Google Git
Sign in
apache / ranger / refs/heads/ranger-1.0 / . / security-admin / scripts / db_setup.py
blob: 1689e5dce33992c3b07c5d43abede3e35f1716a1 [file] [log] [blame]
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. See accompanying LICENSE file.
#
import os
import re
import sys
import errno
import shlex
import platform
import logging
import subprocess
import fileinput
from os.path import basename
from subprocess import Popen,PIPE
from datetime import date
import time
import datetime
from time import gmtime, strftime
import socket
globalDict = {}
os_name = platform.system()
os_name = os_name.upper()
ranger_version=''
jisql_debug=True
retryPatchAfterSeconds=120
is_unix = os_name == "LINUX" or os_name == "DARWIN"
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
if RANGER_ADMIN_HOME is None:
RANGER_ADMIN_HOME = os.getcwd()
if socket.getfqdn().find('.')>=0:
client_host=socket.getfqdn()
else:
client_host=socket.gethostbyaddr(socket.gethostname())[0]
RANGER_ADMIN_CONF = os.getenv("RANGER_ADMIN_CONF")
if RANGER_ADMIN_CONF is None:
if is_unix:
RANGER_ADMIN_CONF = RANGER_ADMIN_HOME
elif os_name == "WINDOWS":
RANGER_ADMIN_CONF = os.path.join(RANGER_ADMIN_HOME,'bin')
def check_output(query):
if is_unix:
p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE)
elif os_name == "WINDOWS":
p = subprocess.Popen(query, stdout=subprocess.PIPE, shell=True)
output = p.communicate ()[0]
return output
def log(msg,type):
if type == 'info':
logging.info(" %s",msg)
if type == 'debug':
logging.debug(" %s",msg)
if type == 'warning':
logging.warning(" %s",msg)
if type == 'exception':
logging.exception(" %s",msg)
if type == 'error':
logging.error(" %s",msg)
def populate_global_dict():
global globalDict
if is_unix:
read_config_file = open(os.path.join(RANGER_ADMIN_CONF,'install.properties'))
elif os_name == "WINDOWS":
read_config_file = open(os.path.join(RANGER_ADMIN_CONF,'install_config.properties'))
library_path = os.path.join(RANGER_ADMIN_HOME,"cred","lib","*")
for each_line in read_config_file.read().split('\n') :
each_line = each_line.strip();
if len(each_line) == 0:
continue
elif each_line[0] == "#":
continue
if re.search('=', each_line):
key , value = each_line.split("=",1)
key = key.strip()
if 'PASSWORD' in key:
jceks_file_path = os.path.join(RANGER_ADMIN_HOME, 'jceks','ranger_db.jceks')
#statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
#if statuscode == 1:
value = ''
value = value.strip()
globalDict[key] = value
def jisql_log(query, db_password):
if jisql_debug == True:
if os_name == "WINDOWS":
query = query.replace(' -p "'+db_password+'"' , ' -p "********"')
log("[JISQL] "+query, "info")
else:
query = query.replace(" -p '"+db_password+"'" , " -p '********'")
log("[JISQL] "+query, "info")
def password_validation(password):
if password:
if re.search("[\\\`'\"]",password):
log("[E] password contains one of the unsupported special characters like \" ' \ `","error")
sys.exit(1)
def subprocessCallWithRetry(query):
retryCount=1
returnCode = subprocess.call(query)
while returnCode!=0:
retryCount=retryCount+1
time.sleep(1)
log("[I] SQL statement execution Failed!! retrying attempt "+str(retryCount)+" of total 3" ,"info")
returnCode = subprocess.call(query)
if(returnCode!=0 and retryCount>=3):
break
return returnCode
def dbversionBasedOnUserName(userName):
version = ""
if userName == "admin" :
version = 'DEFAULT_ADMIN_UPDATE'
if userName == "rangerusersync" :
version = 'DEFAULT_RANGER_USERSYNC_UPDATE'
if userName == "rangertagsync" :
version = 'DEFAULT_RANGER_TAGSYNC_UPDATE'
if userName == "keyadmin" :
version = 'DEFAULT_KEYADMIN_UPDATE'
return version
class BaseDB(object):
def check_connection(self, db_name, db_user, db_password):
log("[I] ---------- Verifying DB connection ----------", "info")
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
log("[I] ---------- Verifying table ----------", "info")
def import_db_file(self, db_name, db_user, db_password, file_name):
log("[I] Importing DB file :"+file_name, "info")
def create_version_history_table(self, db_name, db_user, db_password, DBVERSION_CATALOG_CREATION,TABLE_NAME):
log("[I] Creating version and patch history info table", "info")
def apply_patches(self, db_name, db_user, db_password, PATCHES_PATH):
#first get all patches and then apply each patch
if not os.path.exists(PATCHES_PATH):
log("[I] No patches to apply!","info")
else:
# files: coming from os.listdir() sorted alphabetically, thus not numerically
files = os.listdir(PATCHES_PATH)
if files:
sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
for filename in sorted_files:
currentPatch = os.path.join(PATCHES_PATH, filename)
self.import_db_patches(db_name, db_user, db_password, currentPatch)
self.update_applied_patches_status(db_name, db_user, db_password, "DB_PATCHES")
else:
log("[I] No patches to apply!","info")
def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] ----------------- Audit DB operations ------------", "info")
def apply_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, PATCHES_PATH, TABLE_NAME):
#first get all patches and then apply each patch
if not os.path.exists(PATCHES_PATH):
log("[I] No patches to apply!","info")
else:
# files: coming from os.listdir() sorted alphabetically, thus not numerically
files = os.listdir(PATCHES_PATH)
if files:
sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
for filename in sorted_files:
currentPatch = os.path.join(PATCHES_PATH, filename)
self.import_auditdb_patches(xa_sqlObj, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, currentPatch, TABLE_NAME)
else:
log("[I] No patches to apply!","info")
def execute_java_patches(xa_db_host, db_user, db_password, db_name):
log("[I] ----------------- Executing java patches ------------", "info")
def create_synonym(db_name, db_user, db_password,audit_db_user):
log("[I] ----------------- Creating Synonym ------------", "info")
def change_admin_default_password(xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
log("[I] ----------------- Changing Ranger "+ userName +" default password ------------", "info")
def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
log("[I] ---------- Importing Core DB Schema ----------", "info")
class MysqlConf(BaseDB):
# Constructor
def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
self.db_ssl_enabled=db_ssl_enabled.lower()
self.db_ssl_required=db_ssl_required.lower()
self.db_ssl_verifyServerCertificate=db_ssl_verifyServerCertificate.lower()
self.db_ssl_auth_type=db_ssl_auth_type.lower()
self.javax_net_ssl_keyStore=javax_net_ssl_keyStore
self.javax_net_ssl_keyStorePassword=javax_net_ssl_keyStorePassword
self.javax_net_ssl_trustStore=javax_net_ssl_trustStore
self.javax_net_ssl_trustStorePassword=javax_net_ssl_trustStorePassword
def get_jisql_cmd(self, user, password ,db_name):
path = RANGER_ADMIN_HOME
db_ssl_param=''
db_ssl_cert_param=''
if self.db_ssl_enabled == 'true':
db_ssl_param="?useSSL=%s&requireSSL=%s&verifyServerCertificate=%s" %(self.db_ssl_enabled,self.db_ssl_required,self.db_ssl_verifyServerCertificate)
if self.db_ssl_verifyServerCertificate == 'true':
if self.db_ssl_auth_type == '1-way':
db_ssl_cert_param=" -Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " %(self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
else:
db_ssl_cert_param=" -Djavax.net.ssl.keyStore=%s -Djavax.net.ssl.keyStorePassword=%s -Djavax.net.ssl.trustStore=%s -Djavax.net.ssl.trustStorePassword=%s " %(self.javax_net_ssl_keyStore,self.javax_net_ssl_keyStorePassword,self.javax_net_ssl_trustStore,self.javax_net_ssl_trustStorePassword)
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
jisql_cmd = "%s %s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR,path,self.host,db_name,db_ssl_param,user,password)
elif os_name == "WINDOWS":
jisql_cmd = "%s %s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s%s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN,db_ssl_cert_param,self.SQL_CONNECTOR_JAR, path, self.host, db_name, db_ssl_param,user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection..", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"SELECT version();\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT version();\" -c ;"
jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Checking connection passed.", "info")
return True
else:
log("[E] Can't establish connection!! Exiting.." ,"error")
log("[I] Please run DB setup first or contact Administrator.." ,"info")
