ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject [02/15] ARGUS-137 Rename Apache Argus to Apache Ranger on the codebase/config
Date Fri, 31 Oct 2014 21:03:40 GMT
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/winpkg/src/resources/winpkg.utils.psm1
----------------------------------------------------------------------
diff --git a/winpkg/src/resources/winpkg.utils.psm1 b/winpkg/src/resources/winpkg.utils.psm1
new file mode 100644
index 0000000..8566951
--- /dev/null
+++ b/winpkg/src/resources/winpkg.utils.psm1
@@ -0,0 +1,310 @@
+### Licensed to the Apache Software Foundation (ASF) under one or more
+### contributor license agreements.  See the NOTICE file distributed with
+### this work for additional information regarding copyright ownership.
+### The ASF licenses this file to You under the Apache License, Version 2.0
+### (the "License"); you may not use this file except in compliance with
+### the License.  You may obtain a copy of the License at
+###
+###     http://www.apache.org/licenses/LICENSE-2.0
+###
+### Unless required by applicable law or agreed to in writing, software
+### distributed under the License is distributed on an "AS IS" BASIS,
+### WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+### See the License for the specific language governing permissions and
+### limitations under the License.
+
+
+### NOTE: This file is common across the Windows installer projects for Hadoop Core, Hive, and Pig.
+### This dependency is currently managed by convention.
+### If you find yourself needing to change something in this file, it's likely that you're
+### either doing something that's more easily done outside this file or is a bigger change
+### that likely has wider ramifications. Work intentionally.
+
+
+param( [parameter( Position=0, Mandatory=$true)]
+       [String]  $ComponentName )
+
+function Write-Log ($message, $level, $pipelineObj )
+{
+    $message = SanitizeString $message
+    switch($level)
+    {
+        "Failure"
+        {
+            $message = "$ComponentName FAILURE: $message"
+            Write-Error $message
+            break;
+        }
+
+        "Info"
+        {
+            $message = "${ComponentName}: $message"
+            Write-Host $message
+            break;
+        }
+
+        default
+        {
+            $message = "${ComponentName}: $message"
+            Write-Host "$message"
+        }
+    }
+
+
+    Out-File -FilePath $ENV:WINPKG_LOG -InputObject "$message" -Append -Encoding "UTF8"
+
+    if( $pipelineObj -ne $null )
+    {
+        Out-File -FilePath $ENV:WINPKG_LOG -InputObject $pipelineObj.InvocationInfo.PositionMessage -Append -Encoding "UTF8"
+    }
+}
+
+function Write-LogRecord( $source, $record )
+{
+    if( $record -is [Management.Automation.ErrorRecord])
+    {
+        $message = "$ComponentName-$source FAILURE: " + $record.Exception.Message
+        $message = SanitizeString $message
+
+        if( $message.EndsWith( [Environment]::NewLine ))
+        {
+            Write-Host $message -NoNewline
+            [IO.File]::AppendAllText( "$ENV:WINPKG_LOG", "$message", [Text.Encoding]::UTF8 )
+        }
+        else
+        {
+            Write-Host $message
+            Out-File -FilePath $ENV:WINPKG_LOG -InputObject $message -Append -Encoding "UTF8"
+        }
+    }
+    else
+    {
+        $message = $record
+        $message = SanitizeString $message
+        Write-Host $message
+        Out-File -FilePath $ENV:WINPKG_LOG -InputObject "$message" -Append -Encoding "UTF8"
+    }
+}
+
+function SanitizeString($s)
+{
+    $s -replace "-password([a-z0-9]*) (\S*)", '-password$1 ****'
+}
+
+function Invoke-Cmd ($command)
+{
+    Write-Log $command
+    $out = cmd.exe /C "$command" 2>&1
+    $out | ForEach-Object { Write-LogRecord "CMD" $_ }
+    return $out
+}
+
+function Invoke-CmdChk ($command)
+{
+    Write-Log $command
+    $out = cmd.exe /C "$command" 2>&1
+    $out | ForEach-Object { Write-LogRecord "CMD" $_ }
+    if (-not ($LastExitCode  -eq 0))
+    {
+        throw "Command `"$out`" failed with exit code $LastExitCode "
+    }
+    return $out
+}
+
+function Invoke-Ps ($command)
+{
+    Write-Log $command
+    $out = powershell.exe -InputFormat none -Command "$command" 2>&1
+    #$out | ForEach-Object { Write-LogRecord "PS" $_ }
+    return $out
+}
+
+function Invoke-PsChk ($command)
+{
+    Write-Log $command
+    $out = powershell.exe -InputFormat none -Command $command 2>&1
+    $captureExitCode = $LastExitCode
+	$out | ForEach-Object { Write-LogRecord "PS" $_ }
+	if (-not ($captureExitCode  -eq 0))
+    {
+        throw "Command `"$command`" failed with exit code  $captureExitCode. Output is  `"$out`" "
+    }
+    return $out
+}
+
+### Sets HADOOP_NODE_INSTALL_ROOT if unset
+### Initializes Winpkg Environment (ENV:WINPKG_LOG and ENV:WINPKG_BIN)
+### Tests for Admin
+
+function Initialize-InstallationEnv( $scriptDir, $logFilename )
+{
+    $HDP_INSTALL_PATH = $scriptDir
+    $HDP_RESOURCES_DIR = Resolve-Path "$HDP_INSTALL_PATH\..\resources"
+
+    if( -not (Test-Path ENV:HADOOP_NODE_INSTALL_ROOT))
+    {
+        $ENV:HADOOP_NODE_INSTALL_ROOT = "c:\hadoop"
+    }
+
+    Check-Drive $ENV:HADOOP_NODE_INSTALL_ROOT "HADOOP_NODE_INSTALL_ROOT"
+
+    if( -not (Test-Path ENV:WINPKG_LOG ))
+    {
+        throw "ENV:WINPKG_LOG not set"
+    }
+    else
+    {
+        Write-Log "Logging to existing log $ENV:WINPKG_LOG" "Info"
+    }
+
+    Write-Log "Logging to $ENV:WINPKG_LOG" "Info"
+    Write-Log "HDP_INSTALL_PATH: $HDP_INSTALL_PATH"
+    Write-Log "HDP_RESOURCES_DIR: $HDP_RESOURCES_DIR"
+
+    $currentPrincipal = New-Object Security.Principal.WindowsPrincipal( [Security.Principal.WindowsIdentity]::GetCurrent( ) )
+    if ( -not ($currentPrincipal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator ) ) )
+    {
+        throw "install script must be run elevated"
+    }
+
+    return $HDP_INSTALL_PATH, $HDP_RESOURCES_DIR
+}
+
+function Test-JavaHome
+{
+    if( -not (Test-Path $ENV:JAVA_HOME\bin\java.exe))
+    {
+        throw "JAVA_HOME not set properly; $ENV:JAVA_HOME\bin\java.exe does not exist"
+    }
+}
+
+### Add service control permissions to authenticated users.
