Google Git
Sign in
apache / ranger / refs/heads/ranger-1.0 / . / security-admin / src / bin / ranger_install.py
blob: 0cbe43dbcdfe7df852b9efbf15c688aab3a3a3e0 [file] [log] [blame]
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. See accompanying LICENSE file.
#
import os
import sys
import errno
import logging
import zipfile
import ConfigParser
import StringIO
import subprocess
import fileinput
#import MySQLdb
import zipfile
import re
import shutil
import commands
from datetime import date
import getpass
import glob
import pprint
from subprocess import Popen,PIPE
conf_dict={}
"""
################################################
Helper routines
################################################
"""
def log(msg,type):
if type == 'info':
logging.info(" %s",msg)
if type == 'error':
logging.error(" %s",msg)
if type == 'debug':
logging.debug(" %s",msg)
if type == 'warning':
logging.warning(" %s",msg)
if type == 'exception':
logging.exception(" %s",msg)
def password_validation(password, userType):
if password:
if re.search("[\\\`'\"]",password):
log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error")
sys.exit(1)
else:
log("[I] "+userType+" user password validated","info")
else:
log("[E] Blank password is not allowed,please enter valid password.","error")
sys.exit(1)
def resolve_sym_link(path):
path = os.path.realpath(path)
base_dir = os.path.dirname(os.path.dirname(path))
return path, base_dir
#prog = ["mysql", "-u", "ve", "--execute", 'insert into foo values ("snargle", 2)']
def getstatusoutput(cmd):
"""Return (status, output) of executing cmd in a shell."""
"""This new implementation should work on all platforms."""
"""pipe = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, shell=True, universal_newlines=True)
"output, err = pipe.communicate()
"sts = pipe.returncode
"""
ret = subprocess.call(cmd, shell=True)
print "------------------"
print " cmd: " + str(cmd)
#print " output: " + output
print " ret: " + str(ret)
print "------------------"
return ret, ret
#if sts is None:
# log("sts is None!!!! Manually setting to -1. PLEASE CHECK!!!!!!!!!!!!!!","info")
# sts = -1
#return sts, output
def copy_files(source_dir,dest_dir):
for dir_path, dir_names, file_names in os.walk(source_dir):
for file_name in file_names:
target_dir = dir_path.replace(source_dir, dest_dir, 1)
if not os.path.exists(target_dir):
os.mkdir(target_dir)
src_file = os.path.join(dir_path, file_name)
dest_file = os.path.join(target_dir, file_name)
log("copying src: " + src_file + " dest: " + dest_file, "debug")
shutil.copyfile(src_file, dest_file)
def ModConfig(File, Variable, Setting):
"""
Modify Config file variable with new setting
"""
VarFound = False
AlreadySet = False
V=str(Variable)
S=str(Setting)
# use quotes if setting has spaces #
if ' ' in S:
S = '"%s"' % S
for line in fileinput.input(File, inplace = 1):
# process lines that look like config settings #
if not line.lstrip(' ').startswith('#') and '=' in line:
_infile_var = str(line.split('=')[0].rstrip(' '))
_infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
# only change the first matching occurrence #
if VarFound == False and _infile_var.rstrip(' ') == V:
VarFound = True
# don't change it if it is already set #
if _infile_set.lstrip(' ') == S:
AlreadySet = True
else:
line = "%s = %s\n" % (V, S)
sys.stdout.write(line)
# Append the variable if it wasn't found #
if not VarFound:
log( "Variable '%s' not found. Adding it to %s" % (V, File), "debug")
with open(File, "a") as f:
f.write("%s = %s\n" % (V, S))
elif AlreadySet == True:
log( "Variable '%s' unchanged" % (V) , "debug")
else:
log( "Variable '%s' modified to '%s'" % (V, S) , "debug")
return
def mkdir_p(path):
try:
os.makedirs(path)
except OSError as exc:
