ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [10/33] incubator-ranger git commit: RANGER-266: Solr configuration and setup files and documentation
Date Tue, 27 Oct 2015 01:08:28 GMT
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/setup.sh b/security-admin/contrib/solr_for_audit_setup/setup.sh
new file mode 100755
index 0000000..11d5501
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/setup.sh
@@ -0,0 +1,421 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#This script downloads Solr (optional) and sets up Solr for Ranger Audit Server
+curr_dir=`pwd`
+
+. ./install.properties
+
+#Current timestamp
+ts=$(date +"%m%d%y%H%M%S")
+
+#Validate all variables
+check_java_version() {
+    #Check for JAVA_HOME
+    if [ "${JAVA_HOME}" == "" ]; then
+	echo "Error: JAVA_HOME environment property not defined, aborting installation."
+	exit 1
+    fi
+
+    export JAVA_BIN=${JAVA_HOME}/bin/java
+
+    if [ ! -x ${JAVA_BIN} ]; then
+        echo "Error: '${JAVA_BIN}' command not found"
+        exit 1;
+    fi
+
+    version=$("$JAVA_BIN" -version 2>&1 | awk -F '"' '/version/ {print $2}')
+    major=`echo ${version} | cut -d. -f1`
+    minor=`echo ${version} | cut -d. -f2`
+    if [[ "${major}" == 1 && "${minor}" < 7 ]] ; then
+	echo "Error: Java 1.7 or above is required, current java version is $version"
+	exit 1;
+    fi
+}
+
+#Check Java version. Minimum JDK 1.7 is needed
+check_java_version
+
+if [ "$SOLR_INSTALL_FOLDER" = "" ]; then
+    echo "Error: SOLR_INSTALL_FOLDER not set"
+    exit 1
+fi
+
+if [ "$SOLR_RANGER_HOME" = "" ]; then
+    echo "Error: SOLR_RANGER_HOME not set"
+    exit 1
+fi
+
+if [ "$SOLR_RANGER_PORT" = "" ]; then
+    echo "Error: SOLR_RANGER_PORT not set"
+    exit 1
+fi
+
+if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then
+    if [ "$SOLR_RANGER_DATA_FOLDER" = "" ]; then
+	echo "Error: SOLR_RANGER_DATA_FOLDER not set"
+	exit 1
+    fi
+else
+    if [ "$SOLR_ZK" = "" ]; then
+	echo "Error: SOLR_ZK not set"
+	exit 1
+    fi
+fi
+
+if [ "$SOLR_USER" = "" ]; then
+    SOLR_USER=solr
+fi
+
+if [ "$SOLR_RANGER_COLLECTION" = "" ]; then
+    SOLR_RANGER_COLLECTION=ranger_audits
+fi
+
+curr_user=`whoami`
+is_root=0
+if [ -w /etc/passwd ]; then
+    is_root=1
+fi
+
+
+if [ "$SOLR_INSTALL" = "true" -a $is_root -eq 0 ]; then
+    echo "Error: Solr will be installed only if run as root. Please download and install
before continuing"
+    exit 1
+fi
+
+if [ "$SOLR_INSTALL" = "true" -a "$SOLR_DOWNLOAD_URL" = "" ]; then
+    echo "Error: If SOLR_INSTALL=true, then SOLR_DOWNLOAD_URL can't be empty"
+    exit 1
+fi
+
+if [ "$SOLR_LOG_FOLDER" = "logs" ]; then
+    NEW_SOLR_LOG_FOLDER=$SOLR_INSTALL/server/${$SOLR_LOG_FOLDER}
+    echo "`date`|INFO|Changing SOLR_LOG_FOLDER from $SOLR_LOG_FOLDER to $NEW_SOLR_LOG_FOLDER"
+    SOLR_LOG_FOLDER=$NEW_SOLR_LOG_FOLDER
+fi
+
+function run_root_usage {
+    echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER"
+    echo "sudo mkdir -p $SOLR_RANGER_HOME"
+    echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME"
+    if [ "$SOLR_LOG_FOLDER" != "logs" ]; then
+	echo "sudo mkdir -p $SOLR_LOG_FOLDER"
+	echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_LOG_FOLDER"
+    fi
+}
+
+if [ $is_root -ne 1 ]; then
+    if [ "$SOLR_USER" != "$curr_user" ]; then
+	echo "`date`|ERROR|You need to run this script as root or as user $SOLR_USER"
+	echo "If you need to run as $SOLR_USER, then first execute the following commands as root
or sudo"
+	id $SOLR_USER 2>&1 > /dev/null
+	if [ $? -ne 0 ]; then
+	    echo "sudo adduser $SOLR_USER"
+	fi
+	run_root_usage
+	exit 1
+    fi
+
+    #Let's make $curr_user has permission to write to $SOLR_RANGER_HOME and also chown
+    mkdir -p $SOLR_RANGER_HOME 2> /dev/null
+    if [ ! -d $SOLR_RANGER_HOME ]; then
+	echo "`date`|ERROR|Solr Ranger Home folder <$SOLR_RANGER_HOME> could not be created.
