Google Git
Sign in
apache / ranger / 797725221637736ae5a9836ff994477a8c5b8fd8 / . / agents-common / scripts / enable-agent.sh
blob: badea189860892c40a3e56410c066bbf7b8088f8 [file] [log] [blame]
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
function getInstallProperty() {
local propertyName=$1
local propertyValue=""
for file in "${COMPONENT_INSTALL_ARGS}" "${INSTALL_ARGS}"
do
if [ -f "${file}" ]
then
propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'`
if [ "${propertyValue}" != "" ]
then
break
fi
fi
done
echo ${propertyValue}
}
#
# Base env variable for Ranger related files/directories
#
PROJ_NAME=ranger
#
# The script should be run by "root" user
#
if [ ! -w /etc/passwd ]
then
echo "ERROR: $0 script should be run as root."
exit 1
fi
#Check for JAVA_HOME
if [ "${JAVA_HOME}" == "" ]
then
echo "ERROR: JAVA_HOME environment property not defined, aborting installation."
exit 1
fi
#
# Identify the component, action from the script file
#
basedir=`dirname $0`
if [ "${basedir}" = "." ]
then
basedir=`pwd`
elif [ "${basedir}" = ".." ]
then
basedir=`(cd .. ;pwd)`
fi
#
# As this script is common to all component, find the component name based on the script-name
#
COMPONENT_NAME=`basename $0 | cut -d. -f1 | sed -e 's:^disable-::' | sed -e 's:^enable-::'`
echo "${COMPONENT_NAME}" | grep 'plugin' > /dev/null 2>&1
if [ $? -ne 0 ]
then
echo "$0 : is not applicable for component [${COMPONENT_NAME}]. It is applicable only for ranger plugin component; Exiting ..."
exit 0
fi
HCOMPONENT_NAME=`echo ${COMPONENT_NAME} | sed -e 's:-plugin::'`
CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}"
if [ "${HCOMPONENT_NAME}" = "hdfs" ]
then
HCOMPONENT_NAME="hadoop"
fi
#
# Based on script name, identify if the action is enabled or disabled
#
basename $0 | cut -d. -f1 | grep '^enable-' > /dev/null 2>&1
if [ $? -eq 0 ]
then
action=enable
else
action=disable
fi
#
# environment variables for enable|disable scripts
#
PROJ_INSTALL_DIR=`(cd ${basedir} ; pwd)`
SET_ENV_SCRIPT_NAME=set-${COMPONENT_NAME}-env.sh
SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME}
DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/install/conf.templates/default/configuration.xml
PROJ_LIB_DIR=${PROJ_INSTALL_DIR}/lib
PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/install/lib"
INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties"
COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/${COMPONENT_NAME}-install.properties"
JAVA=$JAVA_HOME/bin/java
PLUGIN_DEPENDENT_LIB_DIR=lib/"${PROJ_NAME}-${COMPONENT_NAME}-impl"
PROJ_LIB_PLUGIN_DIR=${PROJ_INSTALL_DIR}/${PLUGIN_DEPENDENT_LIB_DIR}
HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME')
CUSTOM_USER=$(getInstallProperty 'CUSTOM_USER')
CUSTOM_USER=${CUSTOM_USER// }
CUSTOM_GROUP=$(getInstallProperty 'CUSTOM_GROUP')
CUSTOM_GROUP=${CUSTOM_GROUP// }
CUSTOM_GROUP_STATUS=${CUSTOM_GROUP};
CUSTOM_USER_STATUS=${CUSTOM_USER};
egrep "^$CUSTOM_GROUP" /etc/group >& /dev/null
if [ $? -ne 0 ]
then
CUSTOM_GROUP_STATUS=""
fi
id -u ${CUSTOM_USER} > /dev/null 2>&1
if [ $? -ne 0 ]
then
CUSTOM_USER_STATUS=""
fi
if [ ! -z "${CUSTOM_USER_STATUS}" ] && [ ! -z "${CUSTOM_GROUP_STATUS}" ]
then
echo "Custom user and group is available, using custom user and group."
