ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [03/31] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common service version for Ranger & Ranger Kms (mugdha)
Date Fri, 07 Jul 2017 11:17:37 GMT
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
deleted file mode 100644
index 34d0082..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.functions.version import format_stack_version
-from resource_management.libraries.functions.stack_features import check_stack_feature
-from resource_management.libraries.functions import StackFeature
-
-config  = Script.get_config()
-tmp_dir = Script.get_tmp_dir()
-
-stack_name = default("/hostLevelParams/stack_name", None)
-stack_version_unformatted = config['hostLevelParams']['stack_version']
-stack_version_formatted = format_stack_version(stack_version_unformatted)
-stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, stack_version_formatted)
-ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
-ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
deleted file mode 100644
index 8478bb8..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.core.resources.system import Execute
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.functions.format import format
-
-def prestart(env, stack_component):
-  import params
-
-  if params.version and params.stack_supports_config_versioning:
-    conf_select.select(params.stack_name, stack_component, params.version)
-    stack_select.select(stack_component, params.version)

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2 b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
deleted file mode 100644
index 306fade..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-{#
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements.  See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership.  The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License.  You may obtain a copy of the License at
- #
- #   http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #}
-{
-  "input":[
-    {
-      "type":"ranger_kms",
-      "rowtype":"service",
-      "path":"{{default('/configurations/kms-env/kms_log_dir', '/var/log/ranger/kms')}}/kms.log"
-    }
-  ],
-  "filter":[
-    {
-      "filter":"grok",
-      "conditions":{
-        "fields":{
-          "type":[
-            "ranger_kms"
-          ]
-        }
-      },
-      "log4j_format":"%d{ISO8601} %-5p %c{1} - %m%n",
-      "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
-      "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
-      "post_map_values":{
-        "logtime":{
-          "map_date":{
-            "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
-          }
-        }
-      }
-    }
-  ]
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
deleted file mode 100644
index 7ddab41..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  "general_deps" : {
-    "_comment" : "dependencies for RANGER-KMS",
-    "RANGER_KMS_SERVER-START" : ["RANGER_ADMIN-START", "NAMENODE-START"],
-    "RANGER_KMS_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_KMS_SERVER-START"]
-  }
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
deleted file mode 100644
index 9c33218..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
+++ /dev/null
@@ -1,281 +0,0 @@
-#!/usr/bin/env ambari-python-wrap
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-# Python imports
-import imp
-import os
-import traceback
-import re
-import socket
-import fnmatch
-
-
-from resource_management.core.logger import Logger
-
-SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/')
-PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py')
-
-try:
-  with open(PARENT_FILE, 'rb') as fp:
-    service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE))
-except Exception as e:
-  traceback.print_exc()
-  print "Failed to load parent"
-
-class RangerKMSServiceAdvisor(service_advisor.ServiceAdvisor):
-
-  def __init__(self, *args, **kwargs):
-    self.as_super = super(RangerKMSServiceAdvisor, self)
-    self.as_super.__init__(*args, **kwargs)
-
-    # Always call these methods
-    self.modifyMastersWithMultipleInstances()
-    self.modifyCardinalitiesDict()
-    self.modifyHeapSizeProperties()
-    self.modifyNotValuableComponents()
-    self.modifyComponentsNotPreferableOnServer()
-    self.modifyComponentLayoutSchemes()
-
-  def modifyMastersWithMultipleInstances(self):
-    """
-    Modify the set of masters with multiple instances.
-    Must be overriden in child class.
-    """
-    # Nothing to do
-    pass
-
-  def modifyCardinalitiesDict(self):
-    """
-    Modify the dictionary of cardinalities.
-    Must be overriden in child class.
-    """
-    # Nothing to do
-    pass
-
-  def modifyHeapSizeProperties(self):
-    """
-    Modify the dictionary of heap size properties.
-    Must be overriden in child class.
-    """
-    pass
-
-  def modifyNotValuableComponents(self):
-    """
-    Modify the set of components whose host assignment is based on other services.
-    Must be overriden in child class.
-    """
-    # Nothing to do
-    pass
-
-  def modifyComponentsNotPreferableOnServer(self):
-    """
-    Modify the set of components that are not preferable on the server.
-    Must be overriden in child class.
-    """
-    # Nothing to do
-    pass
-
-  def modifyComponentLayoutSchemes(self):
-    """
-    Modify layout scheme dictionaries for components.
-    The scheme dictionary basically maps the number of hosts to
-    host index where component should exist.
-    Must be overriden in child class.
-    """
-    # Nothing to do
-    pass
-
-  def getServiceComponentLayoutValidations(self, services, hosts):
-    """
-    Get a list of errors.
-    Must be overriden in child class.
-    """
-
-    return []
-
-  def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts):
-    """
-    Entry point.
-    Must be overriden in child class.
-    """
-    #Logger.info("Class: %s, Method: %s. Recommending Service Configurations." %
-    #            (self.__class__.__name__, inspect.stack()[0][3]))
-
-    recommender = RangerKMSRecommender()
-    recommender.recommendRangerKMSConfigurationsFromHDP23(configurations, clusterData, services, hosts)
-    recommender.recommendRangerKMSConfigurationsFromHDP25(configurations, clusterData, services, hosts)
-
-
-
-  def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts):
-    """
-    Entry point.
-    Validate configurations for the service. Return a list of errors.
-    The code for this function should be the same for each Service Advisor.
