ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From adorosz...@apache.org
Subject [02/10] ambari git commit: AMBARI-21431. Update BigInsight configuration files to be compliant with XSD
Date Tue, 11 Jul 2017 15:25:37 GMT
http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml
index 13aa9be..dcc652d 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-admin-site.xml
@@ -22,6 +22,7 @@
     <name>ranger.service.host</name>
     <value>{{ranger_host}}</value>
     <description>Host where ranger service to be installed</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -29,6 +30,7 @@
     <display-name>HTTP enabled</display-name>
     <value>true</value>
     <description>Enable HTTP</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>boolean</type>
@@ -39,35 +41,41 @@
     <name>ranger.service.http.port</name>
     <value>6080</value>
     <description>HTTP port</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.service.https.port</name>
     <value>6182</value>
     <description>HTTPS port (if SSL is enabled)</description>
+    <on-ambari-upgrade add="true"/>
   </property> 
 
   <property>
     <name>ranger.service.https.attrib.ssl.enabled</name>
     <value>false</value>
     <description>true/false, set to true if using SSL</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.service.https.attrib.clientAuth</name>
     <value>want</value>
     <description>Needs to be set to want for two way SSL</description>
+    <on-ambari-upgrade add="true"/>
   </property> 
 
   <property>
     <name>ranger.service.https.attrib.keystore.keyalias</name>
     <value>rangeradmin</value>
     <description>Alias for Ranger Admin key in keystore</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.service.https.attrib.keystore.pass</name>
     <value>xasecure</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Password for keystore</description>
   </property>
@@ -76,6 +84,7 @@
     <name>ranger.https.attrib.keystore.file</name>
     <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
     <description>Ranger admin keystore (specify full path)</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -83,6 +92,7 @@
     <value>{{ranger_external_url}}</value>
     <description>URL to be used by clients to access ranger admin</description>
     <display-name>External URL</display-name>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <visible>false</visible>
       <overridable>false</overridable>
@@ -94,6 +104,7 @@
     <value>com.mysql.jdbc.Driver</value>
     <description>JDBC driver class name. Example: For Mysql: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description>
     <display-name>Driver class name for a JDBC Ranger database</display-name>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -110,6 +121,7 @@
     <display-name>JDBC connect string</display-name>
     <value>jdbc:mysql://localhost</value>
     <description>JDBC connect string - auto populated based on other values</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -133,11 +145,13 @@
     <name>ranger.jpa.jdbc.user</name>
     <value>{{ranger_db_user}}</value>
     <description>JDBC user</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.jpa.jdbc.password</name>
     <value>_</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>JDBC password</description>
   </property>
@@ -146,18 +160,21 @@
     <name>ranger.jpa.jdbc.credential.alias</name>
     <value>rangeradmin</value>
     <description>Alias name for storing JDBC password</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.credential.provider.path</name>
     <value>/etc/ranger/admin/rangeradmin.jceks</value>
     <description>File for credential store, provide full file path</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.audit.source.type</name>
     <value>db</value>
     <description>db or solr, based on the audit destination used</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
  <!-- As currently not going to support Solr auditing, so commenting these properties. 
@@ -165,6 +182,7 @@
     <name>ranger.audit.solr.urls</name>
     <value></value>
     <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description>
+    <on-ambari-upgrade add="true"/>
   </property>
  -->
  
@@ -173,6 +191,7 @@
     <value>UNIX</value>
     <description>Ranger admin Authentication - UNIX/LDAP/AD/NONE</description>
     <display-name>Authentication method</display-name>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -189,6 +208,7 @@
     <display-name>​LDAP URL</display-name>
     <value>{{ranger_ug_ldap_url}}</value>
     <description>LDAP Server URL, only used if Authentication method is LDAP</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -198,6 +218,7 @@
     <name>ranger.ldap.user.dnpattern</name>
     <value>uid={0},ou=users,dc=xasecure,dc=net</value>
     <description>LDAP user DN, only used if Authentication method is LDAP</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -208,6 +229,7 @@
     <display-name>Group Search Base</display-name>
     <value>{{ranger_ug_ldap_group_searchbase}}</value>
     <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -215,6 +237,7 @@
     <display-name>Group Search Filter</display-name>
     <value>{{ranger_ug_ldap_group_searchfilter}}</value>
     <description>LDAP group search filter, only used if Authentication method is LDAP</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -222,6 +245,7 @@
     <display-name>User Search Filter</display-name>
     <value>{{ranger_ug_ldap_user_searchfilter}}</value>
     <description>Search filter used for Bind Authentication</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -231,6 +255,7 @@
     <name>ranger.ldap.group.roleattribute</name>
     <value>cn</value>
     <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -240,6 +265,7 @@
     <name>ranger.ldap.base.dn</name>
     <value>dc=example,dc=com</value>
     <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -250,6 +276,7 @@
     <display-name>Bind User</display-name>
     <value>{{ranger_ug_ldap_bind_dn}}</value>
     <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -259,6 +286,7 @@
     <name>ranger.ldap.bind.password</name>
     <display-name>​Bind User Password</display-name>
     <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Password for the account that can search for users</description>
     <value-attributes>
@@ -270,6 +298,7 @@
     <name>ranger.ldap.referral</name>
     <value>ignore</value>
     <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -280,7 +309,7 @@
     <value>localhost</value>
     <display-name>Domain Name (Only for AD)</display-name>
     <description>AD domain, only used if Authentication method is AD</description>
-    <description></description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -290,6 +319,7 @@
     <name>ranger.ldap.ad.url</name>
     <value>{{ranger_ug_ldap_url}}</value>
     <description>AD URL, only used if Authentication method is AD</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -299,6 +329,7 @@
     <name>ranger.ldap.ad.base.dn</name>
     <value>dc=example,dc=com</value>
     <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -308,6 +339,7 @@
     <name>ranger.ldap.ad.bind.dn</name>
     <value>{{ranger_ug_ldap_bind_dn}}</value>
     <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -316,6 +348,7 @@
   <property>
     <name>ranger.ldap.ad.bind.password</name>
     <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Password for the account that can search for users</description>
     <value-attributes>
@@ -327,6 +360,7 @@
     <name>ranger.ldap.ad.user.searchfilter</name>
     <value>{{ranger_ug_ldap_user_searchfilter}}</value>
     <description>Search filter used for Bind Authentication</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -336,6 +370,7 @@
     <name>ranger.ldap.ad.referral</name>
     <value>ignore</value>
     <description>"Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed"</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -345,23 +380,27 @@
     <name>ranger.jpa.audit.jdbc.driver</name>
     <value>{{ranger_jdbc_driver}}</value>
     <description>JDBC driver class name - for audit DB</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
     <description>JDBC connect string - auto populated based on other values</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.user</name>
     <value>{{ranger_audit_db_user}}</value>
     <description>JDBC user - audit</description>
+    <on-ambari-upgrade add="true"/>
   </property> 
 
