
+      owner = 'ranger',
+      group = 'ranger',
+      conf_dir = '/usr/hdp/current/ranger-tagsync/conf',
+      configurations = self.getConfig()['configurations']['ranger-tagsync-site'],
+      configuration_attributes = self.getConfig()['configuration_attributes']['ranger-tagsync-site'],
+      mode=0644
+    )
+
+    self.assertResourceCalled('Directory', '/etc/security/serverKeys',
+      create_parents = True,
+      cd_access = 'a',
+    )
+
+    self.assertResourceCalled('Directory', '/etc/ranger/tagsync/',
+      owner = 'ranger',
+      group = 'ranger',
+      create_parents = True,
+      mode = 0775,
+      cd_access = 'a',
+    )
+
+    self.assertResourceCalled('XmlConfig', 'ranger-policymgr-ssl.xml',
+      owner = 'ranger',
+      group = 'ranger',
+      conf_dir = '/usr/hdp/current/ranger-tagsync/conf',
+      configurations = self.getConfig()['configurations']['ranger-tagsync-policymgr-ssl'],
+      configuration_attributes = self.getConfig()['configuration_attributes']['ranger-tagsync-policymgr-ssl'],
+      mode = 0644,
+    )
+
+    self.assertResourceCalled('Execute', (u'/usr/jdk64/jdk1.7.0_45/bin/java',
+      '-cp',
+      u'/usr/hdp/current/ranger-tagsync/lib/*',
+      'org.apache.ranger.credentialapi.buildks',
+      'create',
+      'sslKeyStore',
+      '-value',
+      'myKeyFilePassword',
+      '-provider',
+      'jceks://file/etc/ranger/tagsync/rangercred.jceks'),
+      logoutput = True,
+      environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+      sudo = True,
+    )
+
+    self.assertResourceCalled('Execute', (u'/usr/jdk64/jdk1.7.0_45/bin/java',
+      '-cp',
+      u'/usr/hdp/current/ranger-tagsync/lib/*',
+      'org.apache.ranger.credentialapi.buildks',
+      'create',
+      'sslTrustStore',
+      '-value',
+      'changeit',
+      '-provider',
+      'jceks://file/etc/ranger/tagsync/rangercred.jceks'),
+      logoutput = True,
+      environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+      sudo = True,
+    )
+
+    self.assertResourceCalled('File', '/etc/ranger/tagsync/rangercred.jceks',
+      owner = 'ranger',
+      group = 'ranger',
+      mode = 0640,
+    )
+
+    self.assertResourceCalled('XmlConfig', 'atlas-tagsync-ssl.xml',
+      group = 'ranger',
+      conf_dir = '/usr/hdp/current/ranger-tagsync/conf',
+      mode = 0644,
+      configuration_attributes = UnknownConfigurationMock(),
+      owner = 'ranger',
+      configurations = self.getConfig()['configurations']['atlas-tagsync-ssl']
+    )
+
+
+
+    self.assertResourceCalled('Execute', (u'/usr/jdk64/jdk1.7.0_45/bin/java',
+      '-cp',
+      u'/usr/hdp/current/ranger-tagsync/lib/*',
+      'org.apache.ranger.credentialapi.buildks',
+      'create',
+      'sslKeyStore',
+      '-value',
+      'myKeyFilePassword',
+      '-provider',
+      'jceks://file/etc/ranger/tagsync/atlascred.jceks'),
+      logoutput = True,
+      environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+      sudo = True,
+    )
+
+    self.assertResourceCalled('Execute', (u'/usr/jdk64/jdk1.7.0_45/bin/java',
+      '-cp',
+      u'/usr/hdp/current/ranger-tagsync/lib/*',
+      'org.apache.ranger.credentialapi.buildks',
+      'create',
+      'sslTrustStore',
+      '-value',
+      'changeit',
+      '-provider',
+      'jceks://file/etc/ranger/tagsync/atlascred.jceks'),
+      logoutput = True,
+      environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
+      sudo = True,
+    )
+
+    self.assertResourceCalled('File', '/etc/ranger/tagsync/atlascred.jceks',
+      owner = 'ranger',
+      group = 'ranger',
+      mode = 0640,
+    )
+
+
+    self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-tagsync/conf/atlas-application.properties',
+      properties = self.getConfig()['configurations']['tagsync-application-properties'],
+      mode=0755,
+      owner='ranger',
+      group='ranger'
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-tagsync/conf/log4j.properties',
+      owner = 'ranger',
+      group = 'ranger',
+      content = self.getConfig()['configurations']['tagsync-log4j']['content'],
+      mode = 0644
+    )
+
+    self.assertResourceCalled('File', '/usr/hdp/current/ranger-tagsync/ranger-tagsync-services.sh',
+      mode = 0755,
+    )
+
+    self.assertResourceCalled('Execute', ('ln', '-sf', '/usr/hdp/current/ranger-tagsync/ranger-tagsync-services.sh', '/usr/bin/ranger-tagsync'),
+      not_if='ls /usr/bin/ranger-tagsync',
+      only_if='ls /usr/hdp/current/ranger-tagsync/ranger-tagsync-services.sh',
+      sudo=True
+    )
+
+    self.assertResourceCalled('XmlConfig', 'core-site.xml',
+      owner = 'ranger',
+      group = 'ranger',
+      conf_dir = '/usr/hdp/current/ranger-tagsync/conf',
+      configurations = self.getConfig()['configurations']['core-site'],
