Google Git
Sign in
apache / ranger / master / . / dev-support / ranger-docker / scripts / ranger-kms-install-oracle.properties
blob: 33097eb4046d1f72816178dd5817fb4284ac4730 [file] [log] [blame]
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file provides a list of the deployment variables for the Ranger KMS Web Application
#
PYTHON_COMMAND_INVOKER=python3
DB_FLAVOR=ORACLE
SQL_CONNECTOR_JAR=/usr/share/java/oracle.jar
db_root_user=system
db_root_password=rangerR0cks!
db_host=ranger-db:1521/FREEPDB1
db_name=rangerkms
db_user=rangerkms
db_password=rangerR0cks!
mysql_core_file=db/mysql/kms_core_db.sql
postgres_core_file=db/postgres/kms_core_db_postgres.sql
oracle_core_file=db/oracle/kms_core_db_oracle.sql
#SSL config
db_ssl_enabled=false
db_ssl_required=false
db_ssl_verifyServerCertificate=false
#db_ssl_auth_type=1-way|2-way, where 1-way represents standard one way ssl authentication and 2-way represents mutual ssl authentication
db_ssl_auth_type=2-way
javax_net_ssl_keyStore=
javax_net_ssl_keyStorePassword=
javax_net_ssl_trustStore=
javax_net_ssl_trustStorePassword=
javax_net_ssl_trustStore_type=jks
javax_net_ssl_keyStore_type=jks
# For postgresql db
db_ssl_certificate_file=
#For over-riding the jdbc url.
is_override_db_connection_string=false
db_override_connection_string=
#------------------------- DB CONFIG - END ----------------------------------
#KMS Server config
ranger_kms_http_enabled=true
ranger_kms_https_keystore_file=
ranger_kms_https_keystore_keyalias=rangerkms
ranger_kms_https_keystore_password=
#------------------------- RANGER KMS Install Dir ------------------
COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms
#------------------------- RANGER KMS Master Key Crypt Key ------------------
KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd
#------------------------- Ranger KMS Kerberos Configuration ---------------------------
kms_principal=
kms_keytab=
hadoop_conf=
#------------------------- Ranger KMS HSM CONFIG ------------------------------
HSM_TYPE=LunaProvider
HSM_ENABLED=false
HSM_PARTITION_NAME=par19
HSM_PARTITION_PASSWORD=S@fenet123
#------------------------- Ranger SAFENET KEYSECURE CONFIG ------------------------------
KEYSECURE_ENABLED=false
KEYSECURE_USER_PASSWORD_AUTHENTICATION=true
KEYSECURE_MASTERKEY_NAME=safenetkeysecure
KEYSECURE_USERNAME=user1
KEYSECURE_PASSWORD=t1e2s3t4
KEYSECURE_HOSTNAME=SunPKCS11-keysecurehn
KEYSECURE_MASTER_KEY_SIZE=256
KEYSECURE_LIB_CONFIG_PATH=/opt/safenetConf/64/8.3.1/sunpkcs11.cfg
#------------------------- Ranger Azure Key Vault ------------------------------
AZURE_KEYVAULT_ENABLED=false
AZURE_KEYVAULT_SSL_ENABLED=false
AZURE_CLIENT_ID=50fd7ca6-fd4f-4785-a13f-1a6cc4e95e42
AZURE_CLIENT_SECRET=<AzureKeyVaultPassword>
AZURE_AUTH_KEYVAULT_CERTIFICATE_PATH=/home/machine/Desktop/azureAuthCertificate/keyvault-MyCert.pfx
# Initialize below prop if your certificate file has any password
#AZURE_AUTH_KEYVAULT_CERTIFICATE_PASSWORD=certPass
AZURE_MASTERKEY_NAME=RangerMasterKey
# E.G. RSA, RSA_HSM, EC, EC_HSM, OCT
AZURE_MASTER_KEY_TYPE=RSA
# E.G. RSA_OAEP, RSA_OAEP_256, RSA1_5, RSA_OAEP
ZONE_KEY_ENCRYPTION_ALGO=RSA_OAEP
AZURE_KEYVAULT_URL=https://shahkeyvault.vault.azure.net/
#------------------------- Ranger Google Cloud HSM ------------------------------
IS_GCP_ENABLED=false
GCP_KEYRING_ID=
GCP_CRED_JSON_FILE=/full/path/to/credfile.json
GCP_PROJECT_ID=
GCP_LOCATION_ID=
GCP_MASTER_KEY_NAME=MyMasterKeyNameChangeIt
#------------------------- Ranger Tencent KMS ------------------------------
TENCENT_KMS_ENABLED=false
TENCENT_MASTERKEY_ID=b756b016-6e11-11ec-a735-525400fe0300
TENCENT_CLIENT_ID=AKIDrXx6ybx2qNdiaBWaNs76pGQJvFJ6crpW
TENCENT_CLIENT_SECRET=<TencentSecretKey>
TENCENT_CLIENT_REGION=ap-beijing
# ------- UNIX User CONFIG ----------------
#
unix_user=rangerkms
unix_user_pwd=kms
unix_group=ranger
# Following variables are referenced in db_setup.py. Do not remove these
sqlserver_core_file=
sqlanywhere_core_file=
cred_keystore_filename=
#
# ------- UNIX User CONFIG - END ----------------
#
POLICY_MGR_URL=http://ranger:6080
REPOSITORY_NAME=dev_kms
# AUDIT configuration with V3 properties
XAAUDIT.SOLR.IS_ENABLED=true
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://ranger-solr:8983/solr/ranger_audits
XAAUDIT.SUMMARY.ENABLE=true
# Following properties are needed to get past installation script! Please don't remove
XAAUDIT.HDFS.IS_ENABLED=false
XAAUDIT.HDFS.DESTINATION_DIRECTORY=/ranger/audit
XAAUDIT.HDFS.DESTINTATION_FILE=hive
XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/hive/audit
XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/hive/audit/archive
XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://ranger-solr:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
XAAUDIT.SOLR.ZOOKEEPER=NONE
XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool
XAAUDIT.ELASTICSEARCH.ENABLE=false
XAAUDIT.ELASTICSEARCH.URL=NONE
XAAUDIT.ELASTICSEARCH.USER=NONE
XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
XAAUDIT.ELASTICSEARCH.INDEX=NONE
XAAUDIT.ELASTICSEARCH.PORT=NONE
XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
XAAUDIT.HDFS.ENABLE=true
XAAUDIT.HDFS.HDFS_DIR=hdfs://ranger-hadoop:9000/ranger/audit
XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool
XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
XAAUDIT.LOG4J.ENABLE=false
XAAUDIT.LOG4J.IS_ASYNC=false
XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
XAAUDIT.LOG4J.DESTINATION.LOG4J=false
XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
# Custom log directory path
RANGER_KMS_LOG_DIR=/var/log/ranger/kms
#PID file path
RANGER_KMS_PID_DIR_PATH=/var/run/ranger_kms
# ################# DO NOT MODIFY ANY VARIABLES BELOW #########################
#
# --- These deployment variables are not to be modified unless you understand the full impact of the changes
#
################################################################################
KMS_DIR=$PWD
app_home=$PWD/ews/webapp
TMPFILE=$PWD/.fi_tmp
LOGFILE=$PWD/logfile
JAVA_BIN='java'
JAVA_VERSION_REQUIRED='1.8'
JAVA_ORACLE='Java(TM) SE Runtime Environment'
cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks
KMS_BLACKLIST_DECRYPT_EEK=hdfs