   <property>
     <name>ranger.jpa.audit.jdbc.password</name>
     <value>_</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>JDBC password - audit</description>
   </property>
@@ -370,6 +409,7 @@
     <name>ranger.jpa.audit.jdbc.credential.alias</name>
     <value>rangeraudit</value>
     <description>Alias name for storing JDBC password - for audit user</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -377,6 +417,7 @@
     <value>true</value>
     <description>Remote login enabled? - only used if Authentication method is UNIX</description>
     <display-name>Allow remote Login</display-name>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
       <type>value-list</type>
@@ -399,6 +440,7 @@
     <name>ranger.unixauth.service.hostname</name>
     <value>{{ugsync_host}}</value>
     <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -408,6 +450,7 @@
     <name>ranger.unixauth.service.port</name>
     <value>5151</value>
     <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>int</type>
       <overridable>false</overridable>
@@ -418,18 +461,21 @@
     <name>ranger.jpa.jdbc.dialect</name>
     <value>{{jdbc_dialect}}</value>
     <description>JDBC dialect used for policy DB</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.dialect</name>
     <value>{{jdbc_dialect}}</value>
     <description>JDBC dialect used for audit DB</description>
+    <on-ambari-upgrade add="true"/>
   </property>
  <!-- As currently not going to support Solr auditing, so commenting these properties.
   <property>
     <name>ranger.audit.solr.zookeepers</name>
     <value>NONE</value>
     <description>Solr Zookeeper string</description>
+    <on-ambari-upgrade add="true"/>
     <depends-on>
       <property>
         <type>zoo.cfg</type>
@@ -446,11 +492,13 @@
     <name>ranger.audit.solr.username</name>
     <value>ranger_solr</value>
     <description>Solr username</description>
+    <on-ambari-upgrade add="true"/>
   </property> 
 
   <property>
     <name>ranger.audit.solr.password</name>
     <value>NONE</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Solr password</description>
   </property> 
@@ -461,6 +509,7 @@
     <value></value>
     <display-name>SSO provider url</display-name>
     <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -471,6 +520,7 @@
     <value></value>
     <display-name>SSO public key</display-name>
     <description>Public key for SSO cookie verification</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>multiLine</type>
       <empty-value-valid>true</empty-value-valid>
@@ -482,6 +532,7 @@
     <value>hadoop-jwt</value>
     <display-name>SSO cookiename</display-name>
     <description>Parameter name for SSO cookie</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -492,6 +543,7 @@
     <value>false</value>
     <display-name>Enable Ranger SSO</display-name>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property> 
 
   <property>
@@ -499,6 +551,7 @@
     <value>originalUrl</value>
     <display-name>SSO query param originalurl</display-name>
     <description>Query name for appending original url in SSO url</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -509,6 +562,7 @@
     <value>Mozilla,chrome</value>
     <display-name>SSO browser useragent</display-name>
     <description>Comma seperated browser agent</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml
index 6427530..9d7e385 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-env.xml
@@ -24,6 +24,7 @@
     <name>ranger_user</name>
     <display-name>Ranger User</display-name>
     <value>ranger</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>USER</property-type>
     <description>Ranger username</description>
     <value-attributes>
@@ -35,6 +36,7 @@
     <name>ranger_group</name>
     <display-name>Ranger Group</display-name>
     <value>ranger</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>GROUP</property-type>
     <description>Ranger group</description>
     <value-attributes>
@@ -46,17 +48,20 @@
     <name>ranger_admin_log_dir</name>
     <value>/var/log/ranger/admin</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger_usersync_log_dir</name>
     <value>/var/log/ranger/usersync</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger_admin_username</name>
     <value>amb_ranger_admin</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>TEXT</property-type>
     <display-name>Ranger Admin username for Ambari</display-name>
     <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description>
@@ -66,6 +71,7 @@
     <name>ranger_admin_password</name>
     <display-name>Ranger Admin user's password for Ambari</display-name>
     <value></value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description>
     <value-attributes>
@@ -77,11 +83,13 @@
     <name>admin_username</name>
     <value>admin</value>
     <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description>
+    <on-ambari-upgrade add="true"/>
   </property>  
 