if exc.errno == errno.EEXIST and os.path.isdir(path):
pass
else:
raise
def get_java_env():
JAVA_HOME = os.getenv('JAVA_HOME')
if JAVA_HOME:
return os.path.join(JAVA_HOME, 'bin', 'java')
else:
log('java and jar commands are not available. Please configure JAVA_HOME','exception')
os.sys.exit(1)
def get_class_path(paths):
separator = ';' if sys.platform == 'win32' else ':';
return separator.join(paths)
def get_jdk_options():
global conf_dict
return [os.getenv('RANGER_PROPERTIES', ''),"-Dlogdir="+os.getenv("RANGER_LOG_DIR"),
' -Dcatalina.base=' + conf_dict['EWS_ROOT'] ]
"""
################################################
Ranger Policy Manager routines
################################################
"""
def get_ranger_classpath():
global conf_dict
EWS_ROOT = conf_dict['EWS_ROOT']
WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
cp = [ os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "conf"), os.path.join(EWS_ROOT,"lib","*"), EWS_ROOT, os.path.join(os.getenv('JAVA_HOME'), 'lib', '*')]
class_path = get_class_path(cp)
return class_path
def populate_config_dict_from_env():
global config_dict
conf_dict['RANGER_ADMIN_DB_HOST'] = os.getenv("RANGER_ADMIN_DB_HOST")
conf_dict['RANGER_AUDIT_DB_HOST'] = os.getenv("RANGER_AUDIT_DB_HOST")
#conf_dict['MYSQL_BIN'] = 'mysql.exe' #os.getenv("MYSQL_BIN")
conf_dict['RANGER_DB_FLAVOR'] = os.getenv("RANGER_DB_FLAVOR")
conf_dict['RANGER_AUDIT_DB_FLAVOR'] = os.getenv("RANGER_DB_FLAVOR")
conf_dict['RANGER_ADMIN_DB_USERNAME'] = os.getenv("RANGER_ADMIN_DB_USERNAME")
conf_dict['RANGER_ADMIN_DB_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_PASSWORD")
conf_dict['RANGER_ADMIN_DB_NAME'] = os.getenv("RANGER_ADMIN_DB_DBNAME")
conf_dict['RANGER_AUDIT_DB_USERNAME'] = os.getenv("RANGER_AUDIT_DB_USERNAME")
conf_dict['RANGER_AUDIT_DB_PASSWORD'] = os.getenv("RANGER_AUDIT_DB_PASSWORD")
conf_dict['RANGER_AUDIT_DB_NAME'] = os.getenv("RANGER_AUDIT_DB_DBNAME")
conf_dict['db_root_user'] = os.getenv("RANGER_DB_ROOT_USER")
conf_dict['db_root_password'] = os.getenv("RANGER_ADMIN_DB_ROOT_PASSWORD")
conf_dict['RANGER_ADMIN_DB_ROOT_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_ROOT_PASSWORD")
conf_dict['RANGER_AUDIT_DB_ROOT_PASSWORD'] = os.getenv("RANGER_AUDIT_DB_ROOT_PASSWORD")
conf_dict['RANGER_ADMIN_HOME'] = os.getenv("RANGER_ADMIN_HOME")
conf_dict['RANGER_AUTHENTICATION_METHOD'] = os.getenv("RANGER_AUTHENTICATION_METHOD")
# LDAP Settings
conf_dict['RANGER_LDAP_URL'] = os.getenv("RANGER_LDAP_URL")
conf_dict['RANGER_LDAP_USERDNPATTERN'] = os.getenv("RANGER_LDAP_USERDNPATTERN")
conf_dict['RANGER_LDAP_GROUPSEARCHBASE'] = os.getenv("RANGER_LDAP_GROUPSEARCHBASE")
conf_dict['RANGER_LDAP_GROUPSEARCHFILTER'] = os.getenv("RANGER_LDAP_GROUPSEARCHFILTER")
conf_dict['RANGER_ldap_GROUPROLEATTRIBUTE'] = os.getenv("RANGER_ldap_GROUPROLEATTRIBUTE")
# AD Settings
conf_dict['RANGER_LDAP_AD_DOMAIN'] = os.getenv("RANGER_LDAP_AD_DOMAIN")
conf_dict['RANGER_LDAP_AD_URL'] = os.getenv("RANGER_LDAP_AD_URL")
def populate_config_dict_from_file():
global config_dict
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
read_config_file = open(os.path.join(RANGER_ADMIN_HOME,'bin','install_config.properties'))
library_path = os.path.join(RANGER_ADMIN_HOME,"cred","lib","*")
for each_line in read_config_file.read().split('\n') :
if len(each_line) == 0 : continue
# print 'each_line = ' + each_line
key , value = each_line.strip().split("=",1)
key = key.strip()
if 'PASSWORD' in key:
jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks')
statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get')
if statuscode == 1:
value = ''
value = value.strip()
conf_dict[key] = value
#if os.getenv("MYSQL_BIN") is not None:
# conf_dict['MYSQL_BIN'] = os.getenv("MYSQL_BIN")
#else:
# os.sys.exit('Please set MYSQL_BIN variable in environment settings.')
def init_variables(switch):
global conf_dict
if switch == 'service' :
populate_config_dict_from_env()
else:
populate_config_dict_from_file()
#INSTALL_DIR = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "app")
INSTALL_DIR = conf_dict['RANGER_ADMIN_HOME']
EWS_ROOT = os.path.join(INSTALL_DIR , "ews")
WEBAPP_ROOT = os.path.join(INSTALL_DIR , "ews" , "webapp")
#if switch == "service":
# war_file_path = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "war", "security-admin-web-*.war")
# war_file_list = glob.glob(war_file_path)
# conf_dict['war_file'] = war_file_list[0]
conf_dict['EWS_ROOT'] = EWS_ROOT
conf_dict['WEBAPP_ROOT']= WEBAPP_ROOT
conf_dict['INSTALL_DIR']= INSTALL_DIR
conf_dict['JAVA_BIN']= os.path.join(os.getenv("JAVA_HOME"),'bin','java.exe')
conf_dict['DB_FLAVOR'] = os.getenv("RANGER_DB_FLAVOR")
conf_dict['RANGER_DB_FLAVOR'] = os.getenv("RANGER_DB_FLAVOR")
conf_dict['RANGER_AUDIT_DB_FLAVOR'] = os.getenv("RANGER_DB_FLAVOR")
dir = os.path.join(os.getenv("RANGER_HOME"),"connector-jar")
ews_dir = os.path.join(os.getenv("RANGER_ADMIN_HOME"),"ews","webapp","WEB-INF","lib")
log(ews_dir,"info")
if not os.path.exists(dir):
os.makedirs(dir)
layout_dir = os.path.dirname(os.getenv("HDP_LAYOUT"))
files = os.listdir(layout_dir)
if files:
for filename in files:
#log (filename,"info")
if os.getenv("RANGER_DB_FLAVOR") == "MYSQL" or os.getenv("RANGER_AUDIT_DB_FLAVOR") == "MYSQL":
f = re.match("^mysql-connector-java.*?.jar",filename)
elif os.getenv("RANGER_DB_FLAVOR") == "ORACLE" or os.getenv("RANGER_AUDIT_DB_FLAVOR") == "ORACLE":
f = re.match("^ojdbc.*?.jar",filename)
elif os.getenv("RANGER_DB_FLAVOR") == "POSTGRES" or os.getenv("RANGER_AUDIT_DB_FLAVOR") == "POSTGRES":
f = re.match("^postgresql-connector-jdbc.*?.jar",filename)
elif os.getenv("RANGER_DB_FLAVOR") == "MSSQL" or os.getenv("RANGER_AUDIT_DB_FLAVOR") == "MSSQL":
f = re.match("^sqljdbc.*?.jar",filename)
if f:
src = os.path.join(layout_dir,filename)
shutil.copy2(src, dir)
shutil.copy2(src, ews_dir)
conf_dict['SQL_CONNECTOR_JAR'] = os.path.join(dir,filename)
conf_dict['db_host']=os.getenv("RANGER_ADMIN_DB_HOST") + ":" + os.getenv("RANGER_ADMIN_DB_PORT")
conf_dict['db_name']=os.getenv("RANGER_ADMIN_DB_DBNAME")
conf_dict['db_user']=os.getenv("RANGER_ADMIN_DB_USERNAME")
conf_dict['db_password']=os.getenv("RANGER_ADMIN_DB_PASSWORD")
conf_dict['audit_db_name']=os.getenv("RANGER_AUDIT_DB_DBNAME")
conf_dict['audit_db_user']=os.getenv("RANGER_AUDIT_DB_USERNAME")
conf_dict['audit_db_password']=os.getenv("RANGER_AUDIT_DB_PASSWORD")
conf_dict['RANGER_ADMIN_DB_PORT']=os.getenv("RANGER_ADMIN_DB_PORT")
conf_dict['RANGER_AUDIT_DB_PORT']=os.getenv("RANGER_AUDIT_DB_PORT")
db_dir = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "db")