+### Reference:
+### http://stackoverflow.com/questions/4436558/start-stop-a-windows-service-from-a-non-administrator-user-account
+### http://msmvps.com/blogs/erikr/archive/2007/09/26/set-permissions-on-a-specific-service-windows.aspx
+
+function Set-ServiceAcl ($service)
+{
+    $cmd = "sc sdshow $service"
+    $sd = Invoke-Cmd $cmd
+
+    Write-Log "Current SD: $sd"
+
+    ## A;; --- allow
+    ## RP ---- SERVICE_START
+    ## WP ---- SERVICE_STOP
+    ## CR ---- SERVICE_USER_DEFINED_CONTROL
+    ## ;;;AU - AUTHENTICATED_USERS
+
+    $sd = [String]$sd
+    $sd = $sd.Replace( "S:(", "(A;;RPWPCR;;;AU)S:(" )
+    Write-Log "Modifying SD to: $sd"
+
+    $cmd = "sc sdset $service $sd"
+    Invoke-Cmd $cmd
+}
+
+function Expand-String([string] $source)
+{
+    return $ExecutionContext.InvokeCommand.ExpandString((($source -replace '"', '`"') -replace '''', '`'''))
+}
+
+function Copy-XmlTemplate( [string][parameter( Position=1, Mandatory=$true)] $Source,
+       [string][parameter( Position=2, Mandatory=$true)] $Destination,
+       [hashtable][parameter( Position=3 )] $TemplateBindings = @{} )
+{
+
+    ### Import template bindings
+    Push-Location Variable:
+
+    foreach( $key in $TemplateBindings.Keys )
+    {
+        $value = $TemplateBindings[$key]
+        New-Item -Path $key -Value $ExecutionContext.InvokeCommand.ExpandString( $value ) | Out-Null
+    }
+
+    Pop-Location
+
+    ### Copy and expand
+    $Source = Resolve-Path $Source
+
+    if( Test-Path $Destination -PathType Container )
+    {
+        $Destination = Join-Path $Destination ([IO.Path]::GetFilename( $Source ))
+    }
+
+    $DestinationDir = Resolve-Path (Split-Path $Destination -Parent)
+    $DestinationFilename = [IO.Path]::GetFilename( $Destination )
+    $Destination = Join-Path $DestinationDir $DestinationFilename
+
+    if( $Destination -eq $Source )
+    {
+        throw "Destination $Destination and Source $Source cannot be the same"
+    }
+
+    $template = [IO.File]::ReadAllText( $Source )
+    $expanded = Expand-String( $template )
+    ### Output xml files as ANSI files (same as original)
+    write-output $expanded | out-file -encoding ascii $Destination
+}
+
+# Convenience method for processing command-line credential objects
+# Assumes $credentialsHash is a hash with one of the following being true:
+#  - keys "username" and "password"/"passwordBase64" are set to strings
+#  - key "credentialFilePath" is set to the path of a serialized PSCredential object
+function Get-HadoopUserCredentials($credentialsHash)
+{
+    if($credentialsHash["username"])
+    {
+        Write-Log "Using provided credentials for username $($credentialsHash["username"])" | Out-Null
+        $username = $credentialsHash["username"]
+        if($username -notlike "*\*")
+        {
+            $username = "$ENV:COMPUTERNAME\$username"
+        }
+        if($credentialsHash["passwordBase64"])
+        {
+            $base64Password = $credentialsHash["passwordBase64"]
+            $decoded = [System.Convert]::FromBase64String($base64Password);
+            $decodedPassword = [System.Text.Encoding]::UTF8.GetString($decoded);
+            $securePassword = $decodedPassword | ConvertTo-SecureString -AsPlainText -Force
+        }
+        else
+        {
+            $securePassword = $credentialsHash["password"] | ConvertTo-SecureString -AsPlainText -Force
+        }
+    }
+    else
+    {
+        Write-Log "Reading credentials from $($credentialsHash['credentialFilePath'])" | Out-Null
+        $import = Import-Clixml -Path $credentialsHash["credentialFilePath"]
+        $username = $import.Username
+        $securePassword = $import.Password | ConvertTo-SecureString
+    }
+
+    $creds = New-Object System.Management.Automation.PSCredential $username, $securePassword
+    return $creds
+}
+
+function Check-Drive($path, $message){
+    if($path -cnotcontains ":"){
+        Write-Warning "Target path doesn't contains drive identifier, checking skipped"
+        return
+    }
+    $pathvolume = $path.Split(":")[0] + ":"
+    if (! (Test-Path ($pathvolume + '\')) ) {
+        throw "Target volume for $message $pathvolume doesn't exist"
+    }
+}
+
+Export-ModuleMember -Function Copy-XmlTemplate
+Export-ModuleMember -Function Get-HadoopUserCredentials
+Export-ModuleMember -Function Initialize-WinpkgEnv
+Export-ModuleMember -Function Initialize-InstallationEnv
+Export-ModuleMember -Function Invoke-Cmd
+Export-ModuleMember -Function Invoke-CmdChk
+Export-ModuleMember -Function Invoke-Ps
+Export-ModuleMember -Function Invoke-PsChk
+Export-ModuleMember -Function Set-ServiceAcl
+Export-ModuleMember -Function Test-JavaHome
+Export-ModuleMember -Function Write-Log

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/winpkg/src/scripts/InstallApi.psm1
----------------------------------------------------------------------
diff --git a/winpkg/src/scripts/InstallApi.psm1 b/winpkg/src/scripts/InstallApi.psm1
new file mode 100644
index 0000000..d47b22c
--- /dev/null
+++ b/winpkg/src/scripts/InstallApi.psm1
@@ -0,0 +1,1787 @@
+### Licensed to the Apache Software Foundation (ASF) under one or more
+### contributor license agreements.  See the NOTICE file distributed with
+### this work for additional information regarding copyright ownership.
+### The ASF licenses this file to You under the Apache License, Version 2.0
+### (the "License"); you may not use this file except in compliance with
+### the License.  You may obtain a copy of the License at
+###
+###     http://www.apache.org/licenses/LICENSE-2.0
+###
+### Unless required by applicable law or agreed to in writing, software
+### distributed under the License is distributed on an "AS IS" BASIS,
+### WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+### See the License for the specific language governing permissions and
+### limitations under the License.
+
+###
+### A set of basic PowerShell routines that can be used to install and
+### manage Hadoop services on a single node. For use-case see install.ps1.
+###
+
+###
+### Global variables
+###
+$ScriptDir = Resolve-Path (Split-Path $MyInvocation.MyCommand.Path)
+
+$FinalName = "ranger-@ranger.version@"
+
+###############################################################################
+###
+### Installs ranger.
+###
+### Arguments:
+###     component: Component to be installed, it can be "core, "hdfs" or "mapreduce"
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     role: Space separated list of roles that should be installed.
+###           (for example, "jobtracker historyserver" for mapreduce)
+###
+###############################################################################
+
+function Install(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $component,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=2, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=3, Mandatory=$false )]
+    $roles
+    )
+{
+
+    if ( $component -eq "ranger" )
+    {
+        InstallRangerCore $nodeInstallRoot $serviceCredential $roles
+	}
+	elseif ( $component -eq "ranger-hdfs" )
+	{
+        InstallHdfs $nodeInstallRoot $serviceCredential $roles
+	}
+	elseif ( $component -eq "ranger-hive" )
+	{
+        InstallHive $nodeInstallRoot $serviceCredential $roles
+	}
+	elseif ( $component -eq "ranger-hbase" )
+	{
+        InstallHBase $nodeInstallRoot $serviceCredential $roles
+	}
+	elseif ( $component -eq "ranger-knox" )
+	{
+        InstallKnox $nodeInstallRoot $serviceCredential $roles
+	}
+	elseif ( $component -eq "ranger-storm" )
+	{
+        InstallStorm $nodeInstallRoot $serviceCredential $roles
+	}
+    elseif ( $component -eq "ranger-usersync" )
+    {
+        InstallUserSync $nodeInstallRoot $serviceCredential $roles
+    }
+    else
+    {
+        throw "Install: Unsupported component argument."
+    }
+}
+
+
+###############################################################################
+###
+### Installs Ranger HDFS component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallRangerCore(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+	$HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $scriptDir "$FinalName.winpkg.log"
+
+	### $rangerInstallPath: the name of the folder containing the application, after unzipping
+	$rangerInstallPath = Join-Path $nodeInstallRoot $FinalName
+	$rangerAdmin = $FinalName + "-admin"
+	$rangerAdminInstallPath = Join-Path "$rangerInstallPath" "$rangerAdmin"
+	$rangerInstallToBin = Join-Path "$rangerAdminInstallPath" "bin"
+	InstallBinaries $nodeInstallRoot $serviceCredential
+
+	if ($roles) {
+		###
+		### Create Ranger Windows Services and grant user ACLS to start/stop
+		###
+		### TODO
+		Write-Log "Ranger Role Services: $roles"
+
+		### Verify that roles are in the supported set
+		### TODO
+		CheckRole $roles @("ranger")
+
+
+
+		Write-Log "Role : $roles"
+		foreach( $service in empty-null ($roles -Split('\s+')))
+		{
+			CreateAndConfigureHadoopService $service $HDP_RESOURCES_DIR $rangerInstallToBin $serviceCredential
+			if ( $service -eq "ranger" )
+			{
+				$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+				$credStorePath = $credStorePath -replace "\\", "/"
+
+				### Create Credential Store  directory
+				if( -not (Test-Path "$credStorePath"))
+				{
+					Write-Log "Creating Credential Store directory: `"$credStorePath`""
+					$cmd = "mkdir `"$credStorePath`""
+					Invoke-CmdChk $cmd
+				}
+
+				CreateJCEKS "policyDB.jdbc.password" "${ENV:RANGER_ADMIN_DB_PASSWORD}" "${ENV:RANGER_ADMIN_HOME}\cred\lib" "$credStorePath/xapolicymgr.jceks"
+				CreateJCEKS "auditDb.jdbc.password" "${ENV:RANGER_AUDIT_DB_PASSWORD}" "${ENV:RANGER_ADMIN_HOME}\cred\lib" "$credStorePath/xapolicymgr.jceks"
+				[Environment]::SetEnvironmentVariable("RANGER_ADMIN_CRED_KEYSTORE_FILE", "$credStorePath\xapolicymgr.jceks" , [EnvironmentVariableTarget]::Machine)
+				$ENV:RANGER_ADMIN_CRED_KEYSTORE_FILE = "$credStorePath/xapolicymgr.jceks"
+
+			}
+
+			###
+			### Setup ranger service config
+			###
+			$ENV:PATH="$ENV:HADOOP_HOME\bin;" + $ENV:PATH
+			Write-Log "Creating service config ${rangerInstallToBin}\$service.xml"
+			# TODO:WINDOWS take python from `which` or `where`
+			$cmd = "python $rangerInstallToBin\service_start.py --service > `"$rangerInstallToBin\$service.xml`""
+			Invoke-CmdChk $cmd
+
+			Write-Log "Configuring Ranger"
+			$cmd = "python $rangerInstallToBin\service_start.py --configure"
+			Invoke-CmdChk $cmd
+
+		}
+		### end of roles loop
+	}
+	$username = $serviceCredential.UserName
+	GiveFullPermissions $rangerInstallToBin $username $true
+	GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+	GiveFullPermissions `"$ENV:RANGER_HOME\tmp`" $username $true
+
+	Write-Log "Finished installing Ranger Admin Tool"
+
+}
+
+
+###############################################################################
+###
+### Installs Ranger HDFS component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallHdfs(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+
+        $HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $scriptDir "$FinalName.winpkg.log"
+		# This if will work on the assumption that $component ="ranger" is installed
+		# so we have the RANGER_HDFS_HOME properly set
+		$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+		$credStorePath = $credStorePath -replace "\\", "/"
+
+		# setup path variables
+        $rangerInstallPath = Join-Path $nodeInstallRoot $FinalName
+
+        Write-Log "Copying ranger-hdfs config files "
+
+		Write-Log "Checking the HADOOP_HOME Installation."