   <property>
     <name>admin_password</name>
     <value>admin</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description>
   </property>
@@ -90,6 +98,7 @@
     <name>ranger_pid_dir</name>
     <value>/var/run/ranger</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -97,6 +106,7 @@
     <value>No</value>
     <display-name>HDFS Ranger Plugin</display-name>
     <description>Enable HDFS Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -119,6 +129,7 @@
     <value>No</value>
     <display-name>YARN Ranger Plugin</display-name>
     <description>Enable YARN Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -141,6 +152,7 @@
     <value>No</value>
     <display-name>Hive Ranger Plugin</display-name>
     <description>Enable Hive Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -163,6 +175,7 @@
     <value>No</value>
     <display-name>Hbase Ranger Plugin</display-name>
     <description>Enable HBase Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -185,6 +198,7 @@
     <value>No</value>
     <display-name>Knox Ranger Plugin</display-name>
     <description>Enable Knox Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -208,6 +222,7 @@
     <value>No</value>
     <display-name>Storm Ranger Plugin</display-name>
     <description>Enable Storm Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -230,6 +245,7 @@
     <value>No</value>
     <display-name>Kafka Ranger Plugin</display-name>
     <description>Enable Kafka Ranger plugin</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -268,6 +284,7 @@
       <selection-cardinality>1</selection-cardinality>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -275,6 +292,7 @@
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
     <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -303,6 +321,7 @@
         <name>fs.defaultFS</name>
       </property>
     </depends-on>
+    <on-ambari-upgrade add="false"/>
   </property>
 
   <property>
@@ -325,6 +344,7 @@
       </entries>
       <selection-cardinality>1</selection-cardinality>
     </value-attributes>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <!-- Removing auditing to Solr   
@@ -333,6 +353,7 @@
     <value>true</value>
     <display-name>Audit to Solr</display-name>
     <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <overridable>false</overridable>
       <type>value-list</type>
@@ -355,6 +376,7 @@
     <display-name>SolrCloud</display-name>
     <description>SolrCloud uses zookeeper for distributed search and indexing</description>
     <value>false</value>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>value-list</type>
       <overridable>false</overridable>
@@ -378,6 +400,7 @@
   <property>
     <name>oracle_home</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
   -->
   
@@ -385,12 +408,14 @@
     <name>xml_configurations_supported</name>
     <value>true</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
     
   <property>
     <name>ranger_pid_dir</name>
     <value>/var/run/ranger</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>   
       
   <property>
@@ -398,6 +423,7 @@
     <display-name>Setup Database and Database User</display-name>
     <value>true</value>
     <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>value-list</type>
       <overridable>false</overridable>
@@ -433,6 +459,7 @@
         <name>db_host</name>
       </property>
     </depends-on>
+    <on-ambari-upgrade add="false"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml
index f9e7331..825fc3e 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-site.xml
@@ -33,37 +33,44 @@
   <property>
     <name>http.service.port</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>https.service.port</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>https.attrib.keystoreFile</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>https.attrib.keystorePass</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>https.attrib.keyAlias</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>https.attrib.clientAuth</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>http.enabled</name>
     <deleted>true</deleted>
+    <on-ambari-upgrade add="true"/>
   </property>
   -->
   