+      configuration_attributes = self.getConfig()['configuration_attributes']['core-site'],
+      mode = 0644
+    )

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-default.json b/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-default.json
index 1d5adff..ad66c7a 100644
--- a/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-default.json
+++ b/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-default.json
@@ -32,9 +32,10 @@
                 "dfs.webhdfs.enabled": "true"
             }
         }, 
-        "ranger-tagsync-site": {}, 
-        "zoo.cfg": {}, 
-        "hadoop-policy": {}, 
+        "ranger-tagsync-site": {},
+        "ranger-tagsync-policymgr-ssl": {},
+        "zoo.cfg": {},
+        "hadoop-policy": {},
         "hdfs-log4j": {}, 
         "ranger-hdfs-plugin-properties": {}, 
         "core-site": {
@@ -138,7 +139,10 @@
         }, 
         "tagsync-log4j": {
             "tag": "version1466705299949"
-        }, 
+        },
+        "ranger-tagsync-policymgr-ssl": {
+            "tag": "version1479216811014"
+        },
         "ranger-hdfs-security": {
             "tag": "version1466705299922"
         }, 
@@ -162,14 +166,14 @@
     "hostLevelParams": {
         "agent_stack_retry_on_unavailability": "false", 
         "stack_name": "HDP", 
-        "package_version": "2_5_0_0_*", 
+        "package_version": "2_6_0_0_*",
         "custom_mysql_jdbc_name": "mysql-connector-java.jar",
         "previous_custom_mysql_jdbc_name": "mysql-connector-java-old.jar",
         "host_sys_prepped": "false", 
         "ambari_db_rca_username": "mapred", 
         "current_version": "2.6.0.0-801",
-        "mysql_jdbc_url": "http://c6401.ambari.apache.org:8080/resources//mysql-connector-java.jar", 
-        "agent_stack_retry_count": "5", 
+        "mysql_jdbc_url": "http://c6401.ambari.apache.org:8080/resources//mysql-connector-java.jar",
+        "agent_stack_retry_count": "5",
         "stack_version": "2.6",
         "jdk_name": "jdk-8u60-linux-x64.tar.gz", 
         "ambari_db_rca_driver": "org.postgresql.Driver", 
@@ -179,8 +183,8 @@
         "not_managed_hdfs_path_list": "[\"/tmp\"]", 
         "ambari_db_rca_url": "jdbc:postgresql://c6401.ambari.apache.org/ambarirca", 
         "java_version": "8", 
-        "repo_info": "[{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.5.0.0-801\",\"osType\":\"redhat6\",\"repoId\":\"HDP-2.5\",\"repoName\":\"HDP\",\"defaultBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/updates/2.5.0.0\",\"latestBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.5.0.0-801\",\"baseSaved\":true},{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"osType\":\"redhat6\",\"repoId\":\"HDP-UTILS-1.1.0.21\",\"repoName\":\"HDP-UTILS\",\"defaultBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"latestBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"baseSaved\":true}]", 
-        "package_list": "[{\"name\":\"ranger_${stack_version}-admin\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-usersync\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-tagsync\",\"condition\":\"should_install_ranger_tagsync\",\"skipUpgrade\":false},{\"name\":\"ambari-logsearch-solr-client\",\"condition\":\"should_install_logsearch_solr_client\",\"skipUpgrade\":false}]", 
+        "repo_info": "[{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.6.0.0-801\",\"osType\":\"redhat6\",\"repoId\":\"HDP-2.6\",\"repoName\":\"HDP\",\"defaultBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/updates/2.6.0.0\",\"latestBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.6.0.0-801\",\"baseSaved\":true},{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"osType\":\"redhat6\",\"repoId\":\"HDP-UTILS-1.1.0.21\",\"repoName\":\"HDP-UTILS\",\"defaultBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"latestBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"baseSaved\":true}]",
+        "package_list": "[{\"name\":\"ranger_${stack_version}-admin\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-usersync\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-tagsync\",\"condition\":\"should_install_ranger_tagsync\",\"skipUpgrade\":false},{\"name\":\"ambari-logsearch-solr-client\",\"condition\":\"should_install_logsearch_solr_client\",\"skipUpgrade\":false}]",
         "db_name": "ambari", 
         "group_list": "[\"ranger\",\"hadoop\",\"users\"]", 
         "agentCacheDir": "/var/lib/ambari-agent/cache", 
@@ -194,7 +198,7 @@
     "commandParams": {
         "service_package_folder": "common-services/RANGER/0.4.0/package", 
         "script": "scripts/ranger_admin.py", 
-        "hooks_folder": "HDP/2.0.6/hooks", 
+        "hooks_folder": "HDP/2.0.6/hooks",
         "version": "2.6.0.0-801",
         "max_duration_for_retries": "0", 
         "command_retry_enabled": "false", 