Current user is $curr_user"
+	run_root_usage
+	exit 1
+    fi
+    
+    test_file=${SOLR_RANGER_HOME}/testfile_${ts}.txt
+    touch $test_file 2> /dev/null
+    if [ $? -ne 0 ]; then
+	echo "`date`|ERROR|User $curr_user doesn't have permission to write to $SOLR_RANGER_HOME."
+	run_root_usage
+	exit 1
+    fi
+    
+    chown $SOLR_USER:$SOLR_USER $test_file 2> /dev/null
+    if [ $? -ne 0 ]; then
+	echo "`date`|ERROR|User $curr_user doesn't have permission chown to $SOLR_USER in $SOLR_RANGER_HOME"
+	run_root_usage
+	exit 1
+    fi
+    rm -f $test_file
+    
+    #Solr on first time startup, it creates the webapp folder. So the $SOLR_USER needs permission
to create webapp
+    test_file=$SOLR_INSTALL_FOLDER/testfile_${ts}.txt
+    touch $test_file 2> /dev/null
+    if [ $? -ne 0 ]; then
+	echo "`date`|ERROR|User $curr_user doesn't have write permission to $SOLR_INSTALL_FOLDER"
+	run_root_usage
+	exit 1
+    fi
+    rm -f $test_file
+
+    #Let's make $curr_user has permission to write to logs folder
+    mkdir -p $SOLR_LOG_FOLDER 2> /dev/null
+    if [ ! -d $SOLR_LOG_FOLDER ]; then
+	echo "`date`|ERROR|Log folder <$SOLR_LOG_FOLDER> could not be created. Current user
is $curr_user"
+	run_root_usage
+	exit 1
+    fi
+
+    test_file=$SOLR_LOG_FOLDER/testfile_${ts}.txt
+    touch $test_file 2> /dev/null
+    if [ $? -ne 0 ]; then
+	echo "`date`|ERROR|User $curr_user doesn't have permission to write to log folder $SOLR_LOG_FOLDER"
+	run_root_usage
+	exit 1
+    fi
+    rm -f $test_file
+fi
+
+
+if [ -d $SOLR_RANGER_HOME ]; then
+    #echo "`date`|WARN|Solr Ranger Home <$SOLR_RANGER_HOME> exists. Moving to ${SOLR_RANGER_HOME}.bk.${ts}"
+    echo "`date`|INFO|Solr Ranger Home <$SOLR_RANGER_HOME> exists. Will overwrite configurations"
+    #mv $SOLR_RANGER_HOME ${SOLR_RANGER_HOME}.bk.${ts}
+fi
+
+
+#Download and install Solr if needed
+if [ "$SOLR_INSTALL" = "true" ]; then
+    if [ ! -x `which wget 2> /dev/null` ]; then
+	echo "Error: wget is not found in the path. Please install wget"
+	exit
+    fi
+
+    if [ -d $SOLR_INSTALL_FOLDER ]; then
+	echo "`date`|WARN|$SOLR_INSTALL_FOLDER exists. This script will overwrite some files"
+    fi
+    
+    echo "`date`|INFO|Downloading solr from $SOLR_DOWNLOAD_URL"
+    #Temporary create a folder to untar the folder
+    tmp_folder=/tmp/solr_untar_${ts}
+    mkdir -p ${tmp_folder}
+    cd ${tmp_folder}
+    wget $SOLR_DOWNLOAD_URL
+    #Assuming this is a new folder and there will be only one file
+    tgz_file=`ls *z`
+    if [ ! -f $tgz_file ]; then
+	echo "`date`|ERROR|Downloaded file <`pwd`/$tgz_file> not found"
+	exit 1
+    fi
+    
+    mkdir tmp
+    tar xfz $tgz_file -C tmp
+    cd tmp
+    
+    #Assuming there will only one folder begining with "s"
+    solr_folder=`ls | grep "^solr"`
+    
+    if [ ! -d $solr_folder ]; then
+	echo "`date`|ERROR|Solr temporary folder `pwd`/<$solr_folder> not found"
+	exit 1
+    fi
+
+    if [ -d $SOLR_INSTALL_FOLDER ]; then
+	echo "`date`|WARN|$SOLR_INSTALL_FOLDER exists. Moving to ${SOLR_INSTALL_FOLDER}.bk.${ts}"
+	mv $SOLR_INSTALL_FOLDER ${SOLR_INSTALL_FOLDER}.bk.${ts}
+    fi
+