-</configuration>
\ No newline at end of file
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml
index ffc26e8..2a39e27 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/ranger-ugsync-site.xml
@@ -22,23 +22,27 @@
     <name>ranger.usersync.port</name>
     <value>5151</value>
     <description>Port for unix authentication service, run within usersync</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.ssl</name>
     <value>true</value>
     <description>SSL enabled? (ranger admin -&gt; usersync communication)</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.keystore.file</name>
     <value>/usr/iop/current/ranger-usersync/conf/unixauthservice.jks</value>
     <description>Keystore file used for usersync</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.keystore.password</name>
     <value>UnIx529p</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Keystore password</description>
   </property>
@@ -47,11 +51,13 @@
     <name>ranger.usersync.truststore.file</name>
     <value>/usr/iop/current/ranger-usersync/conf/mytruststore.jks</value>
     <description>Truststore used for usersync, required if usersync -&gt; ranger admin communication is SSL enabled</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.truststore.password</name>
     <value>changeit</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Truststore password</description>
   </property>
@@ -60,6 +66,7 @@
     <name>ranger.usersync.passwordvalidator.path</name>
     <value>./native/credValidator.uexe</value>
     <description>Native program for password validation</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -67,6 +74,7 @@
     <display-name>Enable User Sync</display-name>
     <value>true</value>
     <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
       <type>value-list</type>
@@ -89,24 +97,28 @@
     <name>ranger.usersync.sink.impl.class</name>
     <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
     <description>Class to be used as sink (to sync users into ranger admin)</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.policymanager.baseURL</name>
     <value>{{ranger_external_url}}</value>
     <description>URL to be used by clients to access ranger admin, use FQDN</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
     <value>1000</value>
     <description>How many records to be returned per API call</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.policymanager.mockrun</name>
     <value>false</value>
     <description>Is user sync doing mock run?</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -114,6 +126,7 @@
     <display-name>Minimum User ID</display-name>
     <value>500</value>
     <description>Only sync users above this user id (applicable for UNIX)</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -121,6 +134,7 @@
     <display-name>Group File</display-name>
     <value>/etc/group</value>
     <description>Location of the groups file on the linux server</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -128,12 +142,14 @@
     <display-name>Password File</display-name>
     <value>/etc/passwd</value>
     <description>Location of the password file on the linux server</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
     <value>60000</value>
     <description>Sleeptime interval in milliseconds, if &lt; 1000 then default to 30 sec</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -141,6 +157,7 @@
     <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
     <display-name>Sync Source</display-name>
     <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>value-list</type>
       <empty-value-valid>true</empty-value-valid>
@@ -168,6 +185,7 @@
     <display-name>File Name</display-name>
     <value>/tmp/usergroup.txt</value>
     <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -175,6 +193,7 @@
     <display-name>Delimiter</display-name>
     <value>,</value>
     <description>Delimiter used in file, if File based user sync is used</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -182,6 +201,7 @@
     <display-name>LDAP/AD URL</display-name>
     <value>ldap://localhost:389</value>
     <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -189,12 +209,14 @@
     <display-name>​Bind User</display-name>
     <value>cn=admin,dc=xasecure,dc=net</value>
     <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.ldapbindpassword</name>
     <display-name>Bind User Password</display-name>
     <value></value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description>Password for the LDAP bind user used for searching users.</description>
   </property>
@@ -203,12 +225,14 @@
     <name>ranger.usersync.ldap.bindalias</name>
     <value>testldapalias</value>
     <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.bindkeystore</name>
     <value></value>
     <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -220,6 +244,7 @@
     <description>"# search base for users and groups
 # sample value would be dc=hadoop,dc=apache,dc=org"
     </description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -233,6 +258,7 @@
 # sample value would be ou=users,dc=hadoop,dc=apache,dc=org
 # overrides value specified in ranger.usersync.ldap.searchBase"
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -243,6 +269,7 @@
 # please customize the value to suit your deployment
 # default value: sub"
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -250,6 +277,7 @@
     <display-name>User Object Class​</display-name>
     <value>person</value>
     <description>LDAP User Object Class. Example: person or user</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -261,6 +289,7 @@
 # please customize the value to suit your deployment
 # default value is empty"
     </description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -271,12 +300,14 @@
     <display-name>Username Attribute</display-name>
     <value></value>
     <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.referral</name>
     <value>ignore</value>
     <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -287,24 +318,28 @@
     <display-name>User Group Name Attribute</display-name>
     <value>memberof, ismemberof</value>
     <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.username.caseconversion</name>
     <value>lower</value>
     <description>User name case conversion</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.groupname.caseconversion</name>
     <value>lower</value>
     <description>Group name case conversion</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.logdir</name>
     <value>/var/log/ranger/usersync</value>
     <description>User sync log directory</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -316,6 +351,7 @@
 # any value other than true would be treated as false
 # default value: false"
     </description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
       <type>value-list</type>
@@ -339,6 +375,7 @@
     <value>true</value>
     <display-name>Group User Map Sync</display-name>
     <description>Sync specific groups for users?</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
       <type>value-list</type>
@@ -367,6 +404,7 @@
 # if a value is not specified, takes the value of  ranger.usersync.ldap.searchBase
 # if  ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -376,6 +414,7 @@
 # please customize the value to suit your deployment
 # default value: sub"
     </description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -386,6 +425,7 @@
     <display-name>Group Object Class</display-name>
     <value> </value>
     <description>LDAP Group object class. Example: group</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -397,6 +437,7 @@
 # please customize the value to suit your deployment
 # default value is empty"
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -404,6 +445,7 @@
     <display-name>Group Name Attribute</display-name>
     <value> </value>
     <description>LDAP group name attribute. Example: cn</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -411,12 +453,14 @@
     <display-name>Group Member Attribute</display-name>
     <value> </value>
     <description>LDAP group member attribute name. Example: member</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.pagedresultsenabled</name>
     <value>true</value>
     <description>Results can be paged?</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
       <type>value-list</type>
@@ -439,12 +483,14 @@
     <name>ranger.usersync.pagedresultssize</name>
     <value>500</value>
     <description>Page size</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.usersync.credstore.filename</name>
     <value>/usr/iop/current/ranger-usersync/conf/ugsync.jceks</value>
     <description>Credential store file name for user sync, specify full path</description>
+    <on-ambari-upgrade add="true"/>
   </property>                         
 
 </configuration>  

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml
index 5aa0698..ad494a6 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER/configuration/usersync-properties.xml
@@ -33,52 +33,64 @@
   <property>
     <name>SYNC_SOURCE</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>MIN_UNIX_USER_ID_TO_SYNC</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>POLICY_MGR_URL</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_INTERVAL</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_URL</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_BIND_DN</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_BIND_PASSWORD</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>CRED_KEYSTORE_FILENAME</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_USER_SEARCH_BASE</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_USER_SEARCH_SCOPE</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_USER_OBJECT_CLASS</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_USER_SEARCH_FILTER</name>
     <display-name>​User Search Filter</display-name>
     <value></value>
     <description>default value is empty</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>  
@@ -87,23 +99,28 @@
   <property>
     <name>SYNC_LDAP_USER_NAME_ATTRIBUTE</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_USERNAME_CASE_CONVERSION</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>SYNC_LDAP_GROUPNAME_CASE_CONVERSION</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>logdir</name>
     <deleted>true</deleted>   
+    <on-ambari-upgrade add="true"/>
   </property>
 -->
   
-</configuration>
\ No newline at end of file
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/dbks-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/dbks-site.xml
index d2839f0..5a007d2 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/dbks-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/dbks-site.xml
@@ -25,66 +25,77 @@
     <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
     <value>hdfs</value>
     <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
   <name>ranger.db.encrypt.key.password</name>
     <value>_</value>
     <description>Password used for encrypting Master Key</description>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>ranger.ks.jpa.jdbc.url</name>
     <value>{{db_jdbc_url}}</value>
     <description>URL for Database</description>
+    <on-ambari-upgrade add="true"/>
   </property>
     