-    """
-    #Logger.info("Class: %s, Method: %s. Validating Configurations." %
-    #            (self.__class__.__name__, inspect.stack()[0][3]))
-
-    validator = RangerKMSValidator()
-    # Calls the methods of the validator using arguments,
-    # method(siteProperties, siteRecommendations, configurations, services, hosts)
-    return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators)
-
-
-
-class RangerKMSRecommender(service_advisor.ServiceAdvisor):
-  """
-  RangerKMS Recommender suggests properties when adding the service for the first time or modifying configs via the UI.
-  """
-
-  def __init__(self, *args, **kwargs):
-    self.as_super = super(RangerKMSRecommender, self)
-    self.as_super.__init__(*args, **kwargs)
-
-
-  def recommendRangerKMSConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
-    servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-    putRangerKmsDbksProperty = self.putProperty(configurations, "dbks-site", services)
-    putRangerKmsProperty = self.putProperty(configurations, "kms-properties", services)
-    kmsEnvProperties = self.getSiteProperties(services['configurations'], 'kms-env')
-    putCoreSiteProperty = self.putProperty(configurations, "core-site", services)
-    putCoreSitePropertyAttribute = self.putPropertyAttribute(configurations, "core-site")
-    putRangerKmsAuditProperty = self.putProperty(configurations, "ranger-kms-audit", services)
-    security_enabled = self.isSecurityEnabled(services)
-    putRangerKmsSiteProperty = self.putProperty(configurations, "kms-site", services)
-    putRangerKmsSitePropertyAttribute = self.putPropertyAttribute(configurations, "kms-site")
-
-    if 'kms-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['kms-properties']['properties']):
-
-      rangerKmsDbFlavor = services['configurations']["kms-properties"]["properties"]["DB_FLAVOR"]
-
-      if ('db_host' in services['configurations']['kms-properties']['properties']) and ('db_name' in services['configurations']['kms-properties']['properties']):
-
-        rangerKmsDbHost =   services['configurations']["kms-properties"]["properties"]["db_host"]
-        rangerKmsDbName =   services['configurations']["kms-properties"]["properties"]["db_name"]
-
-        ranger_kms_db_url_dict = {
-          'MYSQL': {'ranger.ks.jpa.jdbc.driver': 'com.mysql.jdbc.Driver',
-                    'ranger.ks.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
-          'ORACLE': {'ranger.ks.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver',
-                     'ranger.ks.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost, rangerKmsDbName)},
-          'POSTGRES': {'ranger.ks.jpa.jdbc.driver': 'org.postgresql.Driver',
-                       'ranger.ks.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
-          'MSSQL': {'ranger.ks.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver',
-                    'ranger.ks.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';databaseName=' + rangerKmsDbName},
-          'SQLA': {'ranger.ks.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver',
-                   'ranger.ks.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';database=' + rangerKmsDbName}
-        }
-
-        rangerKmsDbProperties = ranger_kms_db_url_dict.get(rangerKmsDbFlavor, ranger_kms_db_url_dict['MYSQL'])
-        for key in rangerKmsDbProperties:
-          putRangerKmsDbksProperty(key, rangerKmsDbProperties.get(key))
-
-    if kmsEnvProperties and self.checkSiteProperties(kmsEnvProperties, 'kms_user') and 'KERBEROS' in servicesList:
-      kmsUser = kmsEnvProperties['kms_user']
-      kmsUserOld = self.getOldValue(services, 'kms-env', 'kms_user')
-      self.put_proxyuser_value(kmsUser, '*', is_groups=True, services=services, configurations=configurations, put_function=putCoreSiteProperty)
-      if kmsUserOld is not None and kmsUser != kmsUserOld:
-        putCoreSitePropertyAttribute("hadoop.proxyuser.{0}.groups".format(kmsUserOld), 'delete', 'true')
-        services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUserOld)})
-        services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUser)})
-
-    if "HDFS" in servicesList:
-      if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
-        default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
-        putRangerKmsAuditProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit'))
-
-    required_services = [{'service' : 'YARN', 'config-type': 'yarn-env', 'property-name': 'yarn_user', 'proxy-category': ['hosts', 'users', 'groups']},
-                         {'service' : 'SPARK', 'config-type': 'livy-env', 'property-name': 'livy_user', 'proxy-category': ['hosts', 'users', 'groups']}]
-
-    required_services_for_secure = [{'service' : 'HIVE', 'config-type': 'hive-env', 'property-name': 'hive_user', 'proxy-category': ['hosts', 'users']},
-                                    {'service' : 'OOZIE', 'config-type': 'oozie-env', 'property-name': 'oozie_user', 'proxy-category': ['hosts', 'users']}]
-
-    if security_enabled:
-      required_services.extend(required_services_for_secure)
-
-    # recommendations for kms proxy related properties
-    self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
-
-    ambari_user = self.getAmbariUser(services)
-    if security_enabled:
-      # adding for ambari user
-      putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), '*')
-      putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), '*')
-      # adding for HTTP
-      putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.users', '*')
-      putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.hosts', '*')
-    else:
-      self.deleteKMSProxyUsers(configurations, services, hosts, required_services_for_secure)
-      # deleting ambari user proxy properties
-      putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), 'delete', 'true')
-      putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), 'delete', 'true')
-      # deleting HTTP proxy properties
-      putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.hosts', 'delete', 'true')
-      putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.users', 'delete', 'true')
-
-
-  def recommendRangerKMSConfigurationsFromHDP25(self, configurations, clusterData, services, hosts):
-
-    security_enabled = self.isSecurityEnabled(services)
-    required_services = [{'service' : 'RANGER', 'config-type': 'ranger-env', 'property-name': 'ranger_user', 'proxy-category': ['hosts', 'users', 'groups']}]
-
-    if security_enabled:
-      # recommendations for kms proxy related properties
-      self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
-    else:
-      self.deleteKMSProxyUsers(configurations, services, hosts, required_services)
-
-
-
-  def recommendRangerKMSConfigurations(self, configurations, clusterData, services, hosts):
-    putRangerKmsEnvProperty = self.putProperty(configurations, "kms-env", services)
-
-    ranger_kms_ssl_enabled = False
-    ranger_kms_ssl_port = "9393"
-    if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.attrib.ssl.enabled' in services['configurations']['ranger-kms-site']['properties']:
-      ranger_kms_ssl_enabled = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.attrib.ssl.enabled'].lower() == "true"
-
-    if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.port' in services['configurations']['ranger-kms-site']['properties']:
-      ranger_kms_ssl_port = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.port']
-
-    if ranger_kms_ssl_enabled:
-      putRangerKmsEnvProperty("kms_port", ranger_kms_ssl_port)
-    else:
-      putRangerKmsEnvProperty("kms_port", "9292")
-
-
-
-class RangerKMSValidator(service_advisor.ServiceAdvisor):
-  """
-  RangerKMS Validator checks the correctness of properties whenever the service is first added or the user attempts to
-  change configs via the UI.