+    mv $solr_folder $SOLR_INSTALL_FOLDER
+    rm -rf $tmp_folder
+    echo "`date`|INFO|Installed Solr in $SOLR_INSTALL_FOLDER"
+fi
+
+if [ ! -d $SOLR_INSTALL_FOLDER ]; then
+    echo "`date`|ERROR|$SOLR_INSTALL_FOLDER not found. Check \$SOLR_INSTALL_FOLDER"
+    exit 1
+fi
+
+if [ ! -x $SOLR_INSTALL_FOLDER/bin/solr ]; then
+    echo "`date`|ERROR|Solr doesn't seem to be installed properly. $SOLR_INSTALL_FOLDER/bin/solr
doesn't exist. Please check $SOLR_INSTALL_FOLDER"
+    exit 1
+fi
+
+########## At this point, we have the Solr installed folder ####
+
+######### Copy the Solr config file for Ranger ######
+cd $curr_dir
+
+mkdir -p $SOLR_RANGER_HOME/resources
+cp -r resources/* $SOLR_RANGER_HOME/resources
+
+if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then
+    echo "`date`|INFO|Configuring standalone instance"
+    echo "`date`|INFO|Copying Ranger Audit Server configuration to $SOLR_RANGER_HOME"
+    cp -r solr_standalone/* $SOLR_RANGER_HOME
+    mkdir -p $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/conf
+    cp -r conf/* $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/conf
+    sed  "s#__RANGER_AUDITS_DATA_FOLDER__#$SOLR_RANGER_DATA_FOLDER#g" $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/core.properties.template
> $SOLR_RANGER_HOME/${SOLR_RANGER_COLLECTION}/core.properties
+    sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_MAX_MEM__#$SOLR_MAX_MEM#g"
-e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_RANGER_HOME__#$SOLR_RANGER_HOME#g"
-e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/scripts/start_solr.sh.template
> $SOLR_RANGER_HOME/scripts/start_solr.sh
+
+else
+
+    echo "`date`|INFO|Configuring SolrCloud instance"
+    cp -r solr_cloud/* $SOLR_RANGER_HOME
+    mkdir -p $SOLR_RANGER_HOME/conf
+    cp -r conf/* $SOLR_RANGER_HOME/conf
+
+    #Get the first ZooKeeper host:port/path
+    FIRST_SOLR_ZK=$(IFS="," ; set -- $SOLR_ZK ; echo $1)
+
+    sed  -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g"  -e "s#__SOLR_MAX_MEM__#$SOLR_MAX_MEM#g"
-e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g" -e "s#__SOLR_RANGER_HOME__#$SOLR_RANGER_HOME#g"
-e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" -e "s#__SOLR_ZK__#$SOLR_ZK#g" -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g"
$SOLR_RANGER_HOME/scripts/start_solr.sh.template > $SOLR_RANGER_HOME/scripts/start_solr.sh
+
+    sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g"
-e "s#__SOLR_RANGER_HOME__#$SOLR_RANGER_HOME#g" -e "s#__SOLR_ZK__#$FIRST_SOLR_ZK#g" $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh.template
> $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh
+    sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g"
-e "s#__SOLR_ZK__#$SOLR_ZK#g" -e "s#__SOLR_HOST_URL__#$SOLR_HOST_URL#g"  -e "s#__SOLR_SHARDS__#$SOLR_SHARDS#g"
 -e "s#__SOLR_REPLICATION__#$SOLR_REPLICATION#g"  $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh.template
> $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh
+    sed -e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" $SOLR_RANGER_HOME/solr.xml.template >
$SOLR_RANGER_HOME/solr.xml
+fi
+
+#Common overrides