@@ -261,7 +265,23 @@
             "xasecure.audit.provider.summary.enabled": "false",
             "xasecure.audit.destination.hdfs.dir": "hdfs://c6401.ambari.apache.org:8020/ranger/audit",
             "xasecure.audit.is.enabled": "true"
-        }, 
+        },
+        "ranger-tagsync-policymgr-ssl": {
+            "xasecure.policymgr.clientssl.keystore": "/etc/security/serverKeys/ranger-tagsync-keystore.jks", 
+            "xasecure.policymgr.clientssl.truststore.password": "changeit", 
+            "xasecure.policymgr.clientssl.keystore.credential.file": "jceks://file{{ranger_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.truststore": "/etc/security/serverKeys/ranger-tagsync-mytruststore.jks", 
+            "xasecure.policymgr.clientssl.truststore.credential.file": "jceks://file{{ranger_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.keystore.password": "myKeyFilePassword"
+        },
+        "atlas-tagsync-ssl": {
+            "xasecure.policymgr.clientssl.keystore": "/etc/security/serverKeys/atlas-tagsync-keystore.jks",
+            "xasecure.policymgr.clientssl.truststore.password": "changeit",
+            "xasecure.policymgr.clientssl.keystore.credential.file": "jceks://file{{atlas_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.truststore": "/etc/security/serverKeys/atlas-tagsync-mytruststore.jks",
+            "xasecure.policymgr.clientssl.truststore.credential.file": "jceks://file{{atlas_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.keystore.password": "myKeyFilePassword"
+        },
         "ssl-client": {
             "ssl.client.truststore.reload.interval": "10000", 
             "ssl.client.keystore.password": "bigdata", 
@@ -515,8 +535,8 @@
             "dfs.namenode.name.dir": "/grid/0/hadoop/hdfs/namenode"
         }, 
         "ranger-tagsync-site": {
-            "ranger.tagsync.dest.ranger.ssl.config.filename": "/usr/hdp/current/ranger-tagsync/conf/mytruststore.jks", 
-            "ranger.tagsync.source.atlasrest.username": "", 
+            "ranger.tagsync.dest.ranger.ssl.config.filename": "{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml",
+            "ranger.tagsync.source.atlasrest.username": "",
             "ranger.tagsync.logdir": "/var/log/ranger/tagsync", 
             "ranger.tagsync.source.atlasrest.download.interval.millis": "", 
             "ranger.tagsync.keystore.filename": "/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks", 
@@ -690,10 +710,10 @@
             "ignore_bad_mounts": "false", 
             "recovery_window_in_minutes": "60", 
             "user_group": "hadoop", 
-            "stack_tools": "{\n  \"stack_selector\": [\"hdp-select\", \"/usr/bin/hdp-select\", \"hdp-select\"],\n  \"conf_selector\": [\"conf-select\", \"/usr/bin/conf-select\", \"conf-select\"]\n}", 
-            "recovery_retry_interval": "5", 
-            "stack_features": "{\n  \"stack_features\": [\n    {\n      \"name\": \"snappy\",\n      \"description\": \"Snappy compressor/decompressor support\",\n      \"min_version\": \"2.0.0.0\",\n      \"max_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"lzo\",\n      \"description\": \"LZO libraries support\",\n      \"min_version\": \"2.2.1.0\"\n    },\n    {\n      \"name\": \"express_upgrade\",\n      \"description\": \"Express upgrade support\",\n      \"min_version\": \"2.1.0.0\"\n    },\n    {\n      \"name\": \"rolling_upgrade\",\n      \"description\": \"Rolling upgrade support\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"config_versioning\",\n      \"description\": \"Configurable versions support\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"datanode_non_root\",\n      \"description\": \"DataNode running as non-root support (AMBARI-7615)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\
 ": \"remove_ranger_hdfs_plugin_env\",\n      \"description\": \"HDFS removes Ranger env files (AMBARI-14299)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"ranger\",\n      \"description\": \"Ranger Service support\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"ranger_tagsync_component\",\n      \"description\": \"Ranger Tagsync component support (AMBARI-14383)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"phoenix\",\n      \"description\": \"Phoenix Service support\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"nfs\",\n      \"description\": \"NFS support\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"tez_for_spark\",\n      \"description\": \"Tez dependency for Spark\",\n      \"min_version\": \"2.2.0.0\",\n      \"max_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"timeline_state_store\",\n      \"description\": \"Yarn application timeline-se