-  """
-
-  def __init__(self, *args, **kwargs):
-    self.as_super = super(RangerKMSValidator, self)
-    self.as_super.__init__(*args, **kwargs)
-
-    self.validators = []
-
-
-
-
-

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
deleted file mode 100644
index c08a56c..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
+++ /dev/null
@@ -1,303 +0,0 @@
-{
-  "name": "default",
-  "description": "Default theme for Ranger KMS service",
-  "configuration": {
-    "layouts": [
-    {
-        "name": "default",
-        "tabs": [
-          {
-            "name": "db_settings",
-            "display-name": "Settings",
-            "layout": {
-              "tab-columns": "2",
-              "tab-rows": "2",
-              "sections": [
-                {
-                  "name": "section-db-settings",
-                  "display-name": "",
-                  "row-index": "0",
-                  "column-index": "0",
-                  "row-span": "4",
-                  "column-span": "2",
-                  "section-columns": "2",
-                  "section-rows": "4",
-                  "subsections": [
-                    {
-                      "name": "subsection-kms-db-row1-col1",
-                      "display-name": "Ranger KMS DB",
-                      "row-index": "0",
-                      "column-index": "0",
-                      "row-span": "1",
-                      "column-span": "1"
-                    },
-                    {
-                      "name": "subsection-kms-db-row1-col2",
-                      "row-index": "0",
-                      "column-index": "1",
-                      "row-span": "1",
-                      "column-span": "1"
-                    },
-                    {
-                      "name": "subsection-kms-create-db-user-row2-col",
-                      "display-name": "Setup Database and Database User",
-                      "row-index": "1",
-                      "column-index": "0",
-                      "row-span": "1",
-                      "column-span": "2"
-                    },
-                    {
-                      "name": "subsection-kms-db-root-user-row3-col1",
-                      "display-name": "Ranger KMS Root DB",
-                      "row-index": "2",
-                      "column-index": "0",
-                      "row-span": "1",
-                      "column-span": "1",
-                      "depends-on": [
-                        {
-                          "configs":[
-                            "kms-env/create_db_user"
-                          ],
-                          "if": "${kms-env/create_db_user}",
-                          "then": {
-                            "property_value_attributes": {
-                              "visible": true
-                            }
-                          },
-                          "else": {
-                            "property_value_attributes": {
-                              "visible": false
-                            }
-                          }
-                        }
-                      ]
-                    },
-                    {
-                      "name": "subsection-kms-db-root-user-row3-col2",
-                      "row-index": "2",
-                      "column-index": "1",
-                      "row-span": "1",
-                      "column-span": "1",
-                      "depends-on": [
-                        {
-                          "configs":[
-                            "kms-env/create_db_user"
-                          ],
-                          "if": "${kms-env/create_db_user}",
-                          "then": {
-                            "property_value_attributes": {
-                              "visible": true
-                            }
-                          },
-                          "else": {
-                            "property_value_attributes": {
-                              "visible": false
-                            }
-                          }
-                        }
-                      ]
-                    },
-                    {
-                      "name": "subsection-kms-master-row4-col",
-                      "display-name": "KMS Master Secret Password",
-                      "row-index": "3",
-                      "column-index": "0",
-                      "row-span": "1",
-                      "column-span": "2"
-                    }
-                  ]
-                }
-              ]
-            }
-          }
-        ]
-      }
-    ],
-    "placement": {
-      "configuration-layout": "default",
-      "configs": [
-        {
-          "config": "kms-properties/DB_FLAVOR",
-          "subsection-name": "subsection-kms-db-row1-col1"
-        },
-        {
-          "config": "kms-properties/db_name",
-          "subsection-name": "subsection-kms-db-row1-col1"
-        },
-        {
-          "config": "dbks-site/ranger.ks.jpa.jdbc.url",
-          "subsection-name": "subsection-kms-db-row1-col1"
-        },
-        {
-          "config": "kms-properties/db_user",
-          "subsection-name": "subsection-kms-db-row1-col1"
-        },
-        {
-          "config": "kms-properties/db_host",
-          "subsection-name": "subsection-kms-db-row1-col2"
-        },
-        {
-          "config": "kms-properties/SQL_CONNECTOR_JAR",
-          "subsection-name": "subsection-kms-db-row1-col2",
-          "depends-on" : [
-            {
-              "configs":[
-                "kms-properties/DB_FLAVOR"
-              ],
-              "if": "${kms-properties/DB_FLAVOR} === SQLA",
-              "then": {
-                "property_value_attributes": {
-                  "visible": false
-                }
-              },
-              "else": {
-                "property_value_attributes": {
-                  "visible": true
-                }
-              }
-            }
-          ]
-        },
-        {
-          "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
-          "subsection-name": "subsection-kms-db-row1-col2"
-        },
-        {
-          "config": "kms-properties/db_password",
-          "subsection-name": "subsection-kms-db-row1-col2"
-        },
-        {
-          "config": "kms-properties/db_root_user",
-          "subsection-name": "subsection-kms-db-root-user-row3-col1"
-        },
-        {
-          "config": "kms-properties/db_root_password",
-          "subsection-name": "subsection-kms-db-root-user-row3-col2"
-        },
-        {
-          "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
-          "subsection-name": "subsection-kms-master-row4-col"