sys.exit(1)
def grant_audit_db_user(self, db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME):
hosts_arr =["%", "localhost"]
hosts_arr.append(self.host)
for host in hosts_arr:
log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on '" + audit_db_name+"'-------------" , "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if is_unix:
query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON %s.%s TO '%s'@'%s';\" -c ;" %(audit_db_name,TABLE_NAME,audit_db_user,host)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret == 0:
log("[I] Granting privileges to '" + audit_db_user+"' done on '"+ audit_db_name+"'", "info")
else:
log("[E] Granting privileges to '" +audit_db_user+"' failed on '" + audit_db_name+"'", "error")
sys.exit(1)
def import_db_file(self, db_name, db_user, db_password, file_name):
isImported=False
name = basename(file_name)
if os.path.isfile(file_name):
log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " file imported successfully","info")
isImported=True
else:
log("[E] "+name + " file import failed!","error")
else:
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
return isImported
def import_db_patches(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
sys.exit(1)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret!=0:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
ret=0
log("[I] Patch "+ name +" has been applied by some other process!" ,"info")
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == True:
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info")
get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
sys.exit(1)
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if is_unix:
query = get_cmd2 + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
else:
log("[I] Table XA_ACCESS_AUDIT does not exists in " +audit_db_name,"error")
sys.exit(1)
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"show tables like '%s';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"show tables like '%s';\" -c ;" %(TABLE_NAME)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table " + TABLE_NAME +" already exists in database '" + db_name + "'","info")
return True
else:
log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name + "","info")
return False
def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check ranger user connection ---------","info")
self.check_connection(audit_db_name, db_user, db_password)
log("[I] --------- Check audit table exists --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name ,db_user, db_password, file_name)
self.grant_audit_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
my_dict = {}
version = ""
className = ""
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
for filename in files:
f = re.match("^Patch.*?.class$",filename)
if f:
version = re.match("Patch.*?_(.*).class",filename)
version = version.group(1)
key3 = int(version.strip("J"))
my_dict[key3] = filename
keylist = my_dict.keys()
keylist.sort()
for key in keylist:
#print "%s: %s" % (key, my_dict[key])
version = str(key)
className = my_dict[key]
className = className.strip(".class")
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Java patch "+ className +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Java patch "+ className +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is being applied..","info")
else:
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
ret = subprocess.call(get_java_cmd)
if ret == 0:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is applied..","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] applying java patch "+ className +" failed", "error")
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
my_dict = {}
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
if os.path.exists(filePath):
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Ranger "+ userName +" default password has already been changed!!","info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Ranger Password change utility is being executed by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Ranger "+ userName +" default password change request is in process..","info")
else:
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
status = subprocess.call(get_java_cmd)
if status == 0 or status==2:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0 and status == 0:
log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
elif ret == 0 and status == 2:
log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
if isTableExist==False:
log("[I] Importing "+table_name+" table schema to database " + db_name + " from file: " + name,"info")
while(isTableExist==False):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " file imported successfully","info")
else:
log("[E] "+name + " file import failed!","error")
time.sleep(30)
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
else:
log("[E] Table schema file " + name+ " not found","error")
sys.exit(1)
def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
version = 'CORE_DB_SCHEMA'
if os.path.isfile(file_name):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] "+version+" is already imported" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" import failed", "error")
sys.exit(1)
isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist = self.check_table(db_name, db_user, db_password, last_table)
isSchemaCreated=False
if isFirstTableExist == True and isLastTableExist == True :
isSchemaCreated=True
elif isFirstTableExist == False and isLastTableExist == False :
isImported=self.import_db_file(db_name, db_user, db_password, file_name)
if(isImported==False):
log("[I] "+ version +" might being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isLastTableExist==True):
isSchemaCreated=True
elif isFirstTableExist == False or isLastTableExist == False :
while(isFirstTableExist == False or isLastTableExist==False):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isFirstTableExist=self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isFirstTableExist==True and isLastTableExist==True):
isSchemaCreated=True
if isSchemaCreated == True:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+version +" import status has been updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating "+version +" import status failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+version + " import failed!","error")
sys.exit(1)
def hasPendingPatches(self, db_name, db_user, db_password, version):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active='Y';\"" %(version,ranger_version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active='Y';\" -c ;" %(version,ranger_version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
return False
else:
return True
def update_applied_patches_status(self,db_name, db_user, db_password,version):
if self.hasPendingPatches(db_name, db_user, db_password,version) == True:
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','Y') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','Y') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" status entry to x_db_version_h table failed", "error")
sys.exit(1)
else:
log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
class OracleConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN):
self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom "
#if self.host.count(":") == 2:
if self.host.count(":") == 2 or self.host.count(":") == 0:
#jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
cstring="jdbc:oracle:thin:@%s" %(self.host)
else:
#jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
cstring="jdbc:oracle:thin:@//%s" %(self.host)
if is_unix:
jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select * from v$version;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from v$version;\" -c ;"
jisql_log(query, db_password)
output = check_output(query)
if output.strip('Production |'):
log("[I] Connection success", "info")
return True
else:
log("[E] Can't establish connection!", "error")
sys.exit(1)
def grant_audit_db_user(self, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;\" -c ;" % (db_user,audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0:
sys.exit(1)
if is_unix:
query = get_cmd + " -c \; -query 'GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;'" % (db_user,audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON %s.XA_ACCESS_AUDIT TO %s;\" -c ;" % (db_user,audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0:
sys.exit(1)
def import_db_file(self, db_name, db_user, db_password, file_name):
isImported=False
name = basename(file_name)
if os.path.isfile(file_name):
log("[I] Importing script " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -input %s -c \;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " imported successfully","info")
isImported=True
else:
log("[E] "+name + " import failed!","error")
else:
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
return isImported
def create_synonym(self,db_name, db_user, db_password,audit_db_user):
log("[I] ----------------- Creating Synonym ------------", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;'" % (audit_db_user,db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT FOR %s.XA_ACCESS_AUDIT;\" -c ;" % (audit_db_user,db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0:
sys.exit(1)
if is_unix:
query = get_cmd + " -c \; -query 'CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;'" % (audit_db_user,db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE OR REPLACE SYNONYM %s.XA_ACCESS_AUDIT_SEQ FOR %s.XA_ACCESS_AUDIT_SEQ;\" -c ;" % (audit_db_user,db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0:
sys.exit(1)
def import_db_patches(self, db_name, db_user, db_password, file_name):
if os.path.isfile(file_name):
name = basename(file_name)
version = name.split('-')[0]
log("[I] Executing patch on " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
if is_unix:
query = get_cmd + " -input %s -c /" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c /" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
ret=0
log("[I] Patch "+ name +" has been applied by some other process!" ,"info")
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " Import failed!","error")
sys.exit(1)
def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
output = self.check_table(db_name, db_user, db_password, TABLE_NAME)
if output == True:
if os.path.isfile(file_name):
name = basename(file_name)
version = name.split('-')[0]
log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info")
get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version +" |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd1 + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
get_cmd2 = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd2 + " -input %s -c /" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s -c /" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd1 + " -c \; -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd1 + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd1 + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " Import failed!","error")
sys.exit(1)
else:
log("[I] Patch file not found","error")
sys.exit(1)
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
get_cmd = self.get_jisql_cmd(db_user ,db_password)
if is_unix:
query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'"
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;"
jisql_log(query, db_password)
output = check_output(query).strip()
output = output.strip(' |')
db_name = db_name.upper()
if output == db_name:
log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info")
log("[I] Verifying table " + TABLE_NAME +" in tablespace " + db_name, "info")
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\"" %(db_name ,TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('%s') and UPPER(table_name)=UPPER('%s');\" -c ;" %(db_name ,TABLE_NAME)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME.upper() + ' |'):
log("[I] Table " + TABLE_NAME +" already exists in tablespace " + db_name + "","info")
return True
else:
log("[I] Table " + TABLE_NAME +" does not exist in tablespace " + db_name + "","info")
return False
else:
log("[E] "+db_user + " user already assigned to some other tablespace , provide different DB name.","error")
sys.exit(1)
def auditdb_operation(self, xa_db_host , audit_db_host , db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check admin user connection ---------","info")
self.check_connection(db_name, db_user, db_password)
log("[I] --------- Check audit user connection ---------","info")
self.check_connection(audit_db_name, audit_db_user, audit_db_password)
log("[I] --------- Check table ---------","info")
if self.check_table(db_name, db_user, db_password, TABLE_NAME):
pass
else:
self.import_db_file(audit_db_name, db_user, db_password ,file_name)
log("[I] ---------------Granting privileges TO '"+ audit_db_user + "' on audit table-------------" , "info")
self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
my_dict = {}
version = ""
className = ""
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
for filename in files:
f = re.match("^Patch.*?.class$",filename)
if f:
className = re.match("(Patch.*?)_.*.class",filename)
className = className.group(1)
version = re.match("Patch.*?_(.*).class",filename)
version = version.group(1)
key3 = int(version.strip("J"))
my_dict[key3] = filename
keylist = my_dict.keys()
keylist.sort()
for key in keylist:
#print "%s: %s" % (key, my_dict[key])
version = str(key)
className = my_dict[key]
className = className.strip(".class")
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] java patch "+ className +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
#Fix to handle Ranger Upgrade failure for Oracle DB flavor
if is_unix:
queryUpgradeCaseCheck = get_cmd + " -c \; -query \"select version from x_db_version_h where version = 'J%s' and active = 'N' and inst_by!='%s';\"" %(version,ranger_version)
elif os_name == "WINDOWS":
queryUpgradeCaseCheck = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N' and inst_by!='%s';\" -c ;" %(version,ranger_version)
jisql_log(queryUpgradeCaseCheck, db_password)
outputUpgradeCaseCheck = check_output(queryUpgradeCaseCheck)
if outputUpgradeCaseCheck.strip(version + " |"):
if is_unix:
queryUpdate = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and inst_by!='%s';\"" %(version, ranger_version)
jisql_log(queryUpdate, db_password)
retUpdate = subprocess.call(shlex.split(queryUpdate))
elif os_name == "WINDOWS":
queryUpdate = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and inst_by!='%s';\" -c ;" %(version, ranger_version)
jisql_log(queryUpdate, db_password)
retUpdate = subprocess.call(queryUpdate)
if retUpdate == 0:
log ("[I] java patch "+ className +" status has been updated..","info")
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
#End of Upgrade failure fix
while(output.strip(version + " |")):
log("[I] Java patch "+ className +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'J%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'J%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is being applied..","info")
else:
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Djava.security.egd=file:///dev/urandom -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
ret = subprocess.call(get_java_cmd)
if ret == 0:
if is_unix:
query = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\"" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is applied..","info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\"" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] applying java patch "+ className +" failed", "error")
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
my_dict = {}
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
if os.path.exists(filePath):
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Ranger "+ userName +" default password has already been changed!!","info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Ranger Password change utility is being executed by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Ranger "+ userName +" default password change request is in process..","info")
else:
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
status = subprocess.call(get_java_cmd)
if status == 0 or status==2:
if is_unix:
query = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0 and status == 0:
log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
elif ret == 0 and status == 2:
log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
if isTableExist==False:
log("[I] Importing "+table_name+" table schema from file: " + name,"info")
while(isTableExist==False):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -input %s -c \;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " file imported successfully","info")