+        if( -not (Test-Path $ENV:HADOOP_HOME))
+        {
+          Write-Log "HADOOP_HOME not set properly; $ENV:HADOOP_HOME does not exist" "Failure"
+          throw "Install: HADOOP_HOME not set properly; $ENV:HADOOP_HOME does not exist."
+        }
+
+
+
+		Write-Log "Checking the HADOOP_CONF_DIR Installation."
+        if( -not (Test-Path $ENV:HADOOP_CONF_DIR))
+        {
+          Write-Log "HADOOP_CONF_DIR not set properly; $ENV:HADOOP_CONF_DIR does not exist" "Failure"
+          throw "Install: HADOOP_CONF_DIR not set properly; $ENV:HADOOP_CONF_DIR does not exist."
+        }
+
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HDFS_HOME\install\conf.templates\enable\*.xml`" `"$ENV:HADOOP_CONF_DIR`""
+        Invoke-CmdChk $xcopy_cmd
+
+		$xcopy_cmd = "xcopy /EIYF `"$HDP_INSTALL_PATH\..\template\xasecure-hadoop-env.cmd`" `"$ENV:HADOOP_CONF_DIR\`""
+        Invoke-CmdChk $xcopy_cmd
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HDFS_HOME\lib\*.jar`" `"$ENV:HADOOP_HOME\share\hadoop\common\lib\`""
+        Invoke-CmdChk $xcopy_cmd
+
+
+		CreateJCEKS "auditDBCred" "${ENV:RANGER_AUDIT_DB_PASSWORD}" "${ENV:RANGER_HDFS_HOME}\install\lib" "$credStorePath/Repo_${ENV:RANGER_HDFS_REPO}.jceks"
+
+		$username = $serviceCredential.UserName
+		GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+
+        [Environment]::SetEnvironmentVariable("RANGER_HDFS_CRED_KEYSTORE_FILE", "$credStorePath\Repo_${ENV:RANGER_HDFS_REPO}.jceks" , [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HDFS_CRED_KEYSTORE_FILE = "$credStorePath/Repo_${ENV:RANGER_HDFS_REPO}.jceks"
+
+}
+
+###############################################################################
+###
+### Installs Ranger Hive component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallHive(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+        $HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $scriptDir "$FinalName.winpkg.log"
+		# This if will work on the assumption that $component ="ranger" is installed
+		# so we have the RANGER_HIVE_HOME properly set
+		$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+		$credStorePath = $credStorePath -replace "\\", "/"
+        Write-Log "Copying ranger-hive config files "
+
+		Write-Log "Checking the HIVE_HOME Installation."
+        if( -not (Test-Path $ENV:HIVE_HOME))
+        {
+          Write-Log "HIVE_HOME not set properly; $ENV:HIVE_HOME does not exist" "Failure"
+          throw "Install: HIVE_HOME not set properly; $ENV:HIVE_HOME does not exist."
+        }
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HIVE_HOME\install\conf.templates\enable\*.xml`" `"$ENV:HIVE_HOME\conf`""
+        Invoke-CmdChk $xcopy_cmd
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HIVE_HOME\lib\*.jar`" `"$ENV:HIVE_HOME\lib\`""
+        Invoke-CmdChk $xcopy_cmd
+
+
+        if( -not (Test-Path `"$ENV:HIVE_HOME\conf\hiveserver2-site.xml`"))
+		{
+			$copy_cmd = "copy `"$ENV:RANGER_HIVE_HOME\install\conf.templates\default\configuration.xml`" `"$ENV:HIVE_HOME\conf\hiveserver2-site.xml`""
+			Invoke-CmdChk $copy_cmd
+		}
+
+        if( Test-Path `"$ENV:HIVE_HOME\bin\ext\hiveserver2.cmd`")
+		{
+			$copy_cmd = "copy `"$ENV:HIVE_HOME\bin\ext\hiveserver2.cmd`" `"$ENV:HIVE_HOME\bin\ext\hiveserver2.cmd.orig`""
+			Invoke-CmdChk $copy_cmd
+		}
+
+		$copy_cmd = "copy `"$HDP_INSTALL_PATH\..\template\hiveserver2-ranger.cmd`" `"$ENV:HIVE_HOME\bin\ext\hiveserver2.cmd`""
+		Invoke-CmdChk $copy_cmd
+
+		CreateJCEKS "auditDBCred" "${ENV:RANGER_AUDIT_DB_PASSWORD}" "${ENV:RANGER_HIVE_HOME}\install\lib" "$credStorePath/Repo_${ENV:RANGER_HIVE_REPO}.jceks"
+
+		$username = $serviceCredential.UserName
+		GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+
+        [Environment]::SetEnvironmentVariable("RANGER_HIVE_CRED_KEYSTORE_FILE", "$credStorePath\Repo_${ENV:RANGER_HIVE_REPO}.jceks" , [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HIVE_CRED_KEYSTORE_FILE = "$credStorePath/Repo_${ENV:RANGER_HIVE_REPO}.jceks"
+
+
+        #$xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HIVE_HOME\template\configuration.xml`" `"$ENV:HADOOP_CONF_DIR`""
+        #Invoke-CmdChk $xcopy_cmd
+
+
+}
+
+###############################################################################
+###
+### Installs Ranger HBase component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallHBase(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+		# This if will work on the assumption that $component ="ranger" is installed
+		# so we have the RANGER_HIVE_HOME properly set
+		$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+		$credStorePath = $credStorePath -replace "\\", "/"
+
+        Write-Log "Copying ranger-hbase config files "
+
+		Write-Log "Checking the HBASE_HOME Installation."
+        if( -not (Test-Path $ENV:HBASE_HOME))
+        {
+          Write-Log "HBASE_HOME not set properly; $ENV:HBASE_HOME does not exist" "Failure"
+          throw "Install: HBASE_HOME not set properly; $ENV:HBASE_HOME does not exist."
+        }
+
+		Write-Log "Checking the HBASE_CONF_DIR Installation."
+        if( -not (Test-Path $ENV:HBASE_CONF_DIR))
+        {
+          Write-Log "HBASE_CONF_DIR not set properly; $ENV:HBASE_CONF_DIR does not exist" "Failure"
+          throw "Install: HBASE_CONF_DIR not set properly; $ENV:HBASE_CONF_DIR does not exist."