-        },
-        {
-          "config" : "kms-env/create_db_user",
-          "subsection-name": "subsection-kms-create-db-user-row2-col"
-        },
-        {
-          "config": "kms-env/test_db_kms_connection",
-          "subsection-name": "subsection-kms-create-db-user-row2-col",
-          "property_value_attributes": {
-            "ui_only_property": true
-          },
-          "depends-on": [
-            {
-              "configs":[
-                "kms-env/create_db_user"
-              ],
-              "if": "${kms-env/create_db_user}",
-              "then": {
-                "property_value_attributes": {
-                  "visible": false
-                }
-              },
-              "else": {
-                "property_value_attributes": {
-                  "visible": true
-                }
-              }
-            }
-          ]
-        }
-      ]
-    },
-    "widgets": [
-      {
-        "config": "kms-properties/DB_FLAVOR",
-        "widget": {
-          "type": "combo"
-        }
-      },
-      {
-        "config": "kms-properties/db_user",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "kms-properties/db_name",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "kms-properties/SQL_CONNECTOR_JAR",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "kms-properties/db_root_user",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "kms-properties/db_host",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "kms-properties/db_password",
-        "widget": {
-          "type": "password"
-        }
-      },
-      {
-        "config": "kms-properties/db_root_password",
-        "widget": {
-          "type": "password"
-        }
-      },
-      {
-        "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
-        "widget": {
-          "type": "password"
-        }
-      },
-      {
-        "config": "kms-env/create_db_user",
-        "widget": {
-          "type": "toggle"
-        }
-      },
-      {
-        "config": "kms-env/test_db_kms_connection",
-        "widget": {
-          "type": "test-db-connection",
-          "display-name": "Test Connection",
-          "required-properties": {
-            "jdbc.driver.class": "dbks-site/ranger.ks.jpa.jdbc.driver",
-            "jdbc.driver.url": "dbks-site/ranger.ks.jpa.jdbc.url",
-            "db.connection.source.host": "ranger_kms-site/ranger_kms_server_hosts",
-            "db.type": "kms-properties/DB_FLAVOR",
-            "db.connection.destination.host": "kms-properties/db_host",
-            "db.connection.user": "kms-properties/db_user",
-            "db.connection.password": "kms-properties/db_password"
-          }
-        }
-      },
-      {
-        "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
-        "widget" : {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "dbks-site/ranger.ks.jpa.jdbc.url",
-        "widget": {
-          "type": "text-field"
-        }
-      }
-    ]
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
deleted file mode 100644
index be50dad..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
+++ /dev/null
@@ -1,124 +0,0 @@
-{
-  "configuration": {
-    "layouts": [
-      {
-        "name": "default",
-        "tabs": [
-          {
-            "name": "kms_hsm",
-            "display-name": "KMS HSM",
-            "layout": {
-              "tab-columns": "1",
-              "tab-rows": "1",
-              "sections": [
-                {
-                  "name": "section-kms-hms",
-                  "display-name": "",
-                  "row-index": "0",
-                  "column-index": "0",
-                  "row-span": "2",
-                  "column-span": "1",
-                  "section-columns": "1",
-                  "section-rows": "2",
-                  "subsections": [
-                    {
-                      "name": "subsection-kms-hsm-row1-col1",
-                      "display-name": "Ranger KMS HSM Enabled",
-                      "row-index": "0",
-                      "column-index": "0",
-                      "row-span": "1",
-                      "column-span": "1"
-                    },
-                    {
-                      "name": "subsection-kms-hsm-row2-col1",
-                      "display-name": "Configuration Settings",
-                      "row-index": "1",
-                      "column-index": "0",
-                      "row-span": "1",
-                      "column-span": "1",
-                      "depends-on": [
-                        {
-                          "configs": [
-                            "dbks-site/ranger.ks.hsm.enabled"
-                          ],
-                          "if": "${dbks-site/ranger.ks.hsm.enabled}",
-                          "then": {
-                            "property_value_attributes": {
-                              "visible": true
-                            }
-                          },
-                          "else": {
-                            "property_value_attributes": {
-                              "visible": false
-                            }
-                          }
-                        }
-                      ]
-                    }
-                  ]
-                }
-              ]
-            }
-          }
-        ]
-      }
-    ],
-    "placement": {
-      "configuration-layout": "default",
-      "configs": [
-        {
-          "config": "dbks-site/ranger.ks.hsm.enabled",
-          "subsection-name": "subsection-kms-hsm-row1-col1"
-        },
-        {
-          "config": "dbks-site/ranger.ks.hsm.type",
-          "subsection-name": "subsection-kms-hsm-row2-col1"
-        },
-        {
-          "config": "dbks-site/ranger.ks.hsm.partition.name",
-          "subsection-name": "subsection-kms-hsm-row2-col1"
-        },
-        {
-          "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
-          "subsection-name": "subsection-kms-hsm-row2-col1"
-        },
-        {
-          "config": "kms-env/hsm_partition_password",
-          "subsection-name": "subsection-kms-hsm-row2-col1"
-        }
-      ]
-    },
-    "widgets": [
-      {
-        "config": "dbks-site/ranger.ks.hsm.enabled",
-        "widget": {
-          "type": "toggle"
-        }
-      },
-      {
-        "config": "dbks-site/ranger.ks.hsm.type",
-        "widget": {
-          "type": "combo"
-        }
-      },
-      {
-        "config": "dbks-site/ranger.ks.hsm.partition.name",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
-        "widget": {
-          "type": "text-field"
-        }
-      },
-      {