 rvice supports state store property (AMBARI-11442)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"copy_tarball_to_hdfs\",\n      \"description\": \"Copy tarball to HDFS support (AMBARI-12113)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"spark_16plus\",\n      \"description\": \"Spark 1.6+\",\n      \"min_version\": \"2.4.0.0\"\n    },\n    {\n      \"name\": \"spark_thriftserver\",\n      \"description\": \"Spark Thrift Server\",\n      \"min_version\": \"2.3.2.0\"\n    },\n    {\n      \"name\": \"storm_kerberos\",\n      \"description\": \"Storm Kerberos support (AMBARI-7570)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"storm_ams\",\n      \"description\": \"Storm AMS integration (AMBARI-10710)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"create_kafka_broker_id\",\n      \"description\": \"Ambari should create Kafka Broker Id (AMBARI-12678)\",\n      \"min_version\": \"2.2
 .0.0\",\n      \"max_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"kafka_listeners\",\n      \"description\": \"Kafka listeners (AMBARI-10984)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"kafka_kerberos\",\n      \"description\": \"Kafka Kerberos support (AMBARI-10984)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"pig_on_tez\",\n      \"description\": \"Pig on Tez support (AMBARI-7863)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"ranger_usersync_non_root\",\n      \"description\": \"Ranger Usersync as non-root user (AMBARI-10416)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"ranger_audit_db_support\",\n      \"description\": \"Ranger Audit to DB support\",\n      \"min_version\": \"2.2.0.0\",\n      \"max_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"accumulo_kerberos_user_auth\",\n      \"description\": \"Accumulo Kerberos User Auth (AMBARI-10163)\",\n
       \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"knox_versioned_data_dir\",\n      \"description\": \"Use versioned data dir for Knox (AMBARI-13164)\",\n      \"min_version\": \"2.3.2.0\"\n    },\n    {\n      \"name\": \"knox_sso_topology\",\n      \"description\": \"Knox SSO Topology support (AMBARI-13975)\",\n      \"min_version\": \"2.3.8.0\"\n    },\n    {\n      \"name\": \"atlas_rolling_upgrade\",\n      \"description\": \"Rolling upgrade support for Atlas\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"oozie_admin_user\",\n      \"description\": \"Oozie install user as an Oozie admin user (AMBARI-7976)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"oozie_create_hive_tez_configs\",\n      \"description\": \"Oozie create configs for Ambari Hive and Tez deployments (AMBARI-8074)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"oozie_setup_shared_lib\",\n      \"description\": \"Oozie 
 setup tools used to shared Oozie lib to HDFS (AMBARI-7240)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"oozie_host_kerberos\",\n      \"description\": \"Oozie in secured clusters uses _HOST in Kerberos principal (AMBARI-9775)\",\n      \"min_version\": \"2.0.0.0\",\n      \"max_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"falcon_extensions\",\n      \"description\": \"Falcon Extension\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hive_metastore_upgrade_schema\",\n      \"description\": \"Hive metastore upgrade schema support (AMBARI-11176)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"hive_server_interactive\",\n      \"description\": \"Hive server interactive support (AMBARI-15573)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hive_webhcat_specific_configs\",\n      \"description\": \"Hive webhcat specific configurations support (AMBARI-12364)\",\n      \"min_ver
 sion\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"hive_purge_table\",\n      \"description\": \"Hive purge table support (AMBARI-12260)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"hive_server2_kerberized_env\",\n      \"description\": \"Hive server2 working on kerberized environment (AMBARI-13749)\",\n      \"min_version\": \"2.2.3.0\",\n      \"max_version\": \"2.2.5.0\"\n    },\n    {\n      \"name\": \"hive_env_heapsize\",\n      \"description\": \"Hive heapsize property defined in hive-env (AMBARI-12801)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"ranger_kms_hsm_support\",\n      \"description\": \"Ranger KMS HSM support (AMBARI-15752)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_log4j_support\",\n      \"description\": \"Ranger supporting log-4j properties (AMBARI-15681)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_kerberos_support\",\n      \"desc