CFG_OWNER_INF="${CUSTOM_USER}:${CUSTOM_GROUP}"
elif [ ! -z "${CUSTOM_USER_STATUS}" ] && [ -z "${CUSTOM_GROUP_STATUS}" ]
then
echo "Custom user is available, using custom user and default group."
CFG_OWNER_INF="${CUSTOM_USER}:${HCOMPONENT_NAME}"
elif [ -z "${CUSTOM_USER_STATUS}" ] && [ ! -z "${CUSTOM_GROUP_STATUS}" ]
then
echo "Custom group is available, using default user and custom group."
CFG_OWNER_INF="${HCOMPONENT_NAME}:${CUSTOM_GROUP}"
else
echo "Custom user and group are not available, using default user and group."
CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}"
fi
if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ]
then
if [ "${HCOMPONENT_NAME}" = "knox" ];
then
HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'KNOX_HOME')
fi
if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ]
then
HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME}
fi
fi
firstletter=${HCOMPONENT_INSTALL_DIR_NAME:0:1}
if [ "$firstletter" = "/" ]; then
hdir=${HCOMPONENT_INSTALL_DIR_NAME}
else
hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME}
fi
#
# TEST - START
#
if [ ! -d ${hdir} ]
then
mkdir -p ${hdir}
fi
#
# TEST - END
#
HCOMPONENT_INSTALL_DIR=`(cd ${hdir} ; pwd)`
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/lib
if [ "${HCOMPONENT_NAME}" = "knox" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/ext
elif [ "${HCOMPONENT_NAME}" = "solr" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib
elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libs
elif [ "${HCOMPONENT_NAME}" = "storm" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/extlib-daemon
elif [ "${HCOMPONENT_NAME}" = "atlas" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libext
elif [ "${HCOMPONENT_NAME}" = "hadoop" ] ||
[ "${HCOMPONENT_NAME}" = "yarn" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/share/hadoop/hdfs/lib
elif [ "${HCOMPONENT_NAME}" = "sqoop" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/server/lib
elif [ "${HCOMPONENT_NAME}" = "kylin" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/tomcat/webapps/kylin/WEB-INF/lib
elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugins
elif [ "${HCOMPONENT_NAME}" = "presto" ]; then
HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugin/ranger
if [ ! -d "${HCOMPONENT_LIB_DIR}" ]; then
echo "INFO: Creating ${HCOMPONENT_LIB_DIR}"
mkdir -p ${HCOMPONENT_LIB_DIR}
fi
fi
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
if [ "${HCOMPONENT_NAME}" = "solr" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/resources
if [ ! -d $HCOMPONENT_CONF_DIR ]; then
install_owner=`ls -ld | cut -f 3 -d " "`
echo "INFO: Creating $HCOMPONENT_CONF_DIR"
mkdir -p $HCOMPONENT_CONF_DIR
echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $install_owner"
chown $install_owner:$install_owner $HCOMPONENT_CONF_DIR
fi
elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/config
elif [ "${HCOMPONENT_NAME}" = "hadoop" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc/hadoop
elif [ "${HCOMPONENT_NAME}" = "yarn" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc/hadoop
elif [ "${HCOMPONENT_NAME}" = "sqoop" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf
elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/config/ranger-elasticsearch-plugin
if [ ! -d $HCOMPONENT_CONF_DIR ]; then
echo "INFO: Creating $HCOMPONENT_CONF_DIR"
mkdir -p $HCOMPONENT_CONF_DIR
echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $CFG_OWNER_INF"
chown $CFG_OWNER_INF $HCOMPONENT_CONF_DIR
fi
elif [ "${HCOMPONENT_NAME}" = "presto" ]; then
HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc
fi
HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive
SET_ENV_SCRIPT=${HCOMPONENT_CONF_DIR}/${SET_ENV_SCRIPT_NAME}
if [ ! -d "${HCOMPONENT_INSTALL_DIR}" ]
then
echo "ERROR: Unable to find the install directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_INSTALL_DIR}] not found."