+        }
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HBASE_HOME\install\conf.templates\enable\*.xml`" `"$ENV:HBASE_CONF_DIR`""
+        Invoke-CmdChk $xcopy_cmd
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HBASE_HOME\lib\*.jar`" `"$ENV:HBASE_HOME\lib\`""
+        Invoke-CmdChk $xcopy_cmd
+
+		CreateJCEKS "auditDBCred" "${ENV:RANGER_AUDIT_DB_PASSWORD}" "${ENV:RANGER_HBASE_HOME}\install\lib" "$credStorePath/Repo_${ENV:RANGER_HBASE_REPO}.jceks"
+
+		$username = $serviceCredential.UserName
+		GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+
+        [Environment]::SetEnvironmentVariable("RANGER_HBASE_CRED_KEYSTORE_FILE", "$credStorePath\Repo_${ENV:RANGER_HBASE_REPO}.jceks" , [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HBASE_CRED_KEYSTORE_FILE = "$credStorePath/Repo_${ENV:RANGER_HBASE_REPO}.jceks"
+
+
+        #$xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_HBASE_HOME\template\configuration.xml`" `"$ENV:HADOOP_CONF_DIR`""
+        #Invoke-CmdChk $xcopy_cmd
+
+
+}
+
+
+###############################################################################
+###
+### Installs Ranger Knox component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallKnox(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+		# This if will work on the assumption that $component ="ranger" is installed
+		# so we have the RANGER_HIVE_HOME properly set
+		$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+		$credStorePath = $credStorePath -replace "\\", "/"
+
+        Write-Log "Copying ranger-knox config files "
+
+		Write-Log "Checking the KNOX CONF DIR Installation."
+        if( -not (Test-Path $ENV:KNOX_HOME\conf))
+        {
+          Write-Log "${ENV:KNOX_HOME}\conf does not exist" "Failure"
+          throw "Install: ${ENV:KNOX_HOME}\conf dir does not exist."
+        }
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_KNOX_HOME\install\conf.templates\enable\*.xml`" `"${ENV:KNOX_HOME}\conf`""
+        Invoke-CmdChk $xcopy_cmd
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_KNOX_HOME\lib\*.jar`" `"$ENV:KNOX_HOME\lib`""
+        Invoke-CmdChk $xcopy_cmd
+
+		CreateJCEKS "auditDBCred" "${ENV:RANGER_AUDIT_DB_PASSWORD}" "${ENV:RANGER_KNOX_HOME}\install\lib" "$credStorePath/Repo_${ENV:RANGER_KNOX_REPO}.jceks"
+
+		$username = $serviceCredential.UserName
+		GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+
+        [Environment]::SetEnvironmentVariable("RANGER_KNOX_CRED_KEYSTORE_FILE", "$credStorePath\Repo_${ENV:RANGER_KNOX_REPO}.jceks" , [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_KNOX_CRED_KEYSTORE_FILE = "$credStorePath/Repo_${ENV:RANGER_KNOX_REPO}.jceks"
+
+
+        #$xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_KNOX_HOME\template\configuration.xml`" `"$ENV:HADOOP_CONF_DIR`""
+        #Invoke-CmdChk $xcopy_cmd
+
+
+}
+
+
+###############################################################################
+###
+### Installs Ranger Storm component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallStorm(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+		# This if will work on the assumption that $component ="ranger" is installed
+		# so we have the RANGER_HIVE_HOME properly set
+		$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+		$credStorePath = $credStorePath -replace "\\", "/"
+
+        Write-Log "Copying ranger-storm config files "
+
+		Write-Log "Checking the $ENV:STORM_HOME\conf Installation."
+        if( -not (Test-Path $ENV:STORM_HOME\conf))
+        {
+          Write-Log "$ENV:STORM_HOME\conf not set properly; $ENV:STORM_HOME\conf does not exist" "Failure"
+          throw "Install: $ENV:STORM_HOME\conf not set properly; $ENV:STORM_HOME\conf does not exist."
+        }
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_STORM_HOME\install\conf.templates\enable\*.xml`" `"$ENV:STORM_HOME\conf`""
+        Invoke-CmdChk $xcopy_cmd
+
+        $xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_STORM_HOME\lib\*.jar`" `"$ENV:STORM_HOME\lib`""
+        Invoke-CmdChk $xcopy_cmd
+
+		CreateJCEKS "auditDBCred" "${ENV:RANGER_AUDIT_DB_PASSWORD}" "${ENV:RANGER_STORM_HOME}\install\lib" "$credStorePath/Repo_${ENV:RANGER_STORM_REPO}.jceks"
+
+		$username = $serviceCredential.UserName
+		GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+
+        [Environment]::SetEnvironmentVariable("RANGER_STORM_CRED_KEYSTORE_FILE", "$credStorePath\Repo_${ENV:RANGER_STORM_REPO}.jceks" , [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_STORM_CRED_KEYSTORE_FILE = "$credStorePath/Repo_${ENV:RANGER_STORM_REPO}.jceks"
+
+
+        #$xcopy_cmd = "xcopy /EIYF `"$ENV:RANGER_STORM_HOME\template\configuration.xml`" `"$ENV:HADOOP_CONF_DIR`""
+        #Invoke-CmdChk $xcopy_cmd
+
+
+}
+
+
+
+###############################################################################
+###
+### Installs Ranger user-sync component.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     hdfsRole: Space separated list of  roles that should be installed.
+###               (for example, "ranger")
+###
+###############################################################################
+function InstallUserSync(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [String]
+    [Parameter( Position=2, Mandatory=$false )]
+    $roles
+    )
+{
+		# This if will work on the assumption that $component ="ranger" is installed
+		# so we have the RANGER_USERSYNC_HOME properly set
+		$HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $scriptDir "$FinalName.winpkg.log"
+        ### $rangerInstallPath: the name of the folder containing the application, after unzipping
+        $rangerInstallPath = Join-Path $nodeInstallRoot $FinalName
+        $rangerAdmin = $FinalName + "-admin"
+        $rangerAdminInstallPath = Join-Path "$rangerInstallPath" "$rangerAdmin"
+        $rangerInstallToBin = Join-Path "$rangerAdminInstallPath" "bin"
+
+		if ($roles) {
+			###
+			### Create Ranger-UserSync Windows Services and grant user ACLS to start/stop
+			###
+			### TODO
+			Write-Log "ranger-usersync Role Services: $roles"
+
+			### Verify that roles are in the supported set
+			### TODO
+			CheckRole $roles @("ranger-usersync")
+
+			Write-Log "Role : $roles"
+			foreach( $service in empty-null ($roles -Split('\s+')))
+			{
+				CreateAndConfigureHadoopService $service $HDP_RESOURCES_DIR $rangerInstallToBin $serviceCredential
+				if ( $service -eq "ranger-usersync" )
+				{
+					$credStorePath = Join-Path $ENV:RANGER_HOME "jceks"
+					$credStorePath = $credStorePath -replace "\\", "/"
+
+				    ### Create Credential Store  directory
+					if( -not (Test-Path "$credStorePath"))
+					{
+						Write-Log "Creating Credential Store directory: `"$credStorePath`""
+						$cmd = "mkdir `"$credStorePath`""
+						Invoke-CmdChk $cmd
+					}
+
+					CreateJCEKS "ldap.bind.password" "${ENV:RANGER_SYNC_LDAP_BIND_PASSWORD}" "${ENV:RANGER_ADMIN_HOME}\cred\lib" "$credStorePath/usersync.jceks"
+
+					$username = $serviceCredential.UserName
+					GiveFullPermissions `"$ENV:RANGER_HOME\jceks`" $username $true
+
+					[Environment]::SetEnvironmentVariable("RANGER_USERSYNC_CRED_KEYSTORE_FILE", "$credStorePath\usersync.jceks" , [EnvironmentVariableTarget]::Machine)
+					$ENV:RANGER_USERSYNC_CRED_KEYSTORE_FILE = "$credStorePath/usersync.jceks"
+
+				}
+
+				###
+				### Setup ranger usersync service config
+				###
+				$ENV:PATH="$ENV:HADOOP_HOME\bin;" + $ENV:PATH
+				Write-Log "Creating service config ${rangerInstallToBin}\$service.xml"
+				# TODO:WINDOWS take python from `which` or `where`
+				$cmd = "python $rangerInstallToBin\ranger_usersync.py --service > `"$rangerInstallToBin\$service.xml`""
+				Invoke-CmdChk $cmd
+			}
+	        ### end of roles loop
+        }
+		###	Install Ranger UserSync ends
+
+}
+###############################################################################
+###
+### Installs ranger binaries.