 ription\": \"Ranger Kerberos support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hive_metastore_site_support\",\n      \"description\": \"Hive Metastore site support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_usersync_password_jceks\",\n      \"description\": \"Saving Ranger Usersync credentials in jceks\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_install_infra_client\",\n      \"description\": \"LogSearch Service support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hbase_home_directory\",\n      \"description\": \"Hbase home directory in HDFS needed for HBASE backup\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"spark_livy\",\n      \"description\": \"Livy as slave component of spark\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"atlas_ranger_plugin_support\",\n      \"description\": \"Atlas Ranger plug
 in support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_pid_support\",\n      \"description\": \"Ranger Service support pid generation AMBARI-16756\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_kms_pid_support\",\n      \"description\": \"Ranger KMS Service support pid generation\",\n      \"min_version\": \"2.5.0.0\"\n    }\n  ]\n}",
-            "recovery_enabled": "true", 
+            "stack_tools": "{\n  \"stack_selector\": [\"hdp-select\", \"/usr/bin/hdp-select\", \"hdp-select\"],\n  \"conf_selector\": [\"conf-select\", \"/usr/bin/conf-select\", \"conf-select\"]\n}",
+            "recovery_retry_interval": "5",
+            "stack_features": "{\n  \"stack_features\": [\n    {\n      \"name\": \"snappy\",\n      \"description\": \"Snappy compressor/decompressor support\",\n      \"min_version\": \"2.0.0.0\",\n      \"max_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"lzo\",\n      \"description\": \"LZO libraries support\",\n      \"min_version\": \"2.2.1.0\"\n    },\n    {\n      \"name\": \"express_upgrade\",\n      \"description\": \"Express upgrade support\",\n      \"min_version\": \"2.1.0.0\"\n    },\n    {\n      \"name\": \"rolling_upgrade\",\n      \"description\": \"Rolling upgrade support\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"config_versioning\",\n      \"description\": \"Configurable versions support\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"datanode_non_root\",\n      \"description\": \"DataNode running as non-root support (AMBARI-7615)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\
 ": \"remove_ranger_hdfs_plugin_env\",\n      \"description\": \"HDFS removes Ranger env files (AMBARI-14299)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"ranger\",\n      \"description\": \"Ranger Service support\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"ranger_tagsync_component\",\n      \"description\": \"Ranger Tagsync component support (AMBARI-14383)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"phoenix\",\n      \"description\": \"Phoenix Service support\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"nfs\",\n      \"description\": \"NFS support\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"tez_for_spark\",\n      \"description\": \"Tez dependency for Spark\",\n      \"min_version\": \"2.2.0.0\",\n      \"max_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"timeline_state_store\",\n      \"description\": \"Yarn application timeline-se
 rvice supports state store property (AMBARI-11442)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"copy_tarball_to_hdfs\",\n      \"description\": \"Copy tarball to HDFS support (AMBARI-12113)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"spark_16plus\",\n      \"description\": \"Spark 1.6+\",\n      \"min_version\": \"2.4.0.0\"\n    },\n    {\n      \"name\": \"spark_thriftserver\",\n      \"description\": \"Spark Thrift Server\",\n      \"min_version\": \"2.3.2.0\"\n    },\n    {\n      \"name\": \"storm_kerberos\",\n      \"description\": \"Storm Kerberos support (AMBARI-7570)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"storm_ams\",\n      \"description\": \"Storm AMS integration (AMBARI-10710)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"create_kafka_broker_id\",\n      \"description\": \"Ambari should create Kafka Broker Id (AMBARI-12678)\",\n      \"min_version\": \"2.2
 .0.0\",\n      \"max_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"kafka_listeners\",\n      \"description\": \"Kafka listeners (AMBARI-10984)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"kafka_kerberos\",\n      \"description\": \"Kafka Kerberos support (AMBARI-10984)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"pig_on_tez\",\n      \"description\": \"Pig on Tez support (AMBARI-7863)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"ranger_usersync_non_root\",\n      \"description\": \"Ranger Usersync as non-root user (AMBARI-10416)\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"ranger_audit_db_support\",\n      \"description\": \"Ranger Audit to DB support\",\n      \"min_version\": \"2.2.0.0\",\n      \"max_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"accumulo_kerberos_user_auth\",\n      \"description\": \"Accumulo Kerberos User Auth (AMBARI-10163)\",\n