+sed -e "s#__JAVA_HOME__#$JAVA_HOME#g" -e "s#__SOLR_USER__#$SOLR_USER#g" -e "s#__SOLR_INSTALL_DIR__#$SOLR_INSTALL_FOLDER#g"
-e "s#__SOLR_PORT__#$SOLR_RANGER_PORT#g" -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/scripts/stop_solr.sh.template
> $SOLR_RANGER_HOME/scripts/stop_solr.sh
+sed  -e "s#__SOLR_LOG_FOLDER__#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/resources/log4j.properties.template
> $SOLR_RANGER_HOME/resources/log4j.properties
+
+
+#Let's make all ownership is given to $SOLR_USER
+if [ $is_root -eq 1 ]; then
+    #Let's see if $SOLR_USER exists.
+    id $SOLR_USER 2>&1 > /dev/null
+    if [ $? -ne 0 ]; then
+	echo "`date`|INFO|Creating user $SOLR_USER"
+	adduser $SOLR_USER
+    fi
+
+    chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER
+    mkdir -p $SOLR_RANGER_HOME
+    chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME
+    mkdir -p $SOLR_LOG_FOLDER
+    chown -R $SOLR_USER:$SOLR_USER $SOLR_LOG_FOLDER
+else
+    chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME
+fi
+chmod a+x $SOLR_RANGER_HOME/scripts/*.sh
+
+SOLR_INSTALL_NOTES=$SOLR_RANGER_HOME/install_notes.txt
+echo "Solr installation notes for Ranger Audits." > $SOLR_INSTALL_NOTES
+
+cat > $SOLR_INSTALL_NOTES <<EOF
+Solr installation notes for Ranger Audits.
+
+Note: Don't edit this file. It will be over written if you run $0 again.
+
+EOF
+
+if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then
+cat >> $SOLR_INSTALL_NOTES <<EOF
+You have installed Solr in standalone mode.
+
+Note: In production deployment, it is recommended to run in SolrCloud mode with at least
2 nodes and replication factor 2
+
+EOF
+else
+
+cat >> $SOLR_INSTALL_NOTES <<EOF
+You have installed Solr in SolrCloud mode. You will have to do additional steps to create
the collections for Ranger Audit. See below for instructions:
+EOF
+
+    if [ "$SOLR_REPLICATION" = "1" ]; then
+cat >> $SOLR_INSTALL_NOTES <<EOF
+
+Note: In production deployment, it is recommended to run in SolrCloud mode with at least
2 nodes with replication factor 2
+EOF
+    fi
+
+cat >> $SOLR_INSTALL_NOTES <<EOF
+
+*** IMPORTANT ***
+For configuring SolrCloud, you need to do the following:
+EOF
+
+if [ "$SOLR_REPLICATION" != "1" ]; then
+    cat >> $SOLR_INSTALL_NOTES <<EOF
+1. Using $0 script install and configure Solr for Ranger Audits on all other nodes also (don't
start it yet)
+2. Execute $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh (only once from any
node)
+3. Start Solr on all nodes: $SOLR_RANGER_HOME/scripts/start_solr.sh
+4. Create Ranger Audit collection: $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh
(only once from any node)
+
+EOF
+else 
+    cat >> $SOLR_INSTALL_NOTES <<EOF
+1. Add Ranger Audit config to ZooKeeper: $SOLR_RANGER_HOME/scripts/add_ranger_audits_conf_to_zk.sh
+2. Start Solr: $SOLR_RANGER_HOME/scripts/start_solr.sh
+3. Create Ranger Audit collection: $SOLR_RANGER_HOME/scripts/create_ranger_audits_collection.sh
+
+EOF
+    
+fi
+fi
+
+cat >> $SOLR_INSTALL_NOTES <<EOF
+Start and Stoping Solr:
+EOF
+
+if [ "$SOLR_USER" != "root" ]; then
+    cat >> $SOLR_INSTALL_NOTES <<EOF