+###
+### Arguments:
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential:
+###
+###############################################################################
+function InstallBinaries(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=2, Mandatory=$true )]
+    $serviceCredential
+    )
+{
+        $HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $scriptDir "$FinalName.winpkg.log"
+
+        # setup path variables
+        $rangerInstallPath = Join-Path $nodeInstallRoot $FinalName
+        $rangerInstallToBin = Join-Path "$rangerInstallPath" "bin"
+
+        $rangerAdminFile = $FinalName + "-admin"
+        $rangerAdminPath = Join-Path $rangerInstallPath $rangerAdminFile
+
+        $rangerHdfsPluginFile = $FinalName + "-hdfs-plugin"
+        $rangerHdfsPluginPath = Join-Path $rangerInstallPath $rangerHdfsPluginFile
+
+        $rangerHBasePluginFile = $FinalName + "-hbase-plugin"
+        $rangerHBasePluginPath = Join-Path $rangerInstallPath $rangerHBasePluginFile
+
+        $rangerHivePluginFile = $FinalName + "-hive-plugin"
+        $rangerHivePluginPath = Join-Path $rangerInstallPath $rangerHivePluginFile
+
+        $rangerKnoxPluginFile = $FinalName + "-knox-plugin"
+        $rangerKnoxPluginPath = Join-Path $rangerInstallPath $rangerKnoxPluginFile
+
+        $rangerStormPluginFile = $FinalName +"-storm-plugin"
+        $rangerStormPluginPath = Join-Path $rangerInstallPath $rangerStormPluginFile
+
+        $rangerUserSyncFile = $FinalName + "-usersync"
+        $rangerUserSyncPath = Join-Path $rangerInstallPath $rangerUserSyncFile
+
+        Write-Log "Installing $FinalName to $rangerInstallPath"
+        #ranger: Installing ranger-0.1.0.2.1.1.0-1111 to D:\HDP\\ranger-0.1.0.2.1.1.0-1111
+
+        Write-Log "Checking the JAVA Installation."
+        if( -not (Test-Path $ENV:JAVA_HOME\bin\java.exe))
+        {
+            Write-Log "JAVA_HOME not set properly; $ENV:JAVA_HOME\bin\java.exe does not exist" "Failure"
+            throw "Install: JAVA_HOME not set properly; $ENV:JAVA_HOME\bin\java.exe does not exist."
+        }
+
+        Write-Log "Checking the Hadoop Installation."
+        if( -not (Test-Path $ENV:HADOOP_HOME\bin\winutils.exe))
+        {
+          Write-Log "HADOOP_HOME not set properly; $ENV:HADOOP_HOME\bin\winutils.exe does not exist" "Failure"
+          throw "Install: HADOOP_HOME not set properly; $ENV:HADOOP_HOME\bin\winutils.exe does not exist."
+        }
+
+        ### Create Install Root directory
+        if( -not (Test-Path "$rangerInstallPath"))
+        {
+            Write-Log "Creating Install Root directory: `"$rangerInstallPath`""
+            $cmd = "mkdir `"$rangerInstallPath`""
+            Invoke-CmdChk $cmd
+        }
+
+		### Create Ranger tmp directory
+        if( -not (Test-Path "$rangerInstallPath\tmp"))
+        {
+            Write-Log "Creating Install Root directory: `"$rangerInstallPath`"\tmp"
+            $cmd = "mkdir `"$rangerInstallPath`"\tmp"
+            Invoke-CmdChk $cmd
+        }
+
+        $rangerLogsDir = Join-Path $ENV:HDP_LOG_DIR "ranger"
+        ###
+        ### ACL Ranger logs directory such that machine users can write to it
+        ###
+        if( -not (Test-Path "$rangerLogsDir"))
+        {
+            Write-Log "Creating Ranger logs folder"
+            New-Item -Path "$rangerLogsDir" -type directory | Out-Null
+        }
+        GiveFullPermissions "$rangerLogsDir" "Users"
+        Write-Log "Setting the RANGER_LOG_DIR environment variable at machine scope to `"$rangerLogDir`""
+        [Environment]::SetEnvironmentVariable("RANGER_LOG_DIR", $rangerLogsDir, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_LOG_DIR = "$rangerLogsDir"
+
+        $rangerInstallPathParent = (Get-Item $rangerInstallPath).parent.FullName
+
+        ###
+        ###  Unzip Ranger secure from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerAdminFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerAdminFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerAdminFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_HOME environment variable at machine scope to `"$rangerInstallPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_HOME", $rangerInstallPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HOME = "$rangerInstallPath"
+
+
+        ###
+        ### Set RANGER_ADMIN_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_ADMIN_HOME environment variable at machine scope to `"$rangerAdminPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_ADMIN_HOME", $rangerAdminPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_ADMIN_HOME = "$rangerAdminPath"
+
+
+
+        ###
+        ###  Unzip Ranger HDFS Plugin from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerHdfsPluginFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerHdfsPluginFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerHdfsPluginFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_HDFS_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_HDFS_HOME environment variable at machine scope to `"$rangerHdfsPluginPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_HDFS_HOME", $rangerHdfsPluginPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HDFS_HOME = "$rangerHdfsPluginPath"
+
+
+
+        ###
+        ###  Unzip Ranger HIVE Plugin from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerHivePluginFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerHivePluginFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerHivePluginFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_HIVE_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_HIVE_HOME environment variable at machine scope to `"$rangerHivePluginPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_HIVE_HOME", $rangerHivePluginPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HIVE_HOME = "$rangerHivePluginPath"
+
+
+
+        ###
+        ###  Unzip Ranger HBASE Plugin from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerHBasePluginFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerHBasePluginFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerHBasePluginFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_HBASE_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_HBASE_HOME environment variable at machine scope to `"$rangerHBasePluginPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_HBASE_HOME", $rangerHBasePluginPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_HBASE_HOME = "$rangerHBasePluginPath"
+
+        ###
+        ###  Unzip Ranger Knox Plugin from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerKnoxPluginFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerKnoxPluginFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerKnoxPluginFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_KNOX_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_KNOX_HOME environment variable at machine scope to `"$rangerKnoxPluginPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_KNOX_HOME", $rangerKnoxPluginPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_KNOX_HOME = "$rangerKnoxPluginPath"
+
+        ###
+        ###  Unzip Ranger Storm Plugin from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerStormPluginFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerStormPluginFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerStormPluginFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_STORM_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_STORM_HOME environment variable at machine scope to `"$rangerStormPluginPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_STORM_HOME", $rangerStormPluginPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_STORM_HOME = "$rangerStormPluginPath"
+
+        ###
+        ###  Unzip Ranger UserSync from compressed archive
+        ###
+
+        Write-Log "Extracting $rangerUserSyncFile.zip to $rangerInstallPath"
+
+        if ( Test-Path ENV:UNZIP_CMD )
+        {
+            ### Use external unzip command if given
+            $unzipExpr = $ENV:UNZIP_CMD.Replace("@SRC", "`"$HDP_RESOURCES_DIR\$rangerUserSyncFile.zip`"")
+            $unzipExpr = $unzipExpr.Replace("@DEST", "`"$rangerInstallPath`"")
+            ### We ignore the error code of the unzip command for now to be
+            ### consistent with prior behavior.
+            Invoke-Ps $unzipExpr
+        }
+        else
+        {
+            $shellApplication = new-object -com shell.application
+            $zipPackage = $shellApplication.NameSpace("$HDP_RESOURCES_DIR\$rangerUserSyncFile.zip")
+            $destinationFolder = $shellApplication.NameSpace($rangerInstallPath)
+            $destinationFolder.CopyHere($zipPackage.Items(), 20)
+        }
+
+        ###
+        ### Set RANGER_USERSYNC_HOME environment variable
+        ###
+        Write-Log "Setting the RANGER_USERSYNC_HOME environment variable at machine scope to `"$rangerUserSyncPath`""
+        [Environment]::SetEnvironmentVariable("RANGER_USERSYNC_HOME", $rangerUserSyncPath, [EnvironmentVariableTarget]::Machine)
+        $ENV:RANGER_USERSYNC_HOME = "$rangerUserSyncPath"
+
+}
+
+
+
+###############################################################################
+###
+### Uninstalls Hadoop component.