   <property>
     <name>ranger.ks.jpa.jdbc.user</name>
     <value>{{db_user}}</value>
     <description>Database username used for operation</description>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>ranger.ks.jpa.jdbc.password</name>
     <value>_</value>
     <description>Database user's password</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.ks.jpa.jdbc.credential.provider.path</name>
     <value>/etc/ranger/kms/rangerkms.jceks</value>
     <description>Credential provider path</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.ks.jpa.jdbc.credential.alias</name>
     <value>ranger.ks.jdbc.password</value>
     <description>Credential alias used for password</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.ks.masterkey.credential.alias</name>
     <value>ranger.ks.masterkey.password</value>
     <description>Credential alias used for masterkey</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.ks.jpa.jdbc.dialect</name>
     <value>{{jdbc_dialect}}</value>
     <description>Dialect used for database</description>    
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>ranger.ks.jpa.jdbc.driver</name>
     <value>{{db_jdbc_driver}}</value>
     <description>Driver used for database</description>    
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>ranger.ks.jdbc.sqlconnectorjar</name>
     <value>{{driver_curl_target}}</value>
     <description>Driver used for database</description>    
+    <on-ambari-upgrade add="true"/>
   </property>  
   
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-env.xml
index 47bb35f..14e29b4 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-env.xml
@@ -24,6 +24,7 @@
     <name>kms_user</name>
     <display-name>Kms User</display-name>
     <value>kms</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>USER</property-type>
     <description>Kms username</description>
   </property>
@@ -32,6 +33,7 @@
     <name>kms_group</name>
     <display-name>Kms group</display-name>
     <value>kms</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>GROUP</property-type>
     <description>Kms group</description>
   </property>
@@ -40,12 +42,14 @@
     <name>kms_log_dir</name>
     <value>/var/log/ranger/kms</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>kms_port</name>
     <value>9292</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>  

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-log4j.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-log4j.xml
index 8d7b8d3..a5add37 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-log4j.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-log4j.xml
@@ -63,6 +63,7 @@ log4j.logger.org.apache.hadoop.conf=ERROR
 log4j.logger.org.apache.hadoop=INFO
 log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF        
     </value>        
+    <on-ambari-upgrade add="true"/>
   </property>     
 
-</configuration>  
\ No newline at end of file
+</configuration>  

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-properties.xml
index 3bc8f00..593fd4e 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-properties.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-properties.xml
@@ -24,11 +24,13 @@
     <name>REPOSITORY_CONFIG_USERNAME</name>
     <value>keyadmin</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>REPOSITORY_CONFIG_PASSWORD</name>
     <value>keyadmin</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description></description>
   </property>  
@@ -37,23 +39,27 @@
     <name>DB_FLAVOR</name>
     <value>MYSQL</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>SQL_CONNECTOR_JAR</name>
     <value>/usr/share/java/mysql-connector-java.jar</value>
     <description>Location of DB client library (please check the location of the jar file)</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>db_root_user</name>
     <value>root</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>db_root_password</name>
     <value></value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description></description>
   </property>
@@ -62,23 +68,27 @@
     <name>db_host</name>
     <value>localhost</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>db_name</name>
     <value>rangerkms</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>db_user</name>
     <value>rangerkms</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>db_password</name>
     <value></value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description></description>
   </property>
@@ -86,6 +96,7 @@
   <property>
     <name>KMS_MASTER_KEY_PASSWD</name>
     <value></value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <description></description>
   </property>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-site.xml
index f911104..415ef44 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/kms-site.xml
@@ -24,12 +24,14 @@
     <name>hadoop.kms.key.provider.uri</name>
     <value>dbks://http@localhost:9292/kms</value>
     <description>URI of the backing KeyProvider for the KMS.</description>
+    <on-ambari-upgrade add="false"/>
   </property>
 