+Login as user $SOLR_USER or root and the run the below commands to start or stop Solr:
+EOF
+else
+    cat >> $SOLR_INSTALL_NOTES <<EOF
+Login as root and the run the below commands to start or stop Solr:
+EOF
+
+fi
+
+cat >> $SOLR_INSTALL_NOTES <<EOF
+
+To start Solr run: $SOLR_RANGER_HOME/scripts/start_solr.sh
+To stop Solr run: $SOLR_RANGER_HOME/scripts/stop_solr.sh
+
+After starting Solr for RangerAudit, Solr will listen at $SOLR_RANGER_PORT. E.g http://`hostname
-f`:$SOLR_RANGER_PORT
+
+Configure Ranger to use the following URL http://`hostname -f`:$SOLR_RANGER_PORT/solr/${SOLR_RANGER_COLLECTION}
+
+Solr HOME for Ranger Audit is $SOLR_RANGER_HOME
+
+EOF
+
+if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then
+cat >> $SOLR_INSTALL_NOTES <<EOF
+DATA FOLDER: $SOLR_RANGER_DATA_FOLDER
+
+Make sure you have enough disk space for index. In production, it is recommended to have
at least 1TB free.
+`df -h $SOLR_RANGER_DATA_FOLDER`
+EOF
+else
+cat >> $SOLR_INSTALL_NOTES <<EOF
+SOLR_REPLICATION: $SOLR_REPLICATION
+SOLR_SHARDS: $SOLR_SHARDS
+DATA FOLDERS: $SOLR_RANGER_HOME/ranger_audits_shard*
+
+Make sure you have enough disk space for index. In production, it is recommended to have
at least 1TB free.
+`df -h $SOLR_RANGER_HOME`
+EOF
+fi
+
+echo "`date`|INFO|Done configuring Solr for Apache Ranger Audit"
+echo "`date`|INFO|Solr HOME for Ranger Audit is $SOLR_RANGER_HOME"
+if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then
+    echo "`date`|INFO|Data folder for Audit logs is $SOLR_RANGER_DATA_FOLDER"
+fi
+echo "`date`|INFO|To start Solr run $SOLR_RANGER_HOME/scripts/start_solr.sh"
+echo "`date`|INFO|To stop Solr run $SOLR_RANGER_HOME/scripts/stop_solr.sh"
+echo "`date`|INFO|After starting Solr for RangerAudit, it will listen at $SOLR_RANGER_PORT.
E.g http://`hostname -f`:$SOLR_RANGER_PORT"
+echo "`date`|INFO|Configure Ranger to use the following URL http://`hostname -f`:$SOLR_RANGER_PORT/solr/${SOLR_RANGER_COLLECTION}"
+if [ "$SOLR_DEPLOYMENT" = "solrcloud" ]; then
+    echo "`date`|INFO|Please refer to $SOLR_INSTALL_NOTES for instructions for setting up
collections in SolrCloud"
+fi
+echo "########## Done ###################"
+echo "Created file $SOLR_INSTALL_NOTES with instructions to start and stop"
+echo "###################################"

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template
b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template
new file mode 100755
index 0000000..3d70106
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/add_ranger_audits_conf_to_zk.sh.template
@@ -0,0 +1,63 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#This scripts add the ranger_audit configuration with schema to zookeeper
+
+function usage {
+    echo "Error: The following properties need to be set in the script SOLR_ZK, SOLR_INSTALL_DIR
and SOLR_RANGER_HOME"
+    exit 1
+}
+
+JAVA_HOME=__JAVA_HOME__
+SOLR_USER=__SOLR_USER__
+SOLR_ZK=__SOLR_ZK__
+SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__
+SOLR_RANGER_HOME=__SOLR_RANGER_HOME__
+
+if [ "`whoami`" != "$SOLR_USER" ]; then
+    if [ -w /etc/passwd ]; then
+	echo "Running this script as $SOLR_USER..."