-        "config": "kms-env/hsm_partition_password",
-        "widget": {
-          "type": "password"
-        }
-      }
-    ]
-  }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json
new file mode 100644
index 0000000..05c3fe6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json
@@ -0,0 +1,32 @@
+{
+  "RANGER_KMS": {
+    "service": [],
+    "RANGER_KMS_SERVER": [
+      {
+        "name": "ranger_kms_server_process",
+        "label": "Ranger KMS Server Process",
+        "description": "This host-level alert is triggered if the Ranger KMS Server cannot be determined to be up.",
+        "interval": 1,
+        "scope": "HOST",
+        "source": {
+          "type": "PORT",
+          "uri": "{{kms-env/kms_port}}",
+          "default_port": 9292,
+          "reporting": {
+            "ok": {
+              "text": "TCP OK - {0:.3f}s response on port {1}"
+            },
+            "warning": {
+              "text": "TCP OK - {0:.3f}s response on port {1}",
+              "value": 1.5
+            },
+            "critical": {
+              "text": "Connection failed: {0} to {1}:{2}",
+              "value": 5.0
+            }
+          }
+        }
+      }
+    ]
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml
new file mode 100644
index 0000000..4ac20b3
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
+    <value>hdfs</value>
+    <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.db.encrypt.key.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>Password used for encrypting Master Key</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.url</name>
+    <display-name>JDBC connect string</display-name>
+    <value>jdbc:mysql://localhost</value>
+    <description>URL for Database</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>kms-properties</type>
+        <name>DB_FLAVOR</name>
+      </property>
+      <property>
+        <type>kms-properties</type>
+        <name>db_host</name>
+      </property>
+      <property>
+        <type>kms-properties</type>
+        <name>db_name</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.user</name>
+    <value>{{db_user}}</value>
+    <description>Database username used for operation</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>Database user's password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.credential.provider.path</name>
+    <value>/etc/ranger/kms/rangerkms.jceks</value>
+    <description>Credential provider path</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.credential.alias</name>
+    <value>ranger.ks.jdbc.password</value>
+    <description>Credential alias used for password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.masterkey.credential.alias</name>
+    <value>ranger.ks.masterkey.password</value>
+    <description>Credential alias used for masterkey</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.dialect</name>
+    <value>{{jdbc_dialect}}</value>
+    <description>Dialect used for database</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.driver</name>
+    <display-name>Driver class name for a JDBC Ranger KMS database</display-name>
+    <value>com.mysql.jdbc.Driver</value>
+    <description>Driver used for database</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>kms-properties</type>
+        <name>DB_FLAVOR</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jdbc.sqlconnectorjar</name>
+    <value>{{ews_lib_jar_path}}</value>
+    <description>Driver used for database</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.type</name>
+    <display-name>HSM Type</display-name>
+    <value>LunaProvider</value>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>LunaProvider</value>
+          <label>Luna Provider</label>
+        </entry>
+      </entries>
+    </value-attributes>
+    <description>HSM type</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.enabled</name>
+    <display-name>HSM Enabled</display-name>
+    <value>false</value>
+    <description>Enable HSM ?</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.partition.name</name>
+    <display-name>HSM partition name. In case of HSM HA enter the group name</display-name>
+    <value>par19</value>
+    <description/>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.partition.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>HSM partition password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.partition.password.alias</name>
+    <display-name>HSM partition password alias</display-name>
+    <value>ranger.kms.hsm.partition.password</value>
+    <description>HSM partition password alias</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.kerberos.principal</name>
+    <value/>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.kerberos.keytab</name>
+    <value/>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml
new file mode 100644
index 0000000..acecdfe
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="true">
+  <property>
+    <name>kms_user</name>
+    <display-name>Kms User</display-name>
+    <value>kms</value>
+    <property-type>USER</property-type>
+    <description>Kms username</description>
+    <value-attributes>
+      <type>user</type>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>kms_group</name>
+    <display-name>Kms group</display-name>
+    <value>kms</value>
+    <property-type>GROUP</property-type>
+    <description>Kms group</description>
+    <value-attributes>
+      <type>user</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>kms_log_dir</name>
+    <value>/var/log/ranger/kms</value>
+    <description/>
+    <value-attributes>
+      <type>directory</type>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>kms_port</name>
+    <value>9292</value>
+    <description/>
+    <on-ambari-upgrade add="false"/>
+    <depends-on>
+      <property>
+        <type>ranger-kms-site</type>
+        <name>ranger.service.https.port</name>
+      </property>
+      <property>
+        <type>ranger-kms-site</type>
+        <name>ranger.service.https.attrib.ssl.enabled</name>
+      </property>
+    </depends-on>
+  </property>
+  <property>
+    <name>create_db_user</name>
+    <display-name>Setup Database and Database User</display-name>
+    <value>true</value>
+    <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hsm_partition_password</name>
+    <display-name>HSM partition password</display-name>
+    <value/>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>HSM partition password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger_kms_pid_dir</name>
+    <value>/var/run/ranger_kms</value>
+    <description/>
+    <value-attributes>
+      <type>directory</type>
+      <overridable>false</overridable>