echo "Exiting installation."
exit 1
fi
if [ ! -d "${HCOMPONENT_CONF_DIR}" ]
then
echo "ERROR: Unable to find the conf directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_CONF_DIR}] not found."
echo "Exiting installation."
exit 1
fi
if [ ! -d "${HCOMPONENT_LIB_DIR}" ]
then
mkdir -p "${HCOMPONENT_LIB_DIR}"
if [ ! -d "${HCOMPONENT_LIB_DIR}" ]
then
echo "ERROR: Unable to find the lib directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_LIB_DIR}] not found."
echo "Exiting installation."
exit 1
fi
fi
ambari_hive_install="N"
if [ "${HCOMPONENT_NAME}" = "hive" ]
then
HCOMPONENT_CONF_SERVER_DIR="${HCOMPONENT_CONF_DIR}"/conf.server
if [ -d "${HCOMPONENT_CONF_SERVER_DIR}" ]
then
ambari_hive_install="Y"
fi
fi
#
# Common functions used by all enable/disable scripts
#
log() {
echo "+ `date` : $*"
}
create_jceks() {
alias=$1
pass=$2
jceksFile=$3
if [ -f "${jceksFile}" ]
then
jcebdir=`dirname ${jceksFile}`
jcebname=`basename ${jceksFile}`
archive_jce=${jcebdir}/.${jcebname}.`date '+%Y%m%d%H%M%S'`
log "Saving current JCE file: ${jceksFile} to ${archive_jce} ..."
cp ${jceksFile} ${archive_jce}
fi
tempFile=/tmp/jce.$$.out
$JAVA_HOME/bin/java -cp ":${PROJ_INSTALL_LIB_DIR}/*:" org.apache.ranger.credentialapi.buildks create "${alias}" -value "${pass}" -provider "jceks://file${jceksFile}" > ${tempFile} 2>&1
if [ $? -ne 0 ]
then
echo "Unable to store password in non-plain text format. Error: [`cat ${tempFile}`]"
echo "Exiting plugin installation"
rm -f ${tempFile}
exit 0
fi
rm -f ${tempFile}
}
log "${HCOMPONENT_NAME}: lib folder=$HCOMPONENT_LIB_DIR conf folder=$HCOMPONENT_CONF_DIR"
#
# If there is a set-ranger-${COMPONENT}-env.sh, install it
#
dt=`date '+%Y%m%d-%H%M%S'`
if [ -f "${SET_ENV_SCRIPT_TEMPLATE}" ]
then
#
# If the setenv script already exists, move it to the archive folder
#
if [ -f "${SET_ENV_SCRIPT}" ]
then
if [ ! -d "${HCOMPONENT_ARCHIVE_CONF_DIR}" ]
then
mkdir -p ${HCOMPONENT_ARCHIVE_CONF_DIR}
fi
log "Saving current ${SET_ENV_SCRIPT_NAME} to ${HCOMPONENT_ARCHIVE_CONF_DIR} ..."
mv ${SET_ENV_SCRIPT} ${HCOMPONENT_ARCHIVE_CONF_DIR}/${SET_ENV_SCRIPT_NAME}.${dt}
fi
if [ "${action}" = "enable" ]
then
cp ${SET_ENV_SCRIPT_TEMPLATE} ${SET_ENV_SCRIPT}
DEST_SCRIPT_FILE=${HCOMPONENT_INSTALL_DIR}/libexec/${HCOMPONENT_NAME}-config.sh
DEST_SCRIPT_ARCHIVE_FILE=${HCOMPONENT_INSTALL_DIR}/libexec/.${HCOMPONENT_NAME}-config.sh.${dt}
if [ -f "${DEST_SCRIPT_FILE}" ]
then
log "Saving current ${DEST_SCRIPT_FILE} to ${DEST_SCRIPT_ARCHIVE_FILE} ..."