+###
+### Arguments:
+###     component: Component to be uninstalled, it can be "core, "hdfs" or "mapreduce"
+###     nodeInstallRoot: Install folder (for example "C:\Hadoop")
+###
+###############################################################################
+
+function Uninstall(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $component,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $nodeInstallRoot
+    )
+{
+    if ( $component -eq "ranger" )
+    {
+        $HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $scriptDir "$FinalName.winpkg.log"
+
+	    Write-Log "Uninstalling ranger $FinalName"
+	    $rangerInstallPath = Join-Path $nodeInstallRoot $FinalName
+
+        ### If Ranger Core root does not exist exit early
+        if ( -not (Test-Path $rangerInstallPath) )
+        {
+            return
+        }
+
+		### Stop and delete services
+        ###
+        foreach( $service in @("ranger", "ranger-usersync"))
+        {
+            StopAndDeleteHadoopService $service
+        }
+
+	    ###
+	    ### Delete install dir
+	    ###
+	    $cmd = "rd /s /q `"$rangerInstallPath`""
+	    Invoke-Cmd $cmd
+
+        ### Removing RANGER_HOME environment variable
+        Write-Log "Removing the RANGER_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_ADMIN_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_ADMIN_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_HDFS_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HDFS_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_HBASE_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HBASE_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_HIVE_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HIVE_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_KNOX_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_KNOX_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_STORM_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_STORM_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_USERSYNC_HOME environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_USERSYNC_HOME", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_ADMIN_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_ADMIN_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_HDFS_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HDFS_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_HIVE_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HIVE_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_HBASE_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_HBASE_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_KNOX_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_KNOX_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_STORM_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_STORM_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+        Write-Log "Removing the RANGER_USERSYNC_CRED_KEYSTORE_FILE environment variable"
+        [Environment]::SetEnvironmentVariable( "RANGER_USERSYNC_CRED_KEYSTORE_FILE", $null, [EnvironmentVariableTarget]::Machine )
+
+
+        Write-Log "Successfully uninstalled ranger"
+
+    }
+    else
+    {
+        throw "Uninstall: Unsupported component argument."
+    }
+}
+
+###############################################################################
+###
+### Start component services.
+###
+### Arguments:
+###     component: Component name
+###     roles: List of space separated service to start
+###
+###############################################################################
+function StartService(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $component,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $roles
+    )
+{
+    Write-Log "Starting `"$component`" `"$roles`" services"
+
+    if ( $component -eq "ranger" )
+    {
+        Write-Log "StartService: ranger services"
+		CheckRole $roles @("ranger")
+
+        foreach ( $role in $roles -Split("\s+") )
+        {
+            Write-Log "Starting $role service"
+            Start-Service $role
+        }
+    }
+    else
+    {
+        throw "StartService: Unsupported component argument."
+    }
+}
+
+###############################################################################
+###
+### Stop component services.
+###
+### Arguments:
+###     component: Component name
+###     roles: List of space separated service to stop
+###
+###############################################################################
+function StopService(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $component,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $roles
+    )
+{
+    Write-Log "Stopping `"$component`" `"$roles`" services"
+
+    if ( $component -eq "ranger" )
+    {
+        ### Verify that roles are in the supported set
+        CheckRole $roles @("ranger")
+        foreach ( $role in $roles -Split("\s+") )
+        {
+            try
+            {
+                Write-Log "Stopping $role "
+                if (Get-Service "$role" -ErrorAction SilentlyContinue)
+                {
+                    Write-Log "Service $role exists, stopping it"
+                    Stop-Service $role
+                }
+                else
+                {
+                    Write-Log "Service $role does not exist, moving to next"
+                }
+            }
+            catch [Exception]
+            {
+                Write-Host "Can't stop service $role"
+            }
+
+        }
+    }
+    else
+    {
+        throw "StartService: Unsupported component argument."
+    }
+}
+
+
+###############################################################################
+###
+### Alters the configuration of the ranger component.
+###
+### Arguments:
+###     component: Component to be configured, it should be "ranger"
+###     nodeInstallRoot: Target install folder (for example "C:\Hadoop")
+###     serviceCredential: Credential object used for service creation
+###     configs:
+###
+###############################################################################
+function Configure(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $component,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=2, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=3 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=4 )]
+    $aclAllFolders = $True
+    )
+{
+
+    if ( $component -eq "ranger" )
+    {
+        Write-Log "Configure: ranger does not have any configurations"
+		### TODO
+    }
+	elseif ( $component -eq "ranger-hdfs" )
+    {
+		Write-Log "Configuring Ranger HDFS Plugin"
+        ConfigureRangerHdfs $nodeInstallRoot $serviceCredential $configs $aclAllFolders
+    }
+	elseif ( $component -eq "ranger-hive" )
+    {
+		Write-Log "Configuring Ranger Hive Plugin"
+        ConfigureRangerHive $nodeInstallRoot $serviceCredential $configs $aclAllFolders
+    }
+	elseif ( $component -eq "ranger-hbase" )
+    {
+		Write-Log "Configuring Ranger HBase Plugin"
+        ConfigureRangerHbase $nodeInstallRoot $serviceCredential $configs $aclAllFolders
+    }
+	elseif ( $component -eq "ranger-knox" )
+    {
+		Write-Log "Configuring Ranger Knox Plugin"
+        ConfigureRangerKnox $nodeInstallRoot $serviceCredential $configs $aclAllFolders
+    }
+	elseif ( $component -eq "ranger-storm" )
+    {
+		Write-Log "Configuring Ranger Storm Plugin"
+        ConfigureRangerStorm $nodeInstallRoot $serviceCredential $configs $aclAllFolders
+    }
+    elseif ( $component -eq "ranger-usersync" )
+    {
+		Write-Log "Configuring Ranger User Sync Plugin"
+        ConfigureRangerUserSync $nodeInstallRoot $serviceCredential $configs $aclAllFolders
+    }
+    else
+    {
+        throw "Configure: Unsupported component argument."
+    }
+}
+
+###############################################################################
+###
+### Alters the configuration of the Hadoop HDFS component for Ranger.
+###
+### Arguments:
+###   See Configure
+###############################################################################
+function ConfigureRangerHdfs(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=2 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=3 )]
+    $aclAllFolders = $True
+    )
+{
+
+	Write-Log "Modifying hadoop-env.cmd to invoke xasecure-hadoop-env.cmd"
+    $file = Join-Path $ENV:HADOOP_CONF_DIR "hadoop-env.cmd"
+
+    #$line = "`set HADOOP_NAMENODE_OPTS= -javaagent:%HADOOP_HOME%\share\hadoop\common\lib\hdfs-agent-@ranger.version@.jar=authagent  %HADOOP_NAMENODE_OPTS%"
+    $line = "`if exist %HADOOP_CONF_DIR%\xasecure-hadoop-env.cmd CALL %HADOOP_CONF_DIR%\xasecure-hadoop-env.cmd"
+	#TODO:WINDOWS Should we guard against option already being present?
+    Add-Content $file $line
+
+	### Regenerate the namenode.xml file
+	$service = "namenode"
+	Write-Log "Regenerating service config ${ENV:HADOOP_HOME}\$service.xml"
+	$cmd = "$ENV:HADOOP_HOME\bin\hdfs.cmd --service $service > `"$ENV:HADOOP_HOME\bin\$service.xml`""
+	Invoke-CmdChk $cmd
+
+    ###
+    ### Apply configuration changes to hdfs-site.xml
+    ###
+	$xmlFile = Join-Path $ENV:HADOOP_CONF_DIR "hdfs-site.xml"
+    UpdateXmlConfig $xmlFile $configs["hdfsChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-audit.xml
+    ###
+    $xmlFile = Join-Path $ENV:HADOOP_CONF_DIR "xasecure-audit.xml"
+    UpdateXmlConfig $xmlFile $configs["hdfsAuditChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-hdfs-security.xml
+    ###
+    $xmlFile = Join-Path $ENV:HADOOP_CONF_DIR "xasecure-hdfs-security.xml"
+    UpdateXmlConfig $xmlFile $configs["hdfsSecurityChanges"]
+
+
+
+ }
+
+###############################################################################
+###
+### Alters the configuration of the Hadoop Hive component for Ranger.
+###
+### Arguments:
+###   See Configure
+###############################################################################
+function ConfigureRangerHive(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=2 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=3 )]
+    $aclAllFolders = $True
+    )
+{
+
+	### Regenerate the namenode.xml file
+	$service = "hiveserver2"
+	Write-Log "Regenerating service config ${ENV:HIVE_HOME}\bin\$service.xml"
+	$cmd = "$ENV:HIVE_HOME\bin\hive.cmd --service $service catservicexml > `"$ENV:HIVE_HOME\bin\$service.xml`""
+	Invoke-CmdChk $cmd
+
+    ###
+    ### Apply configuration changes to hive-site.xml
+    ###
+	# NOT SUPPORTED post Champlain
+	#$xmlFile = Join-Path $ENV:HIVE_CONF_DIR "hive-site.xml"
+    #UpdateXmlConfig $xmlFile $configs["hivechanges"]
+
+    ###
+    ### Apply configuration changes to hiveserver2-site.xml
+    ###
+    $xmlFile = Join-Path $ENV:HIVE_HOME "conf\hiveserver2-site.xml"
+    UpdateXmlConfig $xmlFile $configs["hiveServerChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-hive-security.xml
+    ###
+    $xmlFile = Join-Path $ENV:HIVE_HOME "conf\xasecure-hive-security.xml"
+    UpdateXmlConfig $xmlFile $configs["hiveSecurityChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-audit.xml
+    ###
+    $xmlFile = Join-Path $ENV:HIVE_HOME "conf\xasecure-audit.xml"
+    UpdateXmlConfig $xmlFile $configs["hiveAuditChanges"]
+
+ }
+
+
+###############################################################################
+###
+### Alters the configuration of the Hadoop HBase component for Ranger.