+	su $SOLR_USER $0
+    else
+	echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running
it as `whoami`"
+    fi
+    
+    exit 1
+fi
+
+if [ "$SOLR_ZK" = "" ]; then
+    usage
+fi
+
+if [ "$SOLR_INSTALL_DIR" = "" ]; then
+    usage
+fi
+
+if [ "$SOLR_RANGER_HOME" = "" ]; then
+    usage
+fi
+
+SOLR_RANGER_CONFIG_NAME=ranger_audits
+SOLR_RANGER_CONFIG_LOCAL_PATH=${SOLR_RANGER_HOME}/conf
+ZK_CLI=$SOLR_INSTALL_DIR/server/scripts/cloud-scripts/zkcli.sh
+
+
+if [ ! -x $ZK_CLI ]; then
+    echo "Error: $ZK_CLI is not found or you don't have permission to execute it."
+    exit 1
+fi
+set -x
+$ZK_CLI -cmd upconfig -zkhost $SOLR_ZK -confname $SOLR_RANGER_CONFIG_NAME -confdir $SOLR_RANGER_CONFIG_LOCAL_PATH

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template
b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template
new file mode 100755
index 0000000..c44255c
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/create_ranger_audits_collection.sh.template
@@ -0,0 +1,33 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SOLR_HOST_URL=__SOLR_HOST_URL__
+SOLR_ZK=__SOLR_ZK__
+SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__
+SHARDS=__SOLR_SHARDS__
+REPLICATION=__SOLR_REPLICATION__
+
+CONF_NAME=ranger_audits
+COLLECTION_NAME=ranger_audits
+
+which curl 2>&1 > /dev/null
+if [ $? -ne 0 ]; then
+    echo "curl is not fould. Please install it for creating the collection"
+    exit 1
+fi
+
+set -x
+curl --negotiate -u : "${SOLR_HOST_URL}/solr/admin/collections?action=CREATE&name=${COLLECTION_NAME}&numShards=${SHARDS}&replicationFactor=${REPLICATION}&collection.configName=$CONF_NAME&maxShardsPerNode=100"

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template
b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template
new file mode 100755
index 0000000..f5a327e
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/start_solr.sh.template
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+JAVA_HOME=__JAVA_HOME__
+SOLR_USER=__SOLR_USER__
+SOLR_ZK=__SOLR_ZK__
+SOLR_MEMORY=__SOLR_MAX_MEM__
+SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__
+SOLR_RANGER_HOME=__SOLR_RANGER_HOME__
+SOLR_PORT=__SOLR_PORT__
+SOLR_LOG4J_FILEPATH=$SOLR_RANGER_HOME/resources/log4j.properties
+
+export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__
+
+if [ "`whoami`" != "$SOLR_USER" ]; then
+    if [ -w /etc/passwd ]; then
+	echo "Running this script as $SOLR_USER..."
+	su $SOLR_USER $0
+    else
+	echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running
it as `whoami`"
+    fi
+    
+    exit 1
+fi
+
+$SOLR_INSTALL_DIR/bin/solr start -p $SOLR_PORT -d $SOLR_INSTALL_DIR/server -m $SOLR_MEMORY
-s $SOLR_RANGER_HOME -Dlog4j.configuration=file://$SOLR_LOG4J_FILEPATH -c -z $SOLR_ZK

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template
b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template
new file mode 100755
index 0000000..5b85c25
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/scripts/stop_solr.sh.template
@@ -0,0 +1,35 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+JAVA_HOME=__JAVA_HOME__
+SOLR_USER=__SOLR_USER__
+SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__
+SOLR_PORT=__SOLR_PORT__
+
+export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__
+
+if [ "`whoami`" != "$SOLR_USER" ]; then
+    if [ -w /etc/passwd ]; then
+	echo "Running this script as $SOLR_USER..."