else:
log("[E] "+name + " file import failed!","error")
time.sleep(30)
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
else:
log("[E] Table schema file " + name+ " not found","error")
sys.exit(1)
def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
version = 'CORE_DB_SCHEMA'
if os.path.isfile(file_name):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] "+version+" is already imported" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" import failed", "error")
sys.exit(1)
isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist = self.check_table(db_name, db_user, db_password, last_table)
isSchemaCreated=False
if isFirstTableExist == True and isLastTableExist == True :
isSchemaCreated=True
elif isFirstTableExist == False and isLastTableExist == False :
isImported=self.import_db_file(db_name, db_user, db_password, file_name)
if(isImported==False):
log("[I] "+ version +" might being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isLastTableExist==True):
isSchemaCreated=True
elif isFirstTableExist == False or isLastTableExist == False :
while(isFirstTableExist==False or isLastTableExist == False):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isFirstTableExist=self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isFirstTableExist==True and isLastTableExist==True):
isSchemaCreated=True
if isSchemaCreated == True:
if is_unix:
query = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+version +" import status has been updated", "info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating "+version +" import status failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+version + " import failed!","error")
sys.exit(1)
def hasPendingPatches(self, db_name, db_user, db_password, version):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\"" %(version,ranger_version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\" -c ;" %(version,ranger_version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
return False
else:
return True
def update_applied_patches_status(self,db_name, db_user, db_password,version):
if self.hasPendingPatches(db_name, db_user, db_password,version) == True:
get_cmd = self.get_jisql_cmd(db_user, db_password)
if is_unix:
query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','Y');\"" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','Y');\" -c ;" %(version, ranger_version, client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" status entry to x_db_version_h table failed", "error")
sys.exit(1)
else:
log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
class PostgresConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] connection success", "info")
return True
else:
log("[E] Can't establish connection", "error")
sys.exit(1)
def import_db_file(self, db_name, db_user, db_password, file_name):
isImported=False
name = basename(file_name)
if os.path.isfile(file_name):
log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
isImported=True
else:
log("[E] "+name + " DB schema import failed!","error")
else:
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
return isImported
def grant_audit_db_user(self, audit_db_name , db_user, audit_db_user, db_password, audit_db_password):
log("[I] Granting permission to " + audit_db_user, "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name)
log("[I] Granting select and usage privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT_SEQ", "info")
if is_unix:
query = get_cmd + " -query 'GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;'" % (audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT SELECT,USAGE ON XA_ACCESS_AUDIT_SEQ TO %s;\" -c ;" % (audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0:
log("[E] Granting select privileges to Postgres user '" + audit_db_user + "' failed", "error")
sys.exit(1)
log("[I] Granting insert privileges to Postgres audit user '" + audit_db_user + "' on XA_ACCESS_AUDIT table", "info")
if is_unix:
query = get_cmd + " -query 'GRANT INSERT ON XA_ACCESS_AUDIT TO %s;'" % (audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON XA_ACCESS_AUDIT TO %s;\" -c ;" % (audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0:
log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error")
sys.exit(1)
def create_language_plpgsql(self,db_user, db_password, db_name):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\" -c ;"
jisql_log(query, db_password)
output = check_output(query)
if not output.strip('1 |'):
if is_unix:
query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\""
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\" -c ;"
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret == 0:
log("[I] LANGUAGE plpgsql created successfully", "info")
else:
log("[E] LANGUAGE plpgsql creation failed", "error")
sys.exit(1)
def import_db_patches(self, db_name, db_user, db_password, file_name):
self.create_language_plpgsql(db_user, db_password, db_name)
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
ret=0
log("[I] Patch "+ name +" has been applied by some other process!" ,"info")
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
self.create_language_plpgsql(db_user, db_password, audit_db_name)
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == True:
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info")
get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if is_unix:
query = get_cmd2 + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
else:
log("[I] Table XA_ACCESS_AUDIT does not exists in " +audit_db_name,"error")
sys.exit(1)
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
log("[I] Verifying table " + TABLE_NAME +" in database " + db_name, "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\"" %(db_name , TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select * from (select table_name from information_schema.tables where table_catalog='%s' and table_name = '%s') as temp;\" -c ;" %(db_name , TABLE_NAME)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME +" |"):
log("[I] Table " + TABLE_NAME +" already exists in database " + db_name, "info")
return True
else:
log("[I] Table " + TABLE_NAME +" does not exist in database " + db_name, "info")
return False
def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check admin user connection ---------","info")
self.check_connection(audit_db_name, db_user, db_password)
log("[I] --------- Check audit user connection ---------","info")
self.check_connection(audit_db_name, audit_db_user, audit_db_password)
log("[I] --------- Check table ---------","info")
output = self.check_table(audit_db_name, audit_db_user, audit_db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name, db_user, db_password, file_name)
self.grant_audit_db_user(audit_db_name ,db_user, audit_db_user, db_password,audit_db_password)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
my_dict = {}
version = ""
className = ""
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
for filename in files:
f = re.match("^Patch.*?.class$",filename)
if f:
className = re.match("(Patch.*?)_.*.class",filename)
className = className.group(1)
version = re.match("Patch.*?_(.*).class",filename)
version = version.group(1)
key3 = int(version.strip("J"))
my_dict[key3] = filename
keylist = my_dict.keys()
keylist.sort()
for key in keylist:
#print "%s: %s" % (key, my_dict[key])
version = str(key)
className = my_dict[key]
className = className.strip(".class")
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Java patch "+ className +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Java patch "+ className +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is being applied..","info")
else:
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
ret = subprocess.call(get_java_cmd)
if ret == 0:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is applied..","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] applying java patch "+ className +" failed", "error")
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
my_dict = {}
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
if os.path.exists(filePath):
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Ranger "+ userName +" default password has already been changed!!","info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Ranger Password change utility is being executed by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Ranger "+ userName +" default password change request is in process..","info")