+      <editable-only-at-install>true</editable-only-at-install>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml
new file mode 100644
index 0000000..daae579
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+   <property>
+    <name>ranger_kms_log_maxfilesize</name>
+    <value>256</value>
+    <description>The maximum size of backup file before the log is rotated</description>
+    <display-name>Ranger-kms Log: backup file size</display-name>
+    <value-attributes>
+      <unit>MB</unit>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+   </property>
+   <property>
+    <name>ranger_kms_log_maxbackupindex</name>
+    <value>20</value>
+    <description>The number of backup files</description>
+    <display-name>Ranger-kms Log: # of backup files</display-name>
+    <value-attributes>
+      <type>int</type>
+      <minimum>0</minimum>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger_kms_audit_log_maxfilesize</name>
+    <value>256</value>
+    <description>The maximum size of backup file before the log is rotated</description>
+    <display-name>Ranger-kms Audit Log: backup file size</display-name>
+    <value-attributes>
+      <unit>MB</unit>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+   </property>
+   <property>
+    <name>ranger_kms_audit_log_maxbackupindex</name>
+    <value>20</value>
+    <description>The number of backup files</description>
+    <display-name>Ranger-kms Audit Log: # of backup files</display-name>
+    <value-attributes>
+      <type>int</type>
+      <minimum>0</minimum>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>content</name>
+    <display-name>kms-log4j template</display-name>
+    <description>kms-log4j.properties</description>
+    <value>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+# If the Java System property 'kms.log.dir' is not defined at KMS start up time
+# Setup sets its value to '${kms.home}/logs'
+
+log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.kms.DatePattern='.'yyyy-MM-dd
+log4j.appender.kms.File=${kms.log.dir}/kms.log
+log4j.appender.kms.Append=true
+log4j.appender.kms.layout=org.apache.log4j.PatternLayout
+log4j.appender.kms.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
+log4j.appender.kms.MaxFileSize = {{ranger_kms_log_maxfilesize}}MB
+log4j.appender.kms.MaxBackupIndex = {{ranger_kms_log_maxbackupindex}}
+
+log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.kms-audit.DatePattern='.'yyyy-MM-dd
+log4j.appender.kms-audit.File=${kms.log.dir}/kms-audit.log
+log4j.appender.kms-audit.Append=true
+log4j.appender.kms-audit.layout=org.apache.log4j.PatternLayout
+log4j.appender.kms-audit.layout.ConversionPattern=%d{ISO8601} %m%n
+log4j.appender.kms-audit.MaxFileSize = {{ranger_kms_audit_log_maxfilesize}}MB
+log4j.appender.kms-audit.MaxBackupIndex = {{ranger_kms_audit_log_maxbackupindex}}
+
+log4j.logger.kms-audit=INFO, kms-audit
+log4j.additivity.kms-audit=false
+
+log4j.logger=INFO, kms
+log4j.additivity.kms=false
+log4j.rootLogger=INFO, kms
+log4j.logger.org.apache.hadoop.conf=ERROR
+log4j.logger.org.apache.hadoop=INFO
+log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF
+    </value>
+    <value-attributes>
+      <type>content</type>
+      <show-property-name>false</show-property-name>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml
new file mode 100644
index 0000000..d2d4da5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <display-name>Repository config username</display-name>
+    <value>keyadmin</value>
+    <description/>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <display-name>Repository config password</display-name>
+    <value>keyadmin</value>
+    <property-type>PASSWORD</property-type>
+    <description/>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>DB_FLAVOR</name>
+    <display-name>DB FLAVOR</display-name>
+    <value>MYSQL</value>
+    <description>The database type to be used</description>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>MYSQL</value>
+          <label>MYSQL</label>
+        </entry>
+        <entry>
+          <value>ORACLE</value>
+          <label>ORACLE</label>
+        </entry>
+        <entry>
+          <value>POSTGRES</value>
+          <label>POSTGRES</label>
+        </entry>
+        <entry>
+          <value>MSSQL</value>
+          <label>MSSQL</label>
+        </entry>
+        <entry>
+          <value>SQLA</value>
+          <label>SQL Anywhere</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>SQL_CONNECTOR_JAR</name>
+    <display-name>SQL connector jar</display-name>
+    <value>{{driver_curl_target}}</value>
+    <description>Location of DB client library (please check the location of the jar file)</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>kms-properties</type>
+        <name>DB_FLAVOR</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false" update="false"/>
+  </property>
+  <property>
+    <name>db_root_user</name>
+    <display-name>Database Administrator (DBA) username</display-name>
+    <value>root</value>
+    <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>db_root_password</name>
+    <display-name>Database Administrator (DBA) password</display-name>
+    <value/>
+    <property-type>PASSWORD</property-type>
+    <description>Database password for the database admin username</description>
+    <value-attributes>
+      <type>password</type>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>db_host</name>
+    <display-name>Ranger KMS DB host</display-name>
+    <value/>
+    <description>Database host</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>db_name</name>
+    <display-name>Ranger KMS DB name</display-name>
+    <value>rangerkms</value>
+    <description>Database name</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>db_user</name>
+    <display-name>Ranger KMS DB username</display-name>
+    <value>rangerkms</value>
+    <description>Database username used for the Ranger KMS schema</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>db_password</name>
+    <display-name>Ranger KMS DB password</display-name>
+    <value/>
+    <property-type>PASSWORD</property-type>
+    <description>Database password for the Ranger KMS schema</description>
+    <value-attributes>
+      <type>password</type>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>KMS_MASTER_KEY_PASSWD</name>
+    <display-name>KMS master key password</display-name>
+    <value/>
+    <property-type>PASSWORD</property-type>
+    <description/>
+    <value-attributes>
+      <type>password</type>
+      <overridable>false</overridable>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml
new file mode 100644