   <property>
     <name>hadoop.security.keystore.JavaKeyStoreProvider.password</name>
     <value>none</value>
     <description>If using the JavaKeyStoreProvider, the password for the keystore file.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -37,6 +39,7 @@
     <value>true</value>
     <description>Whether the KMS will act as a cache for the backing KeyProvider. When the cache is enabled, operations like getKeyVersion, getMetadata, and getCurrentKey will sometimes return cached data without consulting the backing KeyProvider. Cached values are flushed when keys are deleted or modified.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -44,18 +47,21 @@
     <value>600000</value>
     <description>Expiry time for the KMS key version and key metadata cache, in milliseconds. This affects getKeyVersion and getMetadata.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.current.key.cache.timeout.ms</name>
     <value>30000</value>
     <description>Expiry time for the KMS current key cache, in milliseconds. This affects getCurrentKey operations.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.audit.aggregation.window.ms</name>
     <value>10000</value>
     <description>Duplicate audit log events within the aggregation window (specified in ms) are quashed to reduce log traffic. A single message for aggregated events is printed at the end of the window, along with a count of the number of aggregated events.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -63,24 +69,28 @@
     <value>simple</value>
     <description>Authentication type for the KMS. Can be either &quot;simple&quot; or &quot;kerberos&quot;.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.kerberos.keytab</name>
     <value>${user.home}/kms.keytab</value>
     <description>Path to the keytab with credentials for the configured Kerberos principal.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.kerberos.principal</name>
     <value>HTTP/localhost</value>
     <description>The Kerberos principal to use for the HTTP endpoint. The principal must start with 'HTTP/' as per the Kerberos HTTP SPNEGO specification.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.kerberos.name.rules</name>
     <value>DEFAULT</value>
     <description>Rules used to resolve Kerberos principal names.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -88,42 +98,49 @@
     <value>random</value>
     <description>Indicates how the secret to sign the authentication cookies will be stored. Options are 'random' (default), 'string' and 'zookeeper'. If using a setup with multiple KMS instances, 'zookeeper' should be used.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.path</name>
     <value>/hadoop-kms/hadoop-auth-signature-secret</value>
     <description>The Zookeeper ZNode path where the KMS instances will store and retrieve the secret from.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string</name>
     <value>#HOSTNAME#:#PORT#,...</value>
     <description>The Zookeeper connection string, a list of hostnames and port comma separated.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
     <value>kerberos</value>
     <description>The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab</name>
     <value>/etc/hadoop/conf/kms.keytab</value>
     <description>The absolute path for the Kerberos keytab with the credentials to connect to Zookeeper.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal</name>
     <value>kms/#HOSTNAME#</value>
     <description>The Kerberos service principal used to connect to Zookeeper.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>hadoop.kms.security.authorization.manager</name>
     <value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-audit.xml
index ad24a34..c286b7c 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-audit.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-audit.xml
@@ -24,6 +24,7 @@
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
     <description>Is Audit enabled?</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -31,6 +32,7 @@
     <value>false</value>
     <display-name>Audit to DB</display-name>
     <description>Is Audit to DB enabled?</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>boolean</type>
     </value-attributes>
@@ -40,36 +42,42 @@
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
     <description>Audit DB JDBC URL</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
     <description>Audit DB JDBC User</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <description>Audit DB JDBC Password</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
     <description>Audit DB JDBC Driver</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
     <description>Credential file store</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/ranger/kms/audit/db/spool</value>
     <description>/var/log/ranger/kms/audit/db/spool</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -77,6 +85,7 @@
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
     <description>Is Audit to HDFS enabled?</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>boolean</type>
     </value-attributes>
@@ -86,12 +95,14 @@
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
     <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/ranger/kms/audit/hdfs/spool</value>
     <description>/var/log/ranger/kms/audit/hdfs/spool</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <!-- Removing auditing to Solr   
@@ -100,6 +111,7 @@
     <value>true</value>
     <display-name>Audit to SOLR</display-name>
     <description>Is Solr audit enabled?</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>boolean</type>
     </value-attributes>
@@ -109,18 +121,21 @@
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
     <description>Solr URL</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
     <description>Solr Zookeeper string</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/ranger/kms/audit/solr/spool</value>
     <description>/var/log/ranger/kms/audit/solr/spool</description>
+    <on-ambari-upgrade add="true"/>
   </property>  
   -->
   
@@ -129,6 +144,7 @@
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
     <description>Enable Summary audit?</description>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <type>boolean</type>
     </value-attributes>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-policymgr-ssl.xml
index e870ea3..ced2af7 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-policymgr-ssl.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-policymgr-ssl.xml
@@ -24,11 +24,13 @@
     <name>xasecure.policymgr.clientssl.keystore</name>
     <value>/usr/iop/current/ranger-kms/conf/ranger-plugin-keystore.jks</value>
     <description>Java Keystore files</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.keystore.password</name>
     <value>myKeyFilePassword</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <value-attributes>
       <type>password</type>
@@ -40,11 +42,13 @@
     <name>xasecure.policymgr.clientssl.truststore</name>
     <value>/usr/iop/current/ranger-kms/conf/ranger-plugin-truststore.jks</value>
     <description>java truststore file</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>PASSWORD</property-type>
     <value-attributes>
       <type>password</type>
@@ -56,12 +60,14 @@
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
     <description> java keystore credential file</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
     <description>java truststore credential file</description>
+    <on-ambari-upgrade add="true"/>
   </property>
   
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-security.xml
index b735995..e9eb524 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-security.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-security.xml
@@ -24,36 +24,42 @@
     <name>ranger.plugin.kms.service.name</name>
     <value>{{repo_name}}</value>
     <description>Name of the Ranger service containing policies for this kms instance</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.plugin.kms.policy.source.impl</name>
     <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
     <description>Class to retrieve policies from the source</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.plugin.kms.policy.rest.url</name>
     <value>{{policymgr_mgr_url}}</value>
     <description>URL to Ranger Admin</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
     <value>/etc/ranger/kms/conf/ranger-policymgr-ssl.xml</value>
     <description>Path to the file containing SSL details to contact Ranger Admin</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.plugin.kms.policy.pollIntervalMs</name>
     <value>30000</value>
     <description>How often to poll for changes in policies?</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.plugin.kms.policy.cache.dir</name>
     <value>/etc/ranger/{{repo_name}}/policycache</value>
     <description>Directory where Ranger policies are cached after successful retrieval from the source</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-site.xml
index 2767243..054531f 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/RANGER_KMS/configuration/ranger-kms-site.xml
@@ -23,37 +23,44 @@
   <property>
     <name>ranger.service.host</name>
     <value>{{kms_host}}</value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.service.http.port</name>
     <value>{{kms_port}}</value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>ranger.service.https.port</name>
     <value>9393</value>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>ranger.service.shutdown.port</name>
     <value>7085</value>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <property>
     <name>ranger.contextName</name>
     <value>/kms</value>
+    <on-ambari-upgrade add="true"/>
   </property>     
   
   <property>
     <name>xa.webapp.dir</name>
     <value>./webapp</value>
+    <on-ambari-upgrade add="true"/>
   </property> 
   