+	su $SOLR_USER $0
+    else
+	echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running
it as `whoami`"
+    fi
+    
+    exit 1
+fi
+
+$SOLR_INSTALL_DIR/bin/solr stop -p $SOLR_PORT

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template b/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template
new file mode 100644
index 0000000..2fab751
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_cloud/solr.xml.template
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<solr>
+  <solrcloud>
+    <str name="host">${host:}</str>
+    <int name="hostPort">${jetty.port:__SOLR_PORT__}</int>
+    <str name="hostContext">${hostContext:solr}</str>
+    <int name="zkClientTimeout">${zkClientTimeout:15000}</int>
+    <bool name="genericCoreNodeNames">${genericCoreNodeNames:true}</bool>
+  </solrcloud>
+</solr>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template
b/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template
new file mode 100644
index 0000000..f2d3205
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/ranger_audits/core.properties.template
@@ -0,0 +1,20 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name=ranger_audits
+config=solrconfig.xml
+schema=schema.xml
+dataDir=__RANGER_AUDITS_DATA_FOLDER__

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template
b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template
new file mode 100755
index 0000000..2a4bb38
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/start_solr.sh.template
@@ -0,0 +1,38 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+JAVA_HOME=__JAVA_HOME__
+SOLR_USER=__SOLR_USER__
+SOLR_MEMORY=__SOLR_MAX_MEM__
+SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__
+SOLR_RANGER_HOME=__SOLR_RANGER_HOME__
+SOLR_PORT=__SOLR_PORT__
+SOLR_LOG4J_FILEPATH=$SOLR_RANGER_HOME/resources/log4j.properties
+
+export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__
+
+if [ "`whoami`" != "$SOLR_USER" ]; then
+    if [ -w /etc/passwd ]; then
+	echo "Running this script as $SOLR_USER..."
+	su $SOLR_USER $0
+    else
+	echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running
it as `whoami`"
+    fi
+    
+    exit 1
+fi
+
+$SOLR_INSTALL_DIR/bin/solr start -p $SOLR_PORT -d $SOLR_INSTALL_DIR/server -m $SOLR_MEMORY
-s $SOLR_RANGER_HOME -Dlog4j.configuration=file://$SOLR_LOG4J_FILEPATH

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template
b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template
new file mode 100755
index 0000000..5b85c25
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/scripts/stop_solr.sh.template
@@ -0,0 +1,35 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+JAVA_HOME=__JAVA_HOME__
+SOLR_USER=__SOLR_USER__
+SOLR_INSTALL_DIR=__SOLR_INSTALL_DIR__
+SOLR_PORT=__SOLR_PORT__
+
+export SOLR_LOGS_DIR=__SOLR_LOG_FOLDER__
+
+if [ "`whoami`" != "$SOLR_USER" ]; then
+    if [ -w /etc/passwd ]; then
+	echo "Running this script as $SOLR_USER..."
+	su $SOLR_USER $0
+    else
+	echo "ERROR: You need to run this script $0 as user $SOLR_USER. You are currently running
it as `whoami`"
+    fi
+    
+    exit 1
+fi
+
+$SOLR_INSTALL_DIR/bin/solr stop -p $SOLR_PORT

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml
----------------------------------------------------------------------
diff --git a/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml b/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml
new file mode 100644
index 0000000..4720e05
--- /dev/null
+++ b/security-admin/contrib/solr_for_audit_setup/solr_standalone/solr.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<solr>
+</solr>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c5ae2edd/src/main/assembly/admin-web.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml
index 4f34ef6..7a8dca0 100644
--- a/src/main/assembly/admin-web.xml
+++ b/src/main/assembly/admin-web.xml
@@ -361,6 +361,13 @@
 		<directory>security-admin/db</directory>
 		<fileMode>544</fileMode>
 	</fileSet>
+
+	<fileSet>
+		<outputDirectory>/contrib</outputDirectory>
+		<directory>security-admin/contrib</directory>
+		<fileMode>544</fileMode>
+	</fileSet>
+
 	<fileSet>
 		<outputDirectory>/</outputDirectory>
 		<directory>security-admin/scripts</directory>


Mime
View raw message