index 0000000..1e6f7b5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>hadoop.kms.key.provider.uri</name>
+    <value>dbks://http@localhost:9292/kms</value>
+    <description>URI of the backing KeyProvider for the KMS.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.security.keystore.JavaKeyStoreProvider.password</name>
+    <value>none</value>
+    <description>If using the JavaKeyStoreProvider, the password for the keystore file.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.cache.enable</name>
+    <value>true</value>
+    <description>Whether the KMS will act as a cache for the backing KeyProvider. When the cache is enabled, operations like getKeyVersion, getMetadata, and getCurrentKey will sometimes return cached data without consulting the backing KeyProvider. Cached values are flushed when keys are deleted or modified.
+    </description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.cache.timeout.ms</name>
+    <value>600000</value>
+    <description>Expiry time for the KMS key version and key metadata cache, in milliseconds. This affects getKeyVersion and getMetadata.
+    </description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.current.key.cache.timeout.ms</name>
+    <value>30000</value>
+    <description>Expiry time for the KMS current key cache, in milliseconds. This affects getCurrentKey operations.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.audit.aggregation.window.ms</name>
+    <value>10000</value>
+    <description>Duplicate audit log events within the aggregation window (specified in ms) are quashed to reduce log traffic. A single message for aggregated events is printed at the end of the window, along with a count of the number of aggregated events.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.type</name>
+    <value>simple</value>
+    <description>Authentication type for the KMS. Can be either "simple" or "kerberos".
+    </description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.kerberos.keytab</name>
+    <value>${user.home}/kms.keytab</value>
+    <description>Path to the keytab with credentials for the configured Kerberos principal.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.kerberos.principal</name>
+    <value>HTTP/localhost</value>
+    <description>The Kerberos principal to use for the HTTP endpoint. The principal must start with 'HTTP/' as per the Kerberos HTTP SPNEGO specification.</description>
+    <property-type>KERBEROS_PRINCIPAL</property-type>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.kerberos.name.rules</name>
+    <value>DEFAULT</value>
+    <description>Rules used to resolve Kerberos principal names.</description>
+    <value-attributes>
+      <type>multiLine</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.signer.secret.provider</name>
+    <value>random</value>
+    <description>Indicates how the secret to sign the authentication cookies will be stored. Options are 'random' (default), 'string' and 'zookeeper'. If using a setup with multiple KMS instances, 'zookeeper' should be used.
+    </description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.path</name>
+    <value>/hadoop-kms/hadoop-auth-signature-secret</value>
+    <description>The Zookeeper ZNode path where the KMS instances will store and retrieve the secret from.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string</name>
+    <value>#HOSTNAME#:#PORT#,...</value>
+    <description>The Zookeeper connection string, a list of hostnames and port comma separated.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
+    <value>kerberos</value>
+    <description>The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab</name>
+    <value>/etc/hadoop/conf/kms.keytab</value>
+    <description>The absolute path for the Kerberos keytab with the credentials to connect to Zookeeper.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal</name>
+    <value>kms/#HOSTNAME#</value>
+    <description>The Kerberos service principal used to connect to Zookeeper.</description>
+    <property-type>KERBEROS_PRINCIPAL</property-type>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>hadoop.kms.security.authorization.manager</name>
+    <value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
+    <description/>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml
new file mode 100644
index 0000000..518120c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>xasecure.audit.is.enabled</name>
+    <value>true</value>
+    <description>Is Audit enabled?</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.hdfs</name>
+    <value>true</value>
+    <display-name>Audit to HDFS</display-name>
+    <description>Is Audit to HDFS enabled?</description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.hdfs.dir</name>
+    <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+    <depends-on>
+      <property>
+        <type>core-site</type>
+        <name>fs.defaultFS</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
+    <value>/var/log/ranger/kms/audit/hdfs/spool</value>
+    <description>/var/log/ranger/kms/audit/hdfs/spool</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.solr</name>
+    <value>true</value>
+    <display-name>Audit to SOLR</display-name>
+    <description>Is Solr audit enabled?</description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
+    <value>/var/log/ranger/kms/audit/solr/spool</value>
+    <description>/var/log/ranger/kms/audit/solr/spool</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.provider.summary.enabled</name>
+    <value>false</value>
+    <display-name>Audit provider summary enabled</display-name>
+    <description>Enable Summary audit?</description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.solr.urls</name>
+    <value>{{ranger_audit_solr_urls}}</value>
+    <description>Solr URL</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.audit.solr.urls</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.solr.zookeepers</name>
+    <value>none</value>
+    <description>Solr Zookeeper string</description>
+    <depends-on>
+      <property>
+        <type>ranger-admin-site</type>
+        <name>ranger.audit.solr.zookeepers</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.plugin.kms.ambari.cluster.name</name>
+    <value>{{cluster_name}}</value>
+    <description>Capture cluster name from where Ranger kms plugin is enabled.</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
new file mode 100644
index 0000000..a89a1a7
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore.password</name>
+    <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>password for keystore</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore.password</name>