+###
+### Arguments:
+###   See Configure
+###############################################################################
+function ConfigureRangerHbase(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=2 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=3 )]
+    $aclAllFolders = $True
+    )
+{
+
+    ###
+    ### Apply configuration changes to hbase-site.xml
+    ###
+	$xmlFile = Join-Path $ENV:HBASE_CONF_DIR "hbase-site.xml"
+    UpdateXmlConfig $xmlFile $configs["hbaseChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-hbase-security.xml
+    ###
+    $xmlFile = Join-Path $ENV:HBASE_CONF_DIR "xasecure-hbase-security.xml"
+    UpdateXmlConfig $xmlFile $configs["hbaseSecurityChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-audit.xml
+    ###
+    $xmlFile = Join-Path $ENV:HBASE_CONF_DIR "xasecure-audit.xml"
+    UpdateXmlConfig $xmlFile $configs["hbaseAuditChanges"]
+
+
+ }
+
+
+
+###############################################################################
+###
+### Alters the configuration of the Hadoop Knox component for Ranger.
+###
+### Arguments:
+###   See Configure
+###############################################################################
+function ConfigureRangerKnox(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=2 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=3 )]
+    $aclAllFolders = $True
+    )
+{
+
+    ###
+    ### Apply configuration changes to xasecure-hbase-security.xml
+    ###
+    $xmlFile = Join-Path $ENV:KNOX_HOME "conf\xasecure-knox-security.xml"
+    UpdateXmlConfig $xmlFile $configs["knoxSecurityChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-audit.xml
+    ###
+    $xmlFile = Join-Path $ENV:KNOX_HOME "conf\xasecure-audit.xml"
+    UpdateXmlConfig $xmlFile $configs["knoxAuditChanges"]
+
+	### TODO: Find a better way
+	$path = Join-Path $ENV:KNOX_HOME "conf\topologies"
+	Get-ChildItem -recurse -path $path -filter '*.xml' | % {
+		ReplaceString $_.FullName 'AclsAuthz' 'XASecurePDPKnox'
+	}
+
+ }
+
+
+###############################################################################
+###
+### Alters the configuration of the Hadoop Storm component for Ranger.
+###
+### Arguments:
+###   See Configure
+###############################################################################
+function ConfigureRangerStorm(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=2 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=3 )]
+    $aclAllFolders = $True
+    )
+{
+
+    ###
+    ### Apply configuration changes to xasecure-hbase-security.xml
+    ###
+    $xmlFile = Join-Path $ENV:STORM_HOME "conf\xasecure-storm-security.xml"
+    UpdateXmlConfig $xmlFile $configs["stormSecurityChanges"]
+
+    ###
+    ### Apply configuration changes to xasecure-audit.xml
+    ###
+    $xmlFile = Join-Path $ENV:STORM_HOME "conf\xasecure-audit.xml"
+    UpdateXmlConfig $xmlFile $configs["stormAuditChanges"]
+
+
+ }
+
+
+
+###############################################################################
+###
+### Alters the configuration of the Hadoop UserSync service for Ranger.
+###
+### Arguments:
+###   See Configure
+###############################################################################
+function ConfigureRangerUserSync(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $nodeInstallRoot,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=1, Mandatory=$false )]
+    $serviceCredential,
+    [hashtable]
+    [parameter( Position=2 )]
+    $configs = @{},
+    [bool]
+    [parameter( Position=3 )]
+    $aclAllFolders = $True
+    )
+{
+
+    $HDP_INSTALL_PATH, $HDP_RESOURCES_DIR = Initialize-InstallationEnv $ScriptDir "hadoop-$HadoopCoreVersion.winpkg.log" $ENV:WINPKG_BIN
+
+    #TODO:WINDOWS Check if appropriate dirs are present and env set
+    #if( -not (Test-Path $hadoopInstallToDir ))
+    #{
+    #    throw "ConfigureRangerHdfs: Install must be called before ConfigureRangerHdfs"
+    #}
+
+    #Write-Log "Modifying hadoop-env.cmd to invoke ranger-usersync-hadoop-env.cmd"
+    #$file = Join-Path $ENV:HADOOP_CONF_DIR "hadoop-env.cmd"
+    $RANGER_USERSYNC_CONF_DIR = Join-Path $ENV:RANGER_USERSYNC_HOME "conf"
+    $file = Join-Path  $RANGER_USERSYNC_CONF_DIR "unixauthservice.properties"
+
+    #TODO:WINDOWS Should we guard against option already being present?
+
+    $prop       = "usergroupSync.policymanager.baseURL"
+    $propVal    = $ENV:RANGER_EXTERNAL_URL
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "usergroupSync.sleepTimeInMillisBetweenSyncCycle"
+    $propVal    = $ENV:RANGER_SYNC_INTERVAL
+    ReplacePropertyVal $file $prop $propVal
+
+    ##Not there in ENV vars
+    if($ENV:SYNCSOURCE.ToUpper() -eq 'LDAP') {
+        $prop       = "usergroupSync.source.impl.class"
+        $propVal    = "com.xasecure.ldapusersync.process.LdapUserGroupBuilder"
+    }elseif($ENV:SYNCSOURCE.ToUpper() -eq 'UNIX') {
+        $prop       = "usergroupSync.source.impl.class"
+        $propVal    = "com.xasecure.unixusersync.process.UnixUserGroupBuilder"
+    }else{
+        $prop       = "usergroupSync.source.impl.class"
+        $propVal    = "com.xasecure.unixusersync.process.UnixUserGroupBuilder"
+    }
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.ldapUrl"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_URL
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.ldapBindDn"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_BIND_DN
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.ldapBindPassword"
+    $propVal    = "_" #$ENV:RANGER_SYNC_LDAP_BIND_PASSWORD
+    ReplacePropertyVal $file $prop $propVal
+
+    ##Not there in ENV vars
+    $prop       = "ldapGroupSync.ldapBindKeystore"
+    $propVal    = $ENV:RANGER_USERSYNC_CRED_KEYSTORE_FILE
+    ReplacePropertyVal $file $prop $propVal
+
+    ##Not there in ENV vars
+    $prop       = "ldapGroupSync.ldapBindAlias"
+    $propVal    = "ldap.bind.password"
+    ReplacePropertyVal $file $prop $propVal
+
+    ##Not there in ENV vars
+    $prop       = "ldapGroupSync.userSearchBase"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USER_SEARCH_BASE
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.userSearchScope"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USER_SEARCH_SCOPE
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.userObjectClass"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USER_OBJECT_CLASS
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.userObjectClass"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USER_OBJECT_CLASS
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.userNameAttribute"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USER_NAME_ATTRIBUTE
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.userGroupNameAttribute"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.username.caseConversion"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_USERNAME_CASE_CONVERSION
+    ReplacePropertyVal $file $prop $propVal
+
+    $prop       = "ldapGroupSync.groupname.caseConversion"
+    $propVal    = $ENV:RANGER_SYNC_LDAP_GROUPNAME_CASE_CONVERSION
+    ReplacePropertyVal $file $prop $propVal
+
+    #$prop       = "ldap.bind.password"
+    #$propVal    = $ENV:SYNC_LDAP_BIND_ALIAS
+    #ReplacePropertyVal $file $prop $propVal
+
+ }
+
+### Helper routing that converts a $null object to nothing. Otherwise, iterating over
+### a $null object with foreach results in a loop with one $null element.
+function empty-null($obj)
+{
+   if ($obj -ne $null) { $obj }
+}
+
+### Gives full permissions on the folder to the given user
+function GiveFullPermissions(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $folder,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $username,
+    [bool]
+    [Parameter( Position=2, Mandatory=$false )]
+    $recursive = $false)
+{
+    Write-Log "Giving user/group `"$username`" full permissions to `"$folder`""
+	### Give /inheritance:e because jceks files in the jceks foler is not
+	### getting it by default and hence decrypting of keystore alias is failing!