   <property>
     <name>ranger.service.https.attrib.ssl.enabled</name>
     <value>false</value>
     <description></description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-client.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-client.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-client.xml
index 95e0c10..878bc8a 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-client.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-client.xml
@@ -26,6 +26,7 @@
       <name>slider.security.protocol.acl</name>
       <value>*</value>
       <description>When security is enabled, set appropriate acl. Default value means allow everyone.</description>
+      <on-ambari-upgrade add="true"/>
     </property>
     -->
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-env.xml
index 03afb41..b84b2b1 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-env.xml
@@ -38,6 +38,7 @@ export JAVA_HOME={{java64_home}}
 # The hadoop conf directory.  Optional as slider-client.xml can be edited to add properties.
 export HADOOP_CONF_DIR={{hadoop_conf_dir}}
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>
   
-</configuration>
\ No newline at end of file
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-log4j.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-log4j.xml
index 3caf64f..76f16cd 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-log4j.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SLIDER/configuration/slider-log4j.xml
@@ -84,6 +84,7 @@ log4j.logger.org.apache.hadoop.yarn.server.nodemanager.containermanager.monitor=
 log4j.logger.org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl=WARN
 log4j.logger.org.apache.zookeeper=WARN
     </value>
+    <on-ambari-upgrade add="true"/>
     <value-attributes>
       <show-property-name>false</show-property-name>
     </value-attributes>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-env.xml
index 736cb3f..370cef4 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-env.xml
@@ -4,6 +4,7 @@
    <property>
     <name>solr_user</name>
     <description>User to run Solr as</description>
+    <on-ambari-upgrade add="true"/>
     <property-type>USER</property-type>
     <value>solr</value>
   </property>
@@ -12,28 +13,33 @@
     <name>solr_data_dir</name>
     <value>/opt/solr/data</value>
     <description>Solr Home Directory for writable Solr files and index data</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>solr_pid_dir</name>
     <value>/var/run/solr</value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>solr_log_dir</name>
     <value>/var/log/solr</value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>solr_port</name>
     <value>8983</value>
     <description>Sets the port Solr binds to, default is 8983</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>solr_hdfs_home_dir</name>
     <value>/apps/solr/data</value>
     <description>A root location in HDFS for Solr to write collection data to. Rather than specifying an HDFS location for the data directory or update log directory, use this to specify one root location and have everything automatically created within this HDFS</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   
@@ -42,12 +48,14 @@
     <value>/solr</value>
     <description>If you're using a ZooKeeper instance that is shared by other systems, it's recommended to isolate the SolrCloud znode tree using ZooKeeper's chroot support. 
     For instance, to ensure all znodes created by SolrCloud are stored under /solr, you can put /solr on the end of your ZK_HOST connection string, such as: ZK_HOST=zk1,zk2,zk3/solr</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
       <name>solr_xms_minmem</name>
       <value>512</value>
       <description>Set Xms value for Solr in MB</description>
+      <on-ambari-upgrade add="true"/>
       <value-attributes>
           <type>int</type>
           <minimum>0</minimum>
@@ -61,6 +69,7 @@
       <name>solr_xmx_maxmem</name>
       <value>512</value>
       <description>Set Xmx value for Solr in MB</description>
+      <on-ambari-upgrade add="true"/>
       <value-attributes>
           <type>int</type>
           <minimum>{{solr_xms_minmem}}</minimum>
@@ -229,6 +238,7 @@ SOLR_OPTS="-Dsolr.directoryFactory=HdfsDirectoryFactory \
 -Dsolr.log4j.dir={{log_dir}}"
 
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>  
   
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-log4j.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-log4j.xml
index e138d1a..c90f9d0 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-log4j.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-log4j.xml
@@ -77,6 +77,7 @@ log4j.logger.org.apache.hadoop=WARN
 # set to INFO to enable infostream log messages
 log4j.logger.org.apache.solr.update.LoggingInfoStream=OFF
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-site.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-site.xml
index c794e86..219b7a0 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-site.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SOLR/configuration/solr-site.xml
@@ -24,6 +24,7 @@
     <name>solr.hdfs.security.kerberos.enabled</name>
     <value>false</value>
     <description>Set to true to enable Kerberos authentication</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -32,6 +33,7 @@
     <description>A keytab file contains pairs of Kerberos principals and encrypted keys which allows for password-less authentication when Solr attempts to authenticate with secure Hadoop.
     This file will need to be present on all Solr servers at the same path provided in this parameter.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -39,6 +41,7 @@
     <value>solr/_HOST@EXAMPLE.COM</value>
     <description>The Kerberos principal that Solr should use to authenticate to secure Hadoop; the format of a typical Kerberos V5 principal is: primary/instance@realm
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-defaults.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-defaults.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-defaults.xml
index d46ba48..3d35aab 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-defaults.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-defaults.xml
@@ -25,12 +25,14 @@
     <name>spark.eventLog.enabled</name>
     <value>true</value>
     <description>Whether to log Spark events, useful for reconstructing the Web UI after the application has finished.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>spark.eventLog.dir</name>
     <value>/iop/apps/4.2.0.0/spark/logs/history-server</value>
     <description>Base directory in which Spark events are logged, if spark.eventLog.enabled is true. Within this base directory, Spark creates a sub-directory for each application, and logs the events specific to the application in this directory. Users may want to set this to a unified location like an HDFS directory so history files can be read by the history server.</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -41,6 +43,7 @@
       This is memory that accounts for things like VM overheads, interned strings,
       other native overheads, etc.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -51,6 +54,7 @@
       This is memory that accounts for things like VM overheads, interned strings,
       other native overheads, etc.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -60,6 +64,7 @@
       Set the number of times the ApplicationMaster waits for the the Spark master and then
       also the number of tries it waits for the SparkContext to be initialized.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -68,6 +73,7 @@
     <description>
       The interval in ms in which the Spark application master heartbeats into the YARN ResourceManager.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -76,6 +82,7 @@
     <description>
       The maximum number of executor failures before failing the application.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -84,6 +91,7 @@
     <description>
       The name of the YARN queue to which the application is submitted.
     </description>
+    <on-ambari-upgrade add="false"/>
   </property>
 