cp ${DEST_SCRIPT_FILE} ${DEST_SCRIPT_ARCHIVE_FILE}
grep 'xasecure-.*-env.sh' ${DEST_SCRIPT_FILE} > /dev/null 2>&1
if [ $? -eq 0 ]
then
ts=`date '+%Y%m%d%H%M%S'`
grep -v 'xasecure-.*-env.sh' ${DEST_SCRIPT_FILE} > ${DEST_SCRIPT_FILE}.${ts}
if [ $? -eq 0 ]
then
log "Removing old reference to xasecure setenv source ..."
cat ${DEST_SCRIPT_FILE}.${ts} > ${DEST_SCRIPT_FILE}
rm -f ${DEST_SCRIPT_FILE}.${ts}
fi
fi
grep "[ \t]*.[ \t]*${SET_ENV_SCRIPT}" ${DEST_SCRIPT_FILE} > /dev/null
if [ $? -ne 0 ]
then
log "Appending sourcing script, ${SET_ENV_SCRIPT_NAME} in the file: ${DEST_SCRIPT_FILE} "
cat >> ${DEST_SCRIPT_FILE} <<!
if [ -f ${SET_ENV_SCRIPT} ]
then
. ${SET_ENV_SCRIPT}
fi
!
else
log "INFO: ${DEST_SCRIPT_FILE} is being sourced from file: ${HCOMPONENT_CONF_DIR}/${HCOMPONENT_NAME}-env.sh "
fi
fi
fi
fi
#
# Run, the enable|disable ${COMPONENT} configurations
#
if [ -d "${PROJ_INSTALL_DIR}/install/conf.templates/${action}" ]
then
INSTALL_CP="${PROJ_INSTALL_LIB_DIR}/*"
if [ "${action}" = "enable" ]
then
echo "<ranger>\n<enabled>`date`</enabled>\n</ranger>" > ${HCOMPONENT_CONF_DIR}/ranger-security.xml
chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/ranger-security.xml
chmod a+r ${HCOMPONENT_CONF_DIR}/ranger-security.xml
for cf in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.xml
do
cfb=`basename ${cf}`
if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ]
then
log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..."
cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt}
fi
cp ${cf} ${HCOMPONENT_CONF_DIR}/
chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb}
chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb}
done
else
if [ -f ${HCOMPONENT_CONF_DIR}/ranger-security.xml ]
then
mv ${HCOMPONENT_CONF_DIR}/ranger-security.xml ${HCOMPONENT_CONF_DIR}/.ranger-security.xml.`date '+%Y%m%d%H%M%S'`
fi
fi
#
# Ensure that POLICY_CACHE_FILE_PATH is accessible
#
REPO_NAME=$(getInstallProperty 'REPOSITORY_NAME')
export POLICY_CACHE_FILE_PATH=/etc/${PROJ_NAME}/${REPO_NAME}/policycache
export CREDENTIAL_PROVIDER_FILE=/etc/${PROJ_NAME}/${REPO_NAME}/cred.jceks
if [ ! -d ${POLICY_CACHE_FILE_PATH} ]
then
mkdir -p ${POLICY_CACHE_FILE_PATH}
fi
chmod a+rx /etc/${PROJ_NAME}
chmod a+rx /etc/${PROJ_NAME}/${REPO_NAME}
chmod a+rx ${POLICY_CACHE_FILE_PATH}
chown -R ${CFG_OWNER_INF} /etc/${PROJ_NAME}/${REPO_NAME}
for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg
do
if [ -f "${f}" ]
then
fn=`basename $f`
orgfn=`echo $fn | sed -e 's:-changes.cfg:.xml:'`
fullpathorgfn="${HCOMPONENT_CONF_DIR}/${orgfn}"
if [ ! -f ${fullpathorgfn} ]
then
if [ -f ${DEFAULT_XML_CONFIG} ]
then
log "Creating default file from [${DEFAULT_XML_CONFIG}] for [${fullpathorgfn}] .."