+    <value>changeit</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>java truststore password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+    <value>jceks://file{{credential_file}}</value>
+    <description>java keystore credential file</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+    <value>jceks://file{{credential_file}}</value>
+    <description>java truststore credential file</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.policymgr.clientssl.keystore</name>
+    <value>/etc/security/serverKeys/ranger-plugin-keystore.jks</value>
+    <description>Java Keystore files</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xasecure.policymgr.clientssl.truststore</name>
+    <value>/etc/security/serverKeys/ranger-plugin-truststore.jks</value>
+    <description>java truststore file</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml
new file mode 100644
index 0000000..13adcb4
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>ranger.plugin.kms.service.name</name>
+    <value>{{repo_name}}</value>
+    <description>Name of the Ranger service containing policies for this kms instance</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.plugin.kms.policy.source.impl</name>
+    <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+    <description>Class to retrieve policies from the source</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.plugin.kms.policy.rest.url</name>
+    <value>{{policymgr_mgr_url}}</value>
+    <description>URL to Ranger Admin</description>
+    <on-ambari-upgrade add="false"/>
+    <depends-on>
+      <property>
+        <type>admin-properties</type>
+        <name>policymgr_external_url</name>
+      </property>
+    </depends-on>
+  </property>
+  <property>
+    <name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
+    <value>/etc/ranger/kms/conf/ranger-policymgr-ssl.xml</value>
+    <description>Path to the file containing SSL details to contact Ranger Admin</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.plugin.kms.policy.pollIntervalMs</name>
+    <value>30000</value>
+    <description>How often to poll for changes in policies?</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.plugin.kms.policy.cache.dir</name>
+    <value>/etc/ranger/{{repo_name}}/policycache</value>
+    <description>Directory where Ranger policies are cached after successful retrieval from the source</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml
new file mode 100644
index 0000000..8d0a351
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>ranger.service.host</name>
+    <value>{{kms_host}}</value>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.service.http.port</name>
+    <value>{{kms_port}}</value>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.service.https.port</name>
+    <value>9393</value>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.service.shutdown.port</name>
+    <value>7085</value>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.contextName</name>
+    <value>/kms</value>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>xa.webapp.dir</name>
+    <value>./webapp</value>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.service.https.attrib.ssl.enabled</name>
+    <value>false</value>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.service.https.attrib.keystore.file</name>
+    <value>/etc/security/serverKeys/ranger-kms-keystore.jks</value>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+  </property>
+  <property>
+    <name>ranger.service.https.attrib.client.auth</name>
+    <value>want</value>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+  </property>
+  <property>
+    <name>ranger.service.https.attrib.keystore.keyalias</name>
+    <value>rangerkms</value>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+  </property>
+  <property>
+    <name>ranger.service.https.attrib.keystore.pass</name>
+    <value>rangerkms</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+  </property>
+  <property>
+    <name>ranger.credential.provider.path</name>
+    <value>/etc/ranger/kms/rangerkms.jceks</value>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+  </property>
+  <property>
+    <name>ranger.service.https.attrib.keystore.credential.alias</name>
+    <value>keyStoreCredentialAlias</value>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+  </property>
+  <property>
+    <name>ajp.enabled</name>
+    <value>false</value>
+    <on-ambari-upgrade add="false"/>
+    <description/>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
new file mode 100644
index 0000000..a54783e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
@@ -0,0 +1,84 @@
+{
+  "services": [
+    {
+      "name": "RANGER_KMS",
+      "identities": [
+        {
+          "name": "/spnego",
+          "keytab": {
+            "configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
+          }
+        },
+        {
+          "name": "/smokeuser"
+        }
+      ],
+      "auth_to_local_properties" : [
+        "kms-site/hadoop.kms.authentication.kerberos.name.rules"
+      ],
+      "configurations": [
+        {
+          "kms-site": {
+            "hadoop.kms.authentication.type": "kerberos",
+            "hadoop.kms.authentication.kerberos.principal": "*"
+          }
+        },
+        {
+          "ranger-kms-audit": {
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name": "RANGER_KMS_SERVER",
+          "identities": [
+            {
+              "name": "/spnego",
+              "principal": {
+                "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
+              },
+              "keytab": {
+                "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab"
+              }
+            },
+            {
+              "name": "/smokeuser"
+            },
+            {
+              "name": "rangerkms",
+              "principal": {
+                "value": "rangerkms/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "dbks-site/ranger.ks.kerberos.principal",
+                "local_username" : "keyadmin"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/rangerkms.service.keytab",
+                "owner": {
+                  "name": "${kms-env/kms_user}",
+                  "access": "r"
+                },
+                "configuration": "dbks-site/ranger.ks.kerberos.keytab"
+              }
+            },
+            {
+              "name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
+              "principal": {
+                "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
+              },
+              "keytab": {
+                "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file


Mime
View raw message