else:
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
status = subprocess.call(get_java_cmd)
if status == 0 or status==2:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0 and status == 0:
log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
elif ret == 0 and status == 2:
log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
if isTableExist==False:
log("[I] Importing "+table_name+" table schema to database " + db_name + " from file: " + name,"info")
while(isTableExist==False):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s -c ;" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " file imported successfully","info")
else:
log("[E] "+name + " file import failed!","error")
time.sleep(30)
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
else:
log("[E] Table schema file " + name+ " not found","error")
sys.exit(1)
def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
version = 'CORE_DB_SCHEMA'
if os.path.isfile(file_name):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] "+version+" is already imported" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" import failed", "error")
sys.exit(1)
isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist = self.check_table(db_name, db_user, db_password, last_table)
isSchemaCreated=False
if isFirstTableExist == True and isLastTableExist == True :
isSchemaCreated=True
elif isFirstTableExist == False and isLastTableExist == False :
isImported=self.import_db_file(db_name, db_user, db_password, file_name)
if(isImported==False):
log("[I] "+ version +" might being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isLastTableExist==True):
isSchemaCreated=True
elif isFirstTableExist == False or isLastTableExist == False :
while(isFirstTableExist == False or isLastTableExist==False):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isFirstTableExist=self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isFirstTableExist == True and isLastTableExist==True):
isSchemaCreated=True
if isSchemaCreated == True:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+version +" import status has been updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating "+version +" import status failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+version + " import failed!","error")
sys.exit(1)
def hasPendingPatches(self, db_name, db_user, db_password, version):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\"" %(version,ranger_version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\" -c ;" %(version,ranger_version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
return False
else:
return True
def update_applied_patches_status(self,db_name, db_user, db_password,version):
if self.hasPendingPatches(db_name, db_user, db_password,version) == True:
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','Y') ;\"" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','Y') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" status entry to x_db_version_h table failed", "error")
sys.exit(1)
else:
log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
class SqlServerConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password, db_name):
#TODO: User array for forming command
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
return True
else:
log("[E] Can't establish connection", "error")
sys.exit(1)
def import_db_file(self, db_name, db_user, db_password, file_name):
isImported=False
name = basename(file_name)
if os.path.isfile(file_name):
log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
isImported=True
else:
log("[E] "+name + " DB Schema import failed!","error")
else:
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
return isImported
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT TABLE_NAME FROM information_schema.tables where table_name = '%s';\" -c ;" %(TABLE_NAME)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
return True
else:
log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info")
return False
def grant_audit_db_user(self, audit_db_name, db_user, audit_db_user, db_password, audit_db_password,TABLE_NAME):
log("[I] Granting permission to audit user '" + audit_db_user + "' on db '" + audit_db_name + "'","info")
get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name)
if is_unix:
query = get_cmd + " -c \; -query \"USE %s GRANT SELECT,INSERT to %s;\"" %(audit_db_name ,audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"USE %s GRANT SELECT,INSERT to %s;\" -c ;" %(audit_db_name ,audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0 :
sys.exit(1)
else:
log("[I] Permission granted to audit user " + audit_db_user , "info")
def import_db_patches(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
time.sleep(1)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
ret=0
log("[I] Patch "+ name +" has been applied by some other process!" ,"info")
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == True:
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info")
get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd1 + " -c \; query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd1 + " -c \; query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if is_unix:
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
if is_unix:
query = get_cmd2 + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
else:
log("[I] Table XA_ACCESS_AUDIT does not exists in " +audit_db_name,"error")
sys.exit(1)
def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name,db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check admin user connection --------- ","info")
self.check_connection(audit_db_name, db_user, db_password)
log("[I] --------- Check audit user connection --------- ","info")
self.check_connection(audit_db_name, audit_db_user, audit_db_password)
log("[I] --------- Check audit table exists --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name ,db_user, db_password, file_name)
self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
my_dict = {}
version = ""
className = ""
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
for filename in files:
f = re.match("^Patch.*?.class$",filename)
if f:
className = re.match("(Patch.*?)_.*.class",filename)
className = className.group(1)
version = re.match("Patch.*?_(.*).class",filename)
version = version.group(1)
key3 = int(version.strip("J"))
my_dict[key3] = filename
keylist = my_dict.keys()
keylist.sort()
for key in keylist:
#print "%s: %s" % (key, my_dict[key])
version = str(key)
className = my_dict[key]
className = className.strip(".class")
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Java patch "+ className +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Java patch "+ className +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is being applied..","info")
else:
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
ret = subprocess.call(get_java_cmd)
if ret == 0:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is applied..","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] applying java patch "+ className +" failed", "error")
sys.exit(1)
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
my_dict = {}
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
if os.path.exists(filePath):
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Ranger "+ userName +" default password has already been changed!!","info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Ranger Password change utility is being executed by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Ranger "+ userName +" default password change request is in process..","info")
else:
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
status = subprocess.call(get_java_cmd)
if status == 0 or status==2:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0 and status == 0:
log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
elif ret == 0 and status == 2:
log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
if isTableExist==False:
log("[I] Importing "+table_name+" table schema to database " + db_name + " from file: " + name,"info")
while(isTableExist==False):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " file imported successfully","info")
else:
log("[E] "+name + " file import failed!","error")
time.sleep(30)
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
else:
log("[E] Table schema file " + name+ " not found","error")
sys.exit(1)
def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
version = 'CORE_DB_SCHEMA'
if os.path.isfile(file_name):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] "+version+" is already imported" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" import failed", "error")
sys.exit(1)
isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist = self.check_table(db_name, db_user, db_password, last_table)
isSchemaCreated=False
if isFirstTableExist == True and isLastTableExist == True :
isSchemaCreated=True
elif isFirstTableExist == False and isLastTableExist == False :
isImported=self.import_db_file(db_name, db_user, db_password, file_name)
if(isImported==False):
log("[I] "+ version +" might being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isLastTableExist==True):
isSchemaCreated=True
elif isFirstTableExist == False or isLastTableExist == False :
while(isFirstTableExist == False or isLastTableExist==False):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isFirstTableExist=self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isFirstTableExist == True and isLastTableExist==True):
isSchemaCreated=True
if isSchemaCreated == True:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+version +" import status has been updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating "+version +" import status failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+version + " import failed!","error")
sys.exit(1)
def hasPendingPatches(self, db_name, db_user, db_password, version):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\"" %(version,ranger_version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\" -c ;" %(version,ranger_version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
return False
else:
return True
def update_applied_patches_status(self,db_name, db_user, db_password,version):
if self.hasPendingPatches(db_name, db_user, db_password,version) == True:
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','Y') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','Y') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" status entry to x_db_version_h table failed", "error")
sys.exit(1)
else:
log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
class SqlAnywhereConf(BaseDB):
# Constructor
def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
self.host = host
self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR
self.JAVA_BIN = JAVA_BIN
def get_jisql_cmd(self, user, password, db_name):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if is_unix:
jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
log("[I] Checking connection", "info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"SELECT 1;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT 1;\" -c ;"
jisql_log(query, db_password)
output = check_output(query)
if output.strip('1 |'):
log("[I] Connection success", "info")
return True
else:
log("[E] Can't establish connection", "error")
sys.exit(1)
def import_db_file(self, db_name, db_user, db_password, file_name):
isImported=False
name = basename(file_name)
if os.path.isfile(file_name):
log("[I] Importing db schema to database " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " DB schema imported successfully","info")
isImported=True
else:
log("[E] "+name + " DB Schema import failed!","error")
else:
log("[E] DB schema file " + name+ " not found","error")
sys.exit(1)
return isImported
def check_table(self, db_name, db_user, db_password, TABLE_NAME):
self.set_options(db_name, db_user, db_password, TABLE_NAME)
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\"" %(TABLE_NAME)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\" -c ;" %(TABLE_NAME)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(TABLE_NAME + " |"):
log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info")
return True
else:
log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info")
return False
def grant_audit_db_user(self, audit_db_name, db_user, audit_db_user, db_password, audit_db_password,TABLE_NAME):
log("[I] Granting permission to audit user '" + audit_db_user + "' on db '" + audit_db_name + "'","info")
get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name)
if is_unix:
query = get_cmd + " -c \; -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\"" %(audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\" -c ;" %(audit_db_user)
jisql_log(query, db_password)
ret = subprocessCallWithRetry(query)
if ret != 0 :
sys.exit(1)
else:
log("[I] Permission granted to audit user " + audit_db_user , "info")
def import_db_patches(self, db_name, db_user, db_password, file_name):
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + db_name + " from file: " + name,"info")
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while output.strip(version + " |"):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
time.sleep(5)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
ret=0
log("[I] Patch "+ name +" has been applied by some other process!" ,"info")
if ret == 0:
log("[I] "+name + " patch applied","info")
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == True:
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info")
get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Patch "+ name +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd1 + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while output.strip(version + " |"):
log("[I] Patch "+ name +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Patch "+ name +" is being applied..","info")
else:
log("[E] Patch "+ name +" failed", "error")
get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name)
if is_unix:
query = get_cmd2 + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd2 + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
if is_unix:
log("[I] "+name + " patch applied","info")
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd1 + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] Patch version updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating patch version failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+name + " import failed!","error")
sys.exit(1)
else:
log("[I] Table XA_ACCESS_AUDIT does not exists in " +audit_db_name,"error")
sys.exit(1)
def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name,db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Check admin user connection --------- ","info")
self.check_connection(audit_db_name, db_user, db_password)
log("[I] --------- Check audit user connection --------- ","info")
self.check_connection(audit_db_name, audit_db_user, audit_db_password)
log("[I] --------- Check audit table exists --------- ","info")
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == False:
self.import_db_file(audit_db_name ,db_user, db_password, file_name)
self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME)
def execute_java_patches(self, xa_db_host, db_user, db_password, db_name):
my_dict = {}
version = ""
className = ""
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch")
if not os.path.exists(javaFiles):
log("[I] No java patches to apply!","info")
else:
files = os.listdir(javaFiles)
if files:
for filename in files:
f = re.match("^Patch.*?.class$",filename)
if f:
className = re.match("(Patch.*?)_.*.class",filename)
className = className.group(1)
version = re.match("Patch.*?_(.*).class",filename)
version = version.group(1)
key3 = int(version.strip("J"))
my_dict[key3] = filename
keylist = my_dict.keys()
keylist.sort()
for key in keylist:
#print "%s: %s" % (key, my_dict[key])
version = str(key)
className = my_dict[key]
className = className.strip(".class")
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Java patch "+ className +" is already applied" ,"info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Java patch "+ className +" is being applied by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('J%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is being applied..","info")
else:
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className)
if is_unix:
ret = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
ret = subprocess.call(get_java_cmd)
if ret == 0:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] java patch "+ className +" is applied..","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] java patch "+ className +" failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='J%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] applying java patch "+ className +" failed", "error")