       \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"knox_versioned_data_dir\",\n      \"description\": \"Use versioned data dir for Knox (AMBARI-13164)\",\n      \"min_version\": \"2.3.2.0\"\n    },\n    {\n      \"name\": \"knox_sso_topology\",\n      \"description\": \"Knox SSO Topology support (AMBARI-13975)\",\n      \"min_version\": \"2.3.8.0\"\n    },\n    {\n      \"name\": \"atlas_rolling_upgrade\",\n      \"description\": \"Rolling upgrade support for Atlas\",\n      \"min_version\": \"2.3.0.0\"\n    },\n    {\n      \"name\": \"oozie_admin_user\",\n      \"description\": \"Oozie install user as an Oozie admin user (AMBARI-7976)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"oozie_create_hive_tez_configs\",\n      \"description\": \"Oozie create configs for Ambari Hive and Tez deployments (AMBARI-8074)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"oozie_setup_shared_lib\",\n      \"description\": \"Oozie 
 setup tools used to shared Oozie lib to HDFS (AMBARI-7240)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"oozie_host_kerberos\",\n      \"description\": \"Oozie in secured clusters uses _HOST in Kerberos principal (AMBARI-9775)\",\n      \"min_version\": \"2.0.0.0\",\n      \"max_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"falcon_extensions\",\n      \"description\": \"Falcon Extension\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hive_metastore_upgrade_schema\",\n      \"description\": \"Hive metastore upgrade schema support (AMBARI-11176)\",\n      \"min_version\": \"2.3.0.0\"\n     },\n    {\n      \"name\": \"hive_server_interactive\",\n      \"description\": \"Hive server interactive support (AMBARI-15573)\",\n      \"min_version\": \"2.5.0.0\"\n     },\n    {\n      \"name\": \"hive_webhcat_specific_configs\",\n      \"description\": \"Hive webhcat specific configurations support (AMBARI-12364)\",\n      \"min_v
 ersion\": \"2.3.0.0\"\n     },\n    {\n      \"name\": \"hive_purge_table\",\n      \"description\": \"Hive purge table support (AMBARI-12260)\",\n      \"min_version\": \"2.3.0.0\"\n     },\n    {\n      \"name\": \"hive_server2_kerberized_env\",\n      \"description\": \"Hive server2 working on kerberized environment (AMBARI-13749)\",\n      \"min_version\": \"2.2.3.0\",\n      \"max_version\": \"2.2.5.0\"\n     },\n    {\n      \"name\": \"hive_env_heapsize\",\n      \"description\": \"Hive heapsize property defined in hive-env (AMBARI-12801)\",\n      \"min_version\": \"2.2.0.0\"\n    },\n    {\n      \"name\": \"ranger_kms_hsm_support\",\n      \"description\": \"Ranger KMS HSM support (AMBARI-15752)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_log4j_support\",\n      \"description\": \"Ranger supporting log-4j properties (AMBARI-15681)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_kerberos_support\",\n      \
 "description\": \"Ranger Kerberos support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hive_metastore_site_support\",\n      \"description\": \"Hive Metastore site support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_usersync_password_jceks\",\n      \"description\": \"Saving Ranger Usersync credentials in jceks\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_install_infra_client\",\n      \"description\": \"Ambari Infra Service support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"falcon_atlas_support_2_3\",\n      \"description\": \"Falcon Atlas integration support for 2.3 stack\",\n      \"min_version\": \"2.3.99.0\",\n      \"max_version\": \"2.4.0.0\"\n    },\n    {\n      \"name\": \"falcon_atlas_support\",\n      \"description\": \"Falcon Atlas integration\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"hbase_home_directory\",\n   
    \"description\": \"Hbase home directory in HDFS needed for HBASE backup\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"spark_livy\",\n      \"description\": \"Livy as slave component of spark\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"atlas_ranger_plugin_support\",\n      \"description\": \"Atlas Ranger plugin support\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"atlas_conf_dir_in_path\",\n      \"description\": \"Prepend the Atlas conf dir (/etc/atlas/conf) to the classpath of Storm and Falcon\",\n      \"min_version\": \"2.3.0.0\",\n      \"max_version\": \"2.4.99.99\"\n    },\n    {\n      \"name\": \"atlas_upgrade_support\",\n      \"description\": \"Atlas supports express and rolling upgrades\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"atlas_hook_support\",\n      \"description\": \"Atlas support for hooks in Hive, Storm, Falcon, and Sqoop\",\n      \"min_version\"