cp ${DEFAULT_XML_CONFIG} ${fullpathorgfn}
chown ${CFG_OWNER_INF} ${fullpathorgfn}
chmod a+r ${fullpathorgfn}
else
echo "ERROR: Unable to find ${fullpathorgfn}"
exit 1
fi
fi
archivefn="${HCOMPONENT_CONF_DIR}/.${orgfn}.${dt}"
newfn="${HCOMPONENT_CONF_DIR}/.${orgfn}-new.${dt}"
log "Saving current config file: ${fullpathorgfn} to ${archivefn} ..."
cp ${fullpathorgfn} ${archivefn}
if [ $? -eq 0 ]
then
${JAVA} -cp "${INSTALL_CP}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} -p ${INSTALL_ARGS}
if [ $? -eq 0 ]
then
diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1
if [ $? -ne 0 ]
then
cat ${newfn} > ${fullpathorgfn}
fi
# For Ambari install copy the .xml to conf.server also
if [ "${ambari_hive_install}" = "Y" ]
then
fullpathorgHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/${orgfn}"
archiveHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/.${orgfn}.${dt}"
newHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/.${orgfn}-new.${dt}"
log "Saving current conf.server file: ${fullpathorgHS2fn} to ${archiveHS2fn} ..."
if [ -f ${fullpathorgHS2fn} ]
then
cp ${fullpathorgHS2fn} ${archiveHS2fn}
fi
cp ${fullpathorgfn} ${HCOMPONENT_CONF_SERVER_DIR}/${orgfn}
chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_SERVER_DIR}/${orgfn}
fi
else
echo "ERROR: Unable to make changes to config. file: ${fullpathorgfn}"
echo "exiting ...."
exit 1
fi
else
echo "ERROR: Unable to save config. file: ${fullpathorgfn} to ${archivefn}"
echo "exiting ...."
exit 1
fi
fi
done
if [ "${HCOMPONENT_NAME}" = "hbase" ] || [ "${HCOMPONENT_NAME}" = "storm" ];
then
chmod 644 ${HCOMPONENT_CONF_DIR}/*
fi
fi
#
# Create library link
#
if [ "${action}" = "enable" ]
then
dt=`date '+%Y%m%d%H%M%S'`
for f in ${PROJ_LIB_DIR}/*
do
if [ -f "${f}" ] || [ -d "${f}" ]
then
bn=`basename $f`
if [ -f ${HCOMPONENT_LIB_DIR}/${bn} ] || [ -d ${HCOMPONENT_LIB_DIR}/${bn} ]
then
log "Saving lib file: ${HCOMPONENT_LIB_DIR}/${bn} to ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} ..."
mv ${HCOMPONENT_LIB_DIR}/${bn} ${HCOMPONENT_LIB_DIR}/.${bn}.${dt}
fi
if [ ! -f ${HCOMPONENT_LIB_DIR}/${bn} ] && [ ! -d ${HCOMPONENT_LIB_DIR}/${bn} ]
then
ln -s ${f} ${HCOMPONENT_LIB_DIR}/${bn}
fi
fi
done
#
# Encrypt the password and keep it secure in Credential Provider API
#
CredFile=${CREDENTIAL_PROVIDER_FILE}
if ! [ `echo ${CredFile} | grep '^/.*'` ]
then
echo "ERROR:Please enter the Credential File Store with proper file path"
exit 1
fi
pardir=`dirname ${CredFile}`
if [ ! -d "${pardir}" ]
then
mkdir -p "${pardir}"
if [ $? -ne 0 ]
then
echo "ERROR: Unable to create credential store file path"
exit 1
fi
chmod a+rx "${pardir}"
fi
#
# Generate Credential Provider file and Credential for SSL KEYSTORE AND TRUSTSTORE
#
sslkeystoreAlias="sslKeyStore"
sslkeystoreCred=$(getInstallProperty 'SSL_KEYSTORE_PASSWORD')
create_jceks "${sslkeystoreAlias}" "${sslkeystoreCred}" "${CredFile}"
ssltruststoreAlias="sslTrustStore"
ssltruststoreCred=$(getInstallProperty 'SSL_TRUSTSTORE_PASSWORD')
create_jceks "${ssltruststoreAlias}" "${ssltruststoreCred}" "${CredFile}"