+    $cmd = "icacls `"$folder`" /inheritance:e /grant ${username}:(OI)(CI)F"
+    if ($recursive) {
+        $cmd += " /T"
+    }
+    Invoke-CmdChk $cmd
+}
+
+### Checks if the given space separated roles are in the given array of
+### supported roles.
+function CheckRole(
+    [string]
+    [parameter( Position=0, Mandatory=$true )]
+    $roles,
+    [array]
+    [parameter( Position=1, Mandatory=$true )]
+    $supportedRoles
+    )
+{
+    foreach ( $role in $roles.Split(" ") )
+    {
+        if ( -not ( $supportedRoles -contains $role ) )
+        {
+            throw "CheckRole: Passed in role `"$role`" is outside of the supported set `"$supportedRoles`""
+        }
+    }
+}
+
+### Creates and configures the service.
+function CreateAndConfigureHadoopService(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $service,
+    [String]
+    [Parameter( Position=1, Mandatory=$true )]
+    $hdpResourcesDir,
+    [String]
+    [Parameter( Position=2, Mandatory=$true )]
+    $serviceBinDir,
+    [System.Management.Automation.PSCredential]
+    [Parameter( Position=3, Mandatory=$true )]
+    $serviceCredential
+)
+{
+    if ( -not ( Get-Service "$service" -ErrorAction SilentlyContinue ) )
+    {
+		 Write-Log "Creating service `"$service`" as $serviceBinDir\$service.exe"
+        $xcopyServiceHost_cmd = "copy /Y `"$HDP_RESOURCES_DIR\serviceHost.exe`" `"$serviceBinDir\$service.exe`""
+        Invoke-CmdChk $xcopyServiceHost_cmd
+
+        #Creating the event log needs to be done from an elevated process, so we do it here
+        if( -not ([Diagnostics.EventLog]::SourceExists( "$service" )))
+        {
+            [Diagnostics.EventLog]::CreateEventSource( "$service", "" )
+        }
+
+        Write-Log "Adding service $service"
+        $s = New-Service -Name "$service" -BinaryPathName "$serviceBinDir\$service.exe" -Credential $serviceCredential -DisplayName "Apache Hadoop $service"
+        if ( $s -eq $null )
+        {
+            throw "CreateAndConfigureHadoopService: Service `"$service`" creation failed"
+        }
+
+        $cmd="$ENV:WINDIR\system32\sc.exe failure $service reset= 30 actions= restart/5000"
+        Invoke-CmdChk $cmd
+
+        $cmd="$ENV:WINDIR\system32\sc.exe config $service start= demand"
+        Invoke-CmdChk $cmd
+
+        Set-ServiceAcl $service
+    }
+    else
+    {
+        Write-Log "Service `"$service`" already exists, Removing `"$service`""
+        StopAndDeleteHadoopService $service
+        CreateAndConfigureHadoopService $service $hdpResourcesDir $serviceBinDir $serviceCredential
+    }
+}
+
+### Stops and deletes the Hadoop service.
+function StopAndDeleteHadoopService(
+    [String]
+    [Parameter( Position=0, Mandatory=$true )]
+    $service
+)
+{
+    Write-Log "Stopping $service"
+    $s = Get-Service $service -ErrorAction SilentlyContinue
+
+    if( $s -ne $null )
+    {
+        Stop-Service $service
+        $cmd = "sc.exe delete $service"
+        Invoke-Cmd $cmd
+    }
+}
+
+### Helper routine that converts a $null object to nothing. Otherwise, iterating over
+### a $null object with foreach results in a loop with one $null element.
+function empty-null($obj)
+{
+   if ($obj -ne $null) { $obj }
+}
+
+### Helper routine that updates the given fileName XML file with the given
+### key/value configuration values. The XML file is expected to be in the
+### Hadoop format. For example:
+### <configuration>
+###   <property>
+###     <name.../><value.../>
+###   </property>
+### </configuration>
+function UpdateXmlConfig(
+    [string]
+    [parameter( Position=0, Mandatory=$true )]
+    $fileName,
+    [hashtable]
+    [parameter( Position=1 )]
+    $config = @{} )
+{
+    $xml = New-Object System.Xml.XmlDocument
+    $xml.PreserveWhitespace = $true
+    $xml.Load($fileName)
+
+    foreach( $key in empty-null $config.Keys )
+    {
+        $value = $config[$key]
+        $found = $False
+        $xml.SelectNodes('/configuration/property') | ? { $_.name -eq $key } | % { $_.value = $value; $found = $True }
+        if ( -not $found )
+        {
+            $xml["configuration"].AppendChild($xml.CreateWhitespace("`r`n  ")) | Out-Null
+            $newItem = $xml.CreateElement("property")
+            $newItem.AppendChild($xml.CreateWhitespace("`r`n    ")) | Out-Null
+            $newItem.AppendChild($xml.CreateElement("name")) | Out-Null
+            $newItem.AppendChild($xml.CreateWhitespace("`r`n    ")) | Out-Null
+            $newItem.AppendChild($xml.CreateElement("value")) | Out-Null
+            $newItem.AppendChild($xml.CreateWhitespace("`r`n  ")) | Out-Null
+            $newItem.name = $key
+            $newItem.value = $value
+            $xml["configuration"].AppendChild($newItem) | Out-Null
+            $xml["configuration"].AppendChild($xml.CreateWhitespace("`r`n")) | Out-Null
+        }
+    }
+
+    $xml.Save($fileName)
+    $xml.ReleasePath
+}
+
+### Helper routine that replaces string in file
+function ReplaceString($file,$find,$replace)
+{
+    $content = Get-Content $file
+    for ($i=1; $i -le $content.Count; $i++)
+    {
+        if ($content[$i] -like "*$find*")
+        {
+            $content[$i] = $content[$i].Replace($find, $replace)
+        }
+    }
+    Set-Content -Value $content -Path $file -Force
+}
+
+### Helper routine that replaces a property value in a file
+function ReplacePropertyVal($file,$findProp,$replaceVal)
+{
+    $content = Get-Content $file
+    for ($i=1; $i -le $content.Count; $i++)
+    {
+        if($content[$i])
+        {
+            $prop = $content[$i].Split('=')[0]
+            if ($prop.trim() -eq $findProp )
+            {
+                $content[$i]= ""
+                $updatedContent = "$findProp = $replaceVal"
+                $content[$i] = $updatedContent
+            }
+        }
+    }
+    Set-Content -Value $content -Path $file -Force
+}
+
+### Function to create jceks credential file store using hortonworks credentialapi
+function CreateJCEKS (
+    [String]
+    $alias,
+    [String]
+    $password,
+	[String]
+	$libPath,
+    [String]
+    $jceksFile
+	)
+{
+
+	Write-Log "Creating alias $alias in jceks file : $jceksFile"
+    $cmd = "${ENV:JAVA_HOME}\bin\java -cp `"${libPath}\*`" com.hortonworks.credentialapi.buildks create `"${alias}`" -value `"${password}`" -provider `"jceks://file/${jceksFile}`" "
+	Invoke-Cmd $cmd
+
+}
+
+
+###
+### Public API
+###
+Export-ModuleMember -Function Install
+Export-ModuleMember -Function Uninstall
+Export-ModuleMember -Function Configure
+Export-ModuleMember -Function StartService
+Export-ModuleMember -Function StopService
+###
+### Private API (exposed for test only)
+###
+Export-ModuleMember -Function UpdateXmlConfig

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/winpkg/src/scripts/install.cmd
----------------------------------------------------------------------
diff --git a/winpkg/src/scripts/install.cmd b/winpkg/src/scripts/install.cmd
new file mode 100644
index 0000000..80927ea
--- /dev/null
+++ b/winpkg/src/scripts/install.cmd
@@ -0,0 +1,18 @@
+@echo off
+@rem Licensed to the Apache Software Foundation (ASF) under one or more
+@rem contributor license agreements.  See the NOTICE file distributed with
+@rem this work for additional information regarding copyright ownership.
+@rem The ASF licenses this file to You under the Apache License, Version 2.0
+@rem (the "License"); you may not use this file except in compliance with
+@rem the License.  You may obtain a copy of the License at
+@rem
+@rem     http://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+
+powershell.exe -NoProfile -InputFormat none -ExecutionPolicy unrestricted -File %~dp0install.ps1 %*
+goto :eof


Mime
View raw message