 : \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_pid_support\",\n      \"description\": \"Ranger Service support pid generation AMBARI-16756\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_kms_pid_support\",\n      \"description\": \"Ranger KMS Service support pid generation\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_admin_password_change\",\n      \"description\": \"Allow ranger admin credentials to be specified during cluster creation (AMBARI-17000)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"storm_metrics_apache_classes\",\n      \"description\": \"Metrics sink for Storm that uses Apache class names\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"spark_java_opts_support\",\n      \"description\": \"Allow Spark to generate java-opts file\",\n      \"min_version\": \"2.2.0.0\",\n      \"max_version\": \"2.4.0.0\"\n    },\n    {\n      \"name\": \"atlas_hb
 ase_setup\",\n      \"description\": \"Use script to create Atlas tables in Hbase and set permissions for Atlas user.\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_hive_plugin_jdbc_url\",\n      \"description\": \"Handle Ranger hive repo config jdbc url change for stack 2.5 (AMBARI-18386)\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"zkfc_version_advertised\",\n      \"description\": \"ZKFC advertise version\",\n      \"min_version\": \"2.5.0.0\"\n    },\n    {\n      \"name\": \"ranger_tagsync_ssl_xml_support\",\n      \"description\": \"Ranger Tagsync ssl xml support.\",\n      \"min_version\": \"2.6.0.0\"\n    }\n  ]\n}",
+            "recovery_enabled": "true",
             "recovery_max_count": "6", 
             "stack_root": "/usr/hdp", 
             "repo_suse_rhel_template": "[{{repo_id}}]\nname={{repo_id}}\n{% if mirror_list %}mirrorlist={{mirror_list}}{% else %}baseurl={{base_url}}{% endif %}\n\npath=/\nenabled=1\ngpgcheck=0", 

http://git-wip-us.apache.org/repos/asf/ambari/blob/646cfc68/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json b/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json
index 030b717..5562ea7 100644
--- a/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json
+++ b/ambari-server/src/test/python/stacks/2.6/configs/ranger-admin-secured.json
@@ -35,9 +35,10 @@
                 "dfs.webhdfs.enabled": "true"
             }
         }, 
-        "ranger-tagsync-site": {}, 
-        "zoo.cfg": {}, 
-        "hadoop-policy": {}, 
+        "ranger-tagsync-site": {},
+        "ranger-tagsync-policymgr-ssl": {}, 
+        "zoo.cfg": {},
+        "hadoop-policy": {},
         "hdfs-log4j": {}, 
         "krb5-conf": {}, 
         "core-site": {
@@ -147,7 +148,10 @@
         }, 
         "tagsync-log4j": {
             "tag": "version1466705299949"
-        }, 
+        },
+        "ranger-tagsync-policymgr-ssl": {
+            "tag": "version1479216811014"
+        },
         "ranger-hdfs-security": {
             "tag": "version1466705299922"
         }, 
@@ -171,26 +175,26 @@
     "hostLevelParams": {
         "agent_stack_retry_on_unavailability": "false", 
         "stack_name": "HDP", 
-        "package_version": "2_5_0_0_*", 
+        "package_version": "2_6_0_0_*",
         "custom_mysql_jdbc_name": "mysql-connector-java.jar",
         "previous_custom_mysql_jdbc_name": "mysql-connector-java-old.jar",
         "host_sys_prepped": "false", 
         "ambari_db_rca_username": "mapred", 
         "current_version": "2.6.0.0-801",
-        "mysql_jdbc_url": "http://c6401.ambari.apache.org:8080/resources//mysql-connector-java.jar", 
-        "agent_stack_retry_count": "5", 
+        "mysql_jdbc_url": "http://c6401.ambari.apache.org:8080/resources//mysql-connector-java.jar",
+        "agent_stack_retry_count": "5",
         "stack_version": "2.6",
         "jdk_name": "jdk-8u60-linux-x64.tar.gz", 
         "ambari_db_rca_driver": "org.postgresql.Driver", 
         "java_home": "/usr/jdk64/jdk1.7.0_45",
-        "repository_version_id": "1", 
-        "jdk_location": "http://c6401.ambari.apache.org:8080/resources/", 
+        "repository_version_id": "1",
+        "jdk_location": "http://c6401.ambari.apache.org:8080/resources/",
         "not_managed_hdfs_path_list": "[\"/tmp\"]", 
         "ambari_db_rca_url": "jdbc:postgresql://c6401.ambari.apache.org/ambarirca", 
         "java_version": "8", 
-        "repo_info": "[{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.5.0.0-801\",\"osType\":\"redhat6\",\"repoId\":\"HDP-2.5\",\"repoName\":\"HDP\",\"defaultBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/updates/2.5.0.0\",\"latestBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.5.0.0-801\",\"baseSaved\":true},{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"osType\":\"redhat6\",\"repoId\":\"HDP-UTILS-1.1.0.21\",\"repoName\":\"HDP-UTILS\",\"defaultBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"latestBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"baseSaved\":true}]", 