   <property>
@@ -92,6 +100,7 @@
     <description>
       The maximum number of threads to use in the application master for launching executor containers.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -101,6 +110,7 @@
       HDFS replication level for the files uploaded into HDFS for the application.
       These include things like the Spark jar, the app jar, and any distributed cache files/archives.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -110,6 +120,7 @@
       Set to true to preserve the staged files (Spark jar, app jar, distributed cache files) at the 
       end of the job rather then delete them.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -118,6 +129,7 @@
     <description>
       The port to which the web interface of the History Server binds.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>spark.driver.extraJavaOptions</name>
@@ -128,6 +140,7 @@
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -139,6 +152,7 @@
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -147,6 +161,7 @@
     <description>
       Kerberos principal name for the Spark History Server.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
@@ -155,5 +170,6 @@
     <description>
       Location of the kerberos keytab file for the Spark History Server.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-env.xml
index 6dc3781..993820d 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-env.xml
@@ -28,11 +28,13 @@
     <description>
       TCP port number to listen on, default 10015.
     </description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>spark_user</name>
     <value>spark</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>USER</property-type>
     <description>Spark User.</description>
   </property>
@@ -40,6 +42,7 @@
   <property>
     <name>spark_group</name>
     <value>spark</value>
+    <on-ambari-upgrade add="true"/>
     <property-type>GROUP</property-type>
     <description>spark group</description>
   </property>
@@ -48,11 +51,13 @@
     <name>spark_log_dir</name>
     <value>/var/log/spark</value>
     <description>Spark Log Dir</description>
+    <on-ambari-upgrade add="true"/>
   </property>
 
   <property>
     <name>spark_pid_dir</name>
     <value>/var/run/spark</value>
+    <on-ambari-upgrade add="true"/>
   </property>
   
   <!-- spark-env.sh -->
@@ -109,6 +114,7 @@ export SPARK_YARN_USER_ENV="JAVA_LIBRARY_PATH=$JAVA_LIBRARY_PATH,LD_LIBRARY_PATH
 export JAVA_HOME={{java_home}}
 
 </value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-javaopts-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-javaopts-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-javaopts-properties.xml
index f43a74d..77a7282 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-javaopts-properties.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-javaopts-properties.xml
@@ -23,5 +23,6 @@
     <name>content</name>
     <description>Spark-javaopts-properties</description>
     <value> </value>
+    <on-ambari-upgrade add="true"/>
   </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-log4j.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-log4j.xml
index e1c4d24..66b8678 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-log4j.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-log4j.xml
@@ -38,5 +38,6 @@ log4j.logger.org.apache.spark.repl.SparkIMain$exprTyper=INFO
 log4j.logger.org.apache.spark.repl.SparkILoop$SparkILoopInterpreter=INFO
 
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-metrics-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-metrics-properties.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-metrics-properties.xml
index 8a6ef8f..e36f343 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-metrics-properties.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SPARK/configuration/spark-metrics-properties.xml
@@ -156,5 +156,6 @@
 #executor.source.jvm.class=org.apache.spark.metrics.source.JvmSource
 
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SQOOP/configuration/sqoop-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SQOOP/configuration/sqoop-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SQOOP/configuration/sqoop-env.xml
index 06c9544..1eed273 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SQOOP/configuration/sqoop-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/SQOOP/configuration/sqoop-env.xml
@@ -44,10 +44,12 @@ export ZOOCFGDIR=${ZOOCFGDIR:-/etc/zookeeper/conf}
 # add libthrift in hive to sqoop class path first so hive imports work
 export SQOOP_USER_CLASSPATH="`ls ${HIVE_HOME}/lib/libthrift-*.jar 2> /dev/null`:${SQOOP_USER_CLASSPATH}"
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>
   <property>
     <name>sqoop_user</name>
     <description>User to run Sqoop as</description>
+    <on-ambari-upgrade add="true"/>
     <property-type>USER</property-type>
     <value>sqoop</value>
   </property>
@@ -55,5 +57,6 @@ export SQOOP_USER_CLASSPATH="`ls ${HIVE_HOME}/lib/libthrift-*.jar 2> /dev/null`:
     <name>jdbc_drivers</name>
     <description>Comma separated list of additional JDBC drivers class names</description>
     <value> </value>
+    <on-ambari-upgrade add="true"/>
   </property>  
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/1d6fcfa1/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/TITAN/configuration/titan-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/TITAN/configuration/titan-env.xml b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/TITAN/configuration/titan-env.xml
index 86e09f1..4f80ea1 100755
--- a/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/TITAN/configuration/titan-env.xml
+++ b/ambari-server/src/main/resources/stacks/BigInsights/4.2/services/TITAN/configuration/titan-env.xml
@@ -25,6 +25,7 @@
   <property>
     <name>titan_user</name>
     <description>User to run Titan as</description>
+    <on-ambari-upgrade add="true"/>
     <property-type>USER</property-type>
     <value>titan</value>
   </property>
@@ -41,6 +42,7 @@ export HADOOP_CONF_DIR={{hadoop_config_dir}}
 export HBASE_CONF_DIR={{hbase_config_dir}}
 CLASSPATH=$HADOOP_CONF_DIR:$HBASE_CONF_DIR:$CLASSPATH
     </value>
+    <on-ambari-upgrade add="true"/>
   </property>
 
 </configuration>


Mime
View raw message