sys.exit(1)
def set_options(self, db_name, db_user, db_password, TABLE_NAME):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"set option public.reserved_keywords='LIMIT';\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.reserved_keywords='LIMIT';\" -c ;"
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
if is_unix:
query = get_cmd + " -c \; -query \"set option public.max_statement_count=0;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.max_statement_count=0;\" -c;"
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
if is_unix:
query = get_cmd + " -c \; -query \"set option public.max_cursor_count=0;\""
elif os_name == "WINDOWS":
query = get_cmd + " -query \"set option public.max_cursor_count=0;\" -c;"
jisql_log(query, db_password)
ret = subprocessCallWithRetry(shlex.split(query))
def change_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword):
my_dict = {}
version = ""
className = "ChangePasswordUtil"
version = dbversionBasedOnUserName(userName)
app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
if os.path.exists(filePath):
if version != "":
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] Ranger "+ userName +" default password has already been changed!!","info")
else:
if is_unix:
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] Ranger "+ userName +" change utility is being executed by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log ("[I] Ranger "+ userName +" default password change request is in process..","info")
else:
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
if is_unix:
path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
elif os_name == "WINDOWS":
path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log,path,className,userName,oldPassword,newPassword)
if is_unix:
status = subprocess.call(shlex.split(get_java_cmd))
elif os_name == "WINDOWS":
status = subprocess.call(get_java_cmd)
if status == 0 or status==2:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0 and status == 0:
log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
elif ret == 0 and status == 2:
log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
if isTableExist==False:
log("[I] Importing "+table_name+" table schema to database " + db_name + " from file: " + name,"info")
while(isTableExist==False):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -input %s" %file_name
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+name + " file imported successfully","info")
else:
log("[E] "+name + " file import failed!","error")
time.sleep(30)
isTableExist=self.check_table(db_name, db_user, db_password, table_name)
else:
log("[E] Table schema file " + name+ " not found","error")
sys.exit(1)
def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
version = 'CORE_DB_SCHEMA'
if os.path.isfile(file_name):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
log("[I] "+version+" is already imported" ,"info")
else:
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
while(output.strip(version + " |")):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
jisql_log(query, db_password)
output = check_output(query)
else:
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" import failed", "error")
sys.exit(1)
isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist = self.check_table(db_name, db_user, db_password, last_table)
isSchemaCreated=False
if isFirstTableExist == True and isLastTableExist == True :
isSchemaCreated=True
elif isFirstTableExist == False and isLastTableExist == False :
isImported=self.import_db_file(db_name, db_user, db_password, file_name)
if(isImported==False):
log("[I] "+ version +" might being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isLastTableExist==True):
isSchemaCreated=True
elif isFirstTableExist == False or isLastTableExist == False :
while(isFirstTableExist == False or isLastTableExist==False):
log("[I] "+ version +" is being imported by some other process" ,"info")
time.sleep(retryPatchAfterSeconds)
isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table)
isLastTableExist=self.check_table(db_name, db_user, db_password, last_table)
if(isFirstTableExist == True and isLastTableExist==True):
isSchemaCreated=True
if isSchemaCreated == True:
if is_unix:
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret == 0:
log("[I] "+version +" import status has been updated", "info")
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] Updating "+version +" import status failed", "error")
sys.exit(1)
else:
if is_unix:
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
log("[E] "+version + " import failed!","error")
sys.exit(1)
def hasPendingPatches(self, db_name, db_user, db_password, version):
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\"" %(version,ranger_version)
elif os_name == "WINDOWS":
query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and inst_by = '%s' and active = 'Y';\" -c ;" %(version,ranger_version)
jisql_log(query, db_password)
output = check_output(query)
if output.strip(version + " |"):
return False
else:
return True
def update_applied_patches_status(self,db_name, db_user, db_password,version):
if self.hasPendingPatches(db_name, db_user, db_password,version) == True:
get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
if is_unix:
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','Y') ;\" -c \;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','Y') ;\" -c ;" %(version,ranger_version,client_host)
jisql_log(query, db_password)
ret = subprocess.call(query)
if ret != 0:
log("[E] "+ version +" status entry to x_db_version_h table failed", "error")
sys.exit(1)
else:
log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
def main(argv):
populate_global_dict()
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
if (not 'JAVA_HOME' in os.environ) or (os.environ['JAVA_HOME'] == ""):
log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
else:
JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
if os_name == "WINDOWS" :
JAVA_BIN = JAVA_BIN+'.exe'
if os.path.isfile(JAVA_BIN):
pass
else:
JAVA_BIN=globalDict['JAVA_BIN']
if os.path.isfile(JAVA_BIN):
pass
else:
log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error")
sys.exit(1)
#get ranger version
global ranger_version
try:
lib_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp","WEB-INF","lib","*")
get_ranger_version_cmd="%s -cp %s org.apache.ranger.common.RangerVersionInfo"%(JAVA_BIN,lib_home)
ranger_version = check_output(get_ranger_version_cmd).split("\n")[1]
except Exception, error:
ranger_version=''
try:
if ranger_version=="" or ranger_version=="ranger-admin - None":
script_path = os.path.join(RANGER_ADMIN_HOME,"ews","ranger-admin-services.sh")
ranger_version=check_output(script_path +" version").split("\n")[1]
except Exception, error:
ranger_version=''
try:
if ranger_version=="" or ranger_version=="ranger-admin - None":
ranger_version=check_output("ranger-admin version").split("\n")[1]
except Exception, error:
ranger_version=''
if ranger_version=="" or ranger_version is None:
log("[E] Unable to find ranger version details, Exiting..", "error")
sys.exit(1)
XA_DB_FLAVOR=globalDict['DB_FLAVOR']
AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR']
XA_DB_FLAVOR = XA_DB_FLAVOR.upper()
AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper()
log("[I] DB FLAVOR :" + XA_DB_FLAVOR ,"info")
xa_db_host = globalDict['db_host']
audit_db_host = globalDict['db_host']
mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql')
mysql_core_file = globalDict['mysql_core_file']
mysql_audit_file = globalDict['mysql_audit_file']
mysql_patches = os.path.join('db','mysql','patches')
mysql_auditdb_patches = os.path.join('db','mysql','patches','audit')
oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql')
oracle_core_file = globalDict['oracle_core_file']
oracle_audit_file = globalDict['oracle_audit_file']
oracle_patches = os.path.join('db','oracle','patches')
oracle_auditdb_patches = os.path.join('db','oracle','patches','audit')
postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql')
postgres_core_file = globalDict['postgres_core_file']
postgres_audit_file = globalDict['postgres_audit_file']
postgres_patches = os.path.join('db','postgres','patches')