-        "package_list": "[{\"name\":\"ranger_${stack_version}-admin\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-usersync\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-tagsync\",\"condition\":\"should_install_ranger_tagsync\",\"skipUpgrade\":false},{\"name\":\"ambari-logsearch-solr-client\",\"condition\":\"should_install_logsearch_solr_client\",\"skipUpgrade\":false}]", 
-        "db_name": "ambari", 
+        "repo_info": "[{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.6.0.0-801\",\"osType\":\"redhat6\",\"repoId\":\"HDP-2.6\",\"repoName\":\"HDP\",\"defaultBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/updates/2.6.0.0\",\"latestBaseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP/centos6/2.x/BUILDS/2.6.0.0-801\",\"baseSaved\":true},{\"baseUrl\":\"http://s3.amazonaws.com/dev.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"osType\":\"redhat6\",\"repoId\":\"HDP-UTILS-1.1.0.21\",\"repoName\":\"HDP-UTILS\",\"defaultBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"latestBaseUrl\":\"http://public-repo-1.hortonworks.com/HDP-UTILS-1.1.0.21/repos/centos6\",\"baseSaved\":true}]",
+        "package_list": "[{\"name\":\"ranger_${stack_version}-admin\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-usersync\",\"condition\":\"\",\"skipUpgrade\":false},{\"name\":\"ranger_${stack_version}-tagsync\",\"condition\":\"should_install_ranger_tagsync\",\"skipUpgrade\":false},{\"name\":\"ambari-logsearch-solr-client\",\"condition\":\"should_install_logsearch_solr_client\",\"skipUpgrade\":false}]",
+        "db_name": "ambari",
         "group_list": "[\"ranger\",\"hadoop\",\"users\"]", 
         "agentCacheDir": "/var/lib/ambari-agent/cache", 
         "ambari_db_rca_password": "mapred", 
@@ -205,8 +209,8 @@
         "script": "scripts/ranger_admin.py", 
         "hooks_folder": "HDP/2.0.6/hooks", 
         "version": "2.6.0.0-801",
-        "max_duration_for_retries": "0", 
-        "command_retry_enabled": "false", 
+        "max_duration_for_retries": "0",
+        "command_retry_enabled": "false",
         "command_timeout": "600", 
         "script_type": "PYTHON"
     }, 
@@ -270,7 +274,23 @@
             "xasecure.audit.provider.summary.enabled": "false", 
             "xasecure.audit.destination.hdfs.dir": "hdfs://c6401.ambari.apache.org:8020/ranger/audit", 
             "xasecure.audit.is.enabled": "true"
-        }, 
+        },
+        "ranger-tagsync-policymgr-ssl": {
+            "xasecure.policymgr.clientssl.keystore": "/etc/security/serverKeys/ranger-tagsync-keystore.jks", 
+            "xasecure.policymgr.clientssl.truststore.password": "changeit", 
+            "xasecure.policymgr.clientssl.keystore.credential.file": "jceks://file{{ranger_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.truststore": "/etc/security/serverKeys/ranger-tagsync-mytruststore.jks", 
+            "xasecure.policymgr.clientssl.truststore.credential.file": "jceks://file{{ranger_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.keystore.password": "myKeyFilePassword"
+        },
+        "atlas-tagsync-ssl": {
+            "xasecure.policymgr.clientssl.keystore": "/etc/security/serverKeys/atlas-tagsync-keystore.jks",
+            "xasecure.policymgr.clientssl.truststore.password": "changeit",
+            "xasecure.policymgr.clientssl.keystore.credential.file": "jceks://file{{atlas_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.truststore": "/etc/security/serverKeys/atlas-tagsync-mytruststore.jks",
+            "xasecure.policymgr.clientssl.truststore.credential.file": "jceks://file{{atlas_tagsync_credential_file}}",
+            "xasecure.policymgr.clientssl.keystore.password": "myKeyFilePassword"
+        },
         "ssl-client": {
             "ssl.client.truststore.reload.interval": "10000", 
             "ssl.client.keystore.password": "bigdata", 
@@ -579,9 +599,9 @@
             "dfs.namenode.name.dir": "/grid/0/hadoop/hdfs/namenode"
         }, 
         "ranger-tagsync-site": {
-            "ranger.tagsync.dest.ranger.ssl.config.filename": "/usr/hdp/current/ranger-tagsync/conf/mytruststore.jks", 
-            "ranger.tagsync.source.atlasrest.username": "", 
-            "ranger.tagsync.logdir": "/var/log/ranger/tagsync", 
+            "ranger.tagsync.dest.ranger.ssl.config.filename": "{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml",
+            "ranger.tagsync.source.atlasrest.username": "",
+            "ranger.tagsync.logdir": "/var/log/ranger/tagsync",
             "ranger.tagsync.source.atlasrest.download.interval.millis": "", 
             "ranger.tagsync.keystore.filename": "/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks", 
             "ranger.tagsync.source.file.check.interval.millis": "", 


Mime
View raw message