chown ${CFG_OWNER_INF} ${CredFile}
#
# To allow all users in the server (where Hive CLI and HBase CLI is used),
# user needs to have read access for the credential file.
#
chmod a+r ${CredFile}
fi
#
# Knox specific configuration
#
#
if [ "${HCOMPONENT_NAME}" = "knox" ]
then
if [ "${action}" = "enable" ]
then
authFrom="AclsAuthz"
authTo="XASecurePDPKnox"
else
authTo="AclsAuthz"
authFrom="XASecurePDPKnox"
fi
dt=`date '+%Y%m%d%H%M%S'`
for fn in `ls ${HCOMPONENT_CONF_DIR}/topologies/*.xml 2> /dev/null`
do
if [ -f "${fn}" ]
then
dn=`dirname ${fn}`
bn=`basename ${fn}`
bf=${dn}/.${bn}.${dt}
echo "backup of ${fn} to ${bf} ..."
cp ${fn} ${bf}
echo "Updating topology file: [${fn}] ... "
cat ${fn} | sed -e "s-<name>${authFrom}</name>-<name>${authTo}</name>-" > ${fn}.${dt}.new
if [ $? -eq 0 ]
then
cat ${fn}.${dt}.new > ${fn}
rm ${fn}.${dt}.new
fi
fi
done
fi
if [ "${HCOMPONENT_NAME}" = "storm" ]
then
CFG_FILE=${HCOMPONENT_CONF_DIR}/storm.yaml
ARCHIVE_FILE=${HCOMPONENT_CONF_DIR}/.storm.yaml.`date '+%Y%m%d%H%M%S'`
if [ -f "${CFG_FILE}" ]
then
cp ${CFG_FILE} ${ARCHIVE_FILE}
if [ "${action}" = "enable" ]
then
awk -F: 'BEGIN {
configured = 0 ;
}
{
if ($1 == "nimbus.authorizer") {
if ($2 ~ /^[ \t]*"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer"[ \t]*$/) {
configured = 1 ;
printf("%s\n",$0) ;
}
else {
printf("#%s\n",$0);
printf("nimbus.authorizer: \"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer\"\n") ;
configured = 1 ;
}
}
else {
printf("%s\n",$0) ;
}
}
END {
if (configured == 0) {
printf("nimbus.authorizer: \"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer\"\n") ;
}
}' ${CFG_FILE} > ${CFG_FILE}.new && cat ${CFG_FILE}.new > ${CFG_FILE} && rm -f ${CFG_FILE}.new
else
awk -F: 'BEGIN {
configured = 0 ;
}
{
if ($1 == "nimbus.authorizer") {
if ($2 ~ /^[ \t]*"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer"[ \t]*$/) {
configured = 1 ;
printf("%s\n",$0) ;
}
else {
printf("#%s\n",$0);
printf("nimbus.authorizer: \"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer\"\n") ;
configured = 1 ;
}
}
else {
printf("%s\n",$0) ;
}
}
END {
if (configured == 0) {
printf("nimbus.authorizer: \"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer\"\n") ;
}
}' ${CFG_FILE} > ${CFG_FILE}.new && cat ${CFG_FILE}.new > ${CFG_FILE} && rm -f ${CFG_FILE}.new
fi
fi
fi
#Check Properties whether in File, return code 1 if not exist
#$1 -> propertyName; $2 -> fileName
checkPropertyInFile(){
validate=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f1-) # for validation
if test -z "$validate" ; then return 1; fi
}
#Add Properties to File
#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName
addPropertyToFile(){
echo "$1=$2">>$3
validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
if test -z "$validate" ; then log "[E] Failed to add properties '$1' to $3 file!"; exit 1; fi
echo "Property $1 added successfully with : '$2'"
}
#Update Properties to File
#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName
updatePropertyToFile(){
sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
echo "Property $1 updated successfully with : '$2'"
}
#Add or Update Properties to File
#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName
addOrUpdatePropertyToFile(){
checkPropertyInFile $1 $3
if [ $? -eq 1 ]
then
addPropertyToFile $1 $2 $3
else
updatePropertyToFile $1 $2 $3
fi
}
if [ "${HCOMPONENT_NAME}" = "atlas" ]
then
if [ "${action}" = "enable" ]
then
authName="org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer"
else
authName="org.apache.atlas.authorize.SimpleAtlasAuthorizer"
fi
dt=`date '+%Y%m%d%H%M%S'`
fn=`ls ${HCOMPONENT_CONF_DIR}/atlas-application.properties 2> /dev/null`
if [ -f "${fn}" ]
then
dn=`dirname ${fn}`
bn=`basename ${fn}`
bf=${dn}/.${bn}.${dt}
echo "backup of ${fn} to ${bf} ..."