postgres_auditdb_patches = os.path.join('db','postgres','patches','audit')
sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql')
sqlserver_core_file = globalDict['sqlserver_core_file']
sqlserver_audit_file = globalDict['sqlserver_audit_file']
sqlserver_patches = os.path.join('db','sqlserver','patches')
sqlserver_auditdb_patches = os.path.join('db','sqlserver','patches','audit')
sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql')
sqlanywhere_core_file = globalDict['sqlanywhere_core_file']
sqlanywhere_audit_file = globalDict['sqlanywhere_audit_file']
sqlanywhere_patches = os.path.join('db','sqlanywhere','patches')
sqlanywhere_auditdb_patches = os.path.join('db','sqlanywhere','patches','audit')
db_name = globalDict['db_name']
db_user = globalDict['db_user']
db_password = globalDict['db_password']
x_db_version = 'x_db_version_h'
xa_access_audit = 'xa_access_audit'
audit_db_name=''
audit_db_user=''
audit_db_password=''
audit_store = None
if 'audit_store' in globalDict:
audit_store = globalDict['audit_store']
audit_store=audit_store.lower()
if audit_store =='db':
if 'audit_db_name' in globalDict:
audit_db_name = globalDict['audit_db_name']
if 'audit_db_user' in globalDict:
audit_db_user = globalDict['audit_db_user']
if 'audit_db_password' in globalDict:
audit_db_password = globalDict['audit_db_password']
db_ssl_enabled='false'
db_ssl_required='false'
db_ssl_verifyServerCertificate='false'
db_ssl_auth_type='2-way'
javax_net_ssl_keyStore=''
javax_net_ssl_keyStorePassword=''
javax_net_ssl_trustStore=''
javax_net_ssl_trustStorePassword=''
if XA_DB_FLAVOR == "MYSQL":
if 'db_ssl_enabled' in globalDict:
db_ssl_enabled=globalDict['db_ssl_enabled'].lower()
if db_ssl_enabled == 'true':
if 'db_ssl_required' in globalDict:
db_ssl_required=globalDict['db_ssl_required'].lower()
if 'db_ssl_verifyServerCertificate' in globalDict:
db_ssl_verifyServerCertificate=globalDict['db_ssl_verifyServerCertificate'].lower()
if 'db_ssl_auth_type' in globalDict:
db_ssl_auth_type=globalDict['db_ssl_auth_type'].lower()
if db_ssl_verifyServerCertificate == 'true':
if 'javax_net_ssl_trustStore' in globalDict:
javax_net_ssl_trustStore=globalDict['javax_net_ssl_trustStore']
if 'javax_net_ssl_trustStorePassword' in globalDict:
javax_net_ssl_trustStorePassword=globalDict['javax_net_ssl_trustStorePassword']
if not os.path.exists(javax_net_ssl_trustStore):
log("[E] Invalid file Name! Unable to find truststore file:"+javax_net_ssl_trustStore,"error")
sys.exit(1)
if javax_net_ssl_trustStorePassword is None or javax_net_ssl_trustStorePassword =="":
log("[E] Invalid ssl truststore password!","error")
sys.exit(1)
if db_ssl_auth_type == '2-way':
if 'javax_net_ssl_keyStore' in globalDict:
javax_net_ssl_keyStore=globalDict['javax_net_ssl_keyStore']
if 'javax_net_ssl_keyStorePassword' in globalDict:
javax_net_ssl_keyStorePassword=globalDict['javax_net_ssl_keyStorePassword']
if not os.path.exists(javax_net_ssl_keyStore):
log("[E] Invalid file Name! Unable to find keystore file:"+javax_net_ssl_keyStore,"error")
sys.exit(1)
if javax_net_ssl_keyStorePassword is None or javax_net_ssl_keyStorePassword =="":
log("[E] Invalid ssl keystore password!","error")
sys.exit(1)
MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , mysql_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , mysql_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME ,mysql_patches)
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,mysql_auditdb_patches)
first_table='x_asset'
last_table='xa_access_audit'
elif XA_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,oracle_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME ,oracle_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME ,oracle_patches)
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,oracle_auditdb_patches)
first_table='X_PORTAL_USER'
last_table='X_AUDIT_MAP'
elif XA_DB_FLAVOR == "POSTGRES":
db_user=db_user.lower()
db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , postgres_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , postgres_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , postgres_patches)
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,postgres_auditdb_patches)
first_table='x_portal_user'
last_table='x_group_module_perm'
elif XA_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlserver_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_patches)
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,sqlserver_auditdb_patches)
first_table='x_portal_user'
last_table='x_group_module_perm'
elif XA_DB_FLAVOR == "SQLA":
if not os_name == "WINDOWS" :
if os.environ['LD_LIBRARY_PATH'] == "":
log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error")
sys.exit(1)
SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_dbversion_catalog)
xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_core_file)
xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_patches)
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_auditdb_patches)
first_table='x_portal_user'
last_table='x_group_module_perm'
else:
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
if AUDIT_DB_FLAVOR == "MYSQL":
MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type)
audit_db_file = os.path.join(RANGER_ADMIN_HOME ,mysql_audit_file)
elif AUDIT_DB_FLAVOR == "ORACLE":
ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
audit_db_user=audit_db_user.lower()
audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , postgres_audit_file)
elif AUDIT_DB_FLAVOR == "MSSQL":
SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_audit_file)
elif AUDIT_DB_FLAVOR == "SQLA":
SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = SqlAnywhereConf(audit_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_audit_file)
else:
log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error")
sys.exit(1)
log("[I] --------- Verifying Ranger DB connection ---------","info")
xa_sqlObj.check_connection(db_name, db_user, db_password)
if len(argv)==1:
log("[I] --------- Verifying version history table ---------","info")
output = xa_sqlObj.check_table(db_name, db_user, db_password, x_db_version)
if output == False:
xa_sqlObj.create_version_history_table(db_name, db_user, db_password, xa_db_version_file,x_db_version)
log("[I] --------- Importing Ranger Core DB Schema ---------","info")
xa_sqlObj.import_core_db_schema(db_name, db_user, db_password, xa_db_core_file,first_table,last_table)
if XA_DB_FLAVOR == "ORACLE":
if xa_sqlObj.check_table(db_name, db_user, db_password, xa_access_audit):
if audit_db_user != "" and db_user != audit_db_user:
xa_sqlObj.create_synonym(db_name, db_user, db_password,audit_db_user)
applyDBPatches=xa_sqlObj.hasPendingPatches(db_name, db_user, db_password, "DB_PATCHES")
if applyDBPatches == True:
log("[I] --------- Applying Ranger DB patches ---------","info")
xa_sqlObj.apply_patches(db_name, db_user, db_password, xa_patch_file)
else:
log("[I] DB_PATCHES have already been applied","info")
if audit_store == "db" and audit_db_password!='':
log("[I] --------- Starting Audit Operation ---------","info")
audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_file, xa_access_audit)
log("[I] --------- Applying Audit DB patches ---------","info")
audit_sqlObj.apply_auditdb_patches(xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_patch_file, xa_access_audit)
if len(argv)>1:
for i in range(len(argv)):
if str(argv[i]) == "-javapatch":
applyJavaPatches=xa_sqlObj.hasPendingPatches(db_name, db_user, db_password, "JAVA_PATCHES")
if applyJavaPatches == True:
log("[I] ----------------- Applying java patches ------------", "info")
xa_sqlObj.execute_java_patches(xa_db_host, db_user, db_password, db_name)
xa_sqlObj.update_applied_patches_status(db_name,db_user, db_password,"JAVA_PATCHES")
else:
log("[I] JAVA_PATCHES have already been applied","info")
if str(argv[i]) == "-changepassword":
if len(argv)==5:
userName=argv[2]
oldPassword=argv[3]
newPassword=argv[4]
if oldPassword==newPassword:
log("[E] Old Password and New Password argument are same. Exiting!!", "error")
sys.exit(1)
if userName != "" and oldPassword != "" and newPassword != "":
password_validation(newPassword)
xa_sqlObj.change_admin_default_password(xa_db_host, db_user, db_password, db_name,userName,oldPassword,newPassword)
else:
log("[E] Invalid argument list.", "error")
log("[I] Usage : python db_setup.py -changepassword <loginID> <currentPassword> <newPassword>","info")
sys.exit(1)
main(sys.argv)