cp ${fn} ${bf}
echo "Updating properties file: [${fn}] ... "
updatePropertyToFile atlas.authorizer.impl $authName ${fn}
fi
fi
if [ "${HCOMPONENT_NAME}" = "sqoop" ]
then
if [ "${action}" = "enable" ]
then
authName="org.apache.ranger.authorization.sqoop.authorizer.RangerSqoopAuthorizer"
else
authName=""
fi
dt=`date '+%Y%m%d%H%M%S'`
fn=`ls ${HCOMPONENT_CONF_DIR}/sqoop.properties 2> /dev/null`
if [ -f "${fn}" ]
then
dn=`dirname ${fn}`
bn=`basename ${fn}`
bf=${dn}/.${bn}.${dt}
echo "backup of ${fn} to ${bf} ..."
cp ${fn} ${bf}
echo "Add or Update properties file: [${fn}] ... "
addOrUpdatePropertyToFile org.apache.sqoop.security.authorization.validator $authName ${fn}
fi
fi
if [ "${HCOMPONENT_NAME}" = "kylin" ]
then
if [ "${action}" = "enable" ]
then
authName="org.apache.ranger.authorization.kylin.authorizer.RangerKylinAuthorizer"
else
authName=""
fi
dt=`date '+%Y%m%d%H%M%S'`
fn=`ls ${HCOMPONENT_CONF_DIR}/kylin.properties 2> /dev/null`
if [ -f "${fn}" ]
then
dn=`dirname ${fn}`
bn=`basename ${fn}`
bf=${dn}/.${bn}.${dt}
echo "backup of ${fn} to ${bf} ..."
cp ${fn} ${bf}
echo "Add or Update properties file: [${fn}] ... "
addOrUpdatePropertyToFile kylin.server.external-acl-provider $authName ${fn}
fi
fi
if [ "${HCOMPONENT_NAME}" = "presto" ]
then
if [ "${action}" = "enable" ]
then
controlName="ranger"
else
controlName=""
fi
dt=`date '+%Y%m%d%H%M%S'`
fn=`ls ${HCOMPONENT_CONF_DIR}/access-control.properties 2> /dev/null`
if [ -f "${fn}" ]
then
dn=`dirname ${fn}`
bn=`basename ${fn}`
bf=${dn}/.${bn}.${dt}
echo "backup of ${fn} to ${bf} ..."
cp ${fn} ${bf}
else
fn=${HCOMPONENT_CONF_DIR}/access-control.properties
fi
echo "Add or Update properties file: [${fn}] ... "
addOrUpdatePropertyToFile access-control.name $controlName ${fn}
echo "Linking config files"
cd ${HCOMPONENT_LIB_DIR}/ranger-presto-plugin-impl/
ln -sf ${HCOMPONENT_CONF_DIR} conf
fi
#
# Set notice to restart the ${HCOMPONENT_NAME}
#
echo "Ranger Plugin for ${HCOMPONENT_NAME} has been ${action}d. Please restart ${HCOMPONENT_NAME} to ensure that changes are effective."
exit 0