conf_dict['mysql_core_file']=os.path.join(db_dir,'mysql','xa_core_db.sql')
conf_dict['mysql_audit_file']=os.path.join(db_dir,'mysql','xa_audit_db.sql')
conf_dict['oracle_core_file']=os.path.join(db_dir,'oracle','xa_core_db_oracle.sql')
conf_dict['oracle_audit_file']=os.path.join(db_dir,'oracle','xa_audit_db_oracle.sql')
conf_dict['postgres_core_file']=os.path.join(db_dir,'postgres','xa_core_db_postgres.sql')
conf_dict['postgres_audit_file']=os.path.join(db_dir,'postgres','xa_audit_db_postgres.sql')
conf_dict['sqlserver_core_file']=os.path.join(db_dir,'sqlserver','xa_core_db_sqlserver.sql')
conf_dict['sqlserver_audit_file']=os.path.join(db_dir,'sqlserver','xa_audit_db_sqlserver.sql')
conf_dict['sqlanywhere_core_file']= os.path.join(db_dir,'sqlanywhere','xa_core_db_sqlanywhere.sql')
conf_dict['sqlanywhere_audit_file']= os.path.join(db_dir, 'sqlanywhere','xa_audit_db_sqlanywhere.sql')
#conf_dict['db_core_file'] = os.path.join(db_dir, "xa_core_db.sql")
#conf_dict['db_create_user_file'] = os.path.join(db_dir, "create_dev_user.sql")
#conf_dict['db_audit_file'] = os.path.join(db_dir, "xa_audit_db.sql")
#conf_dict['db_asset_file'] = os.path.join(db_dir, "reset_asset.sql")
#log("config is : " , "debug")
#for x in conf_dict:
# log(x + " : " + conf_dict[x], "debug")
#TODO fix the base_dir part
def setup_install_files():
global conf_dict
EWS_ROOT = conf_dict['EWS_ROOT']
INSTALL_DIR = conf_dict['INSTALL_DIR']
WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
EWS_LIB_DIR = os.path.join(EWS_ROOT,"lib")
#EWS_LOG_DIR = os.path.join(EWS_ROOT,"logs")
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
log("Setting up installation files and directory", "debug")
if not os.path.isdir(INSTALL_DIR):
log("creating Install dir : " + INSTALL_DIR, "debug")
os.makedirs(INSTALL_DIR)
if not os.path.isdir(EWS_ROOT):
log("creating EWS dir : " + EWS_ROOT, "debug")
os.makedirs(EWS_ROOT)
if not os.path.isdir(WEBAPP_ROOT):
log("creating WEBAPP dir : " + WEBAPP_ROOT, "debug")
os.makedirs(WEBAPP_ROOT)
if not os.path.isdir(os.path.join(WEBAPP_ROOT,"WEB-INF","classes","conf")):
log("creating conf dir : " + WEBAPP_ROOT, "debug")
os.makedirs(os.path.join(WEBAPP_ROOT,"WEB-INF","classes","conf"))
if not os.path.isdir(EWS_LIB_DIR):
log("creating EWS_LIB_DIR dir : " + EWS_LIB_DIR, "debug")
os.makedirs(EWS_LIB_DIR)
#if not os.path.isdir(EWS_LOG_DIR):
# log("creating EWS_LOG_DIR dir : " + EWS_LOG_DIR, "debug")
# os.makedirs(EWS_LOG_DIR)
#log("copying libraries ", "debug")
#copy_files(os.path.join(RANGER_ADMIN_HOME,"ews","lib"), EWS_LIB_DIR)
#log("copying xapolicymgr.properties file", "debug")
#shutil.copyfile(os.path.join(RANGER_ADMIN_HOME,"ews","xapolicymgr.properties"), os.path.join(EWS_ROOT,"xapolicymgr.properties"))
log("copying conf.dist/ to conf/", "debug")
copy_files(os.path.join(WEBAPP_ROOT,"WEB-INF","classes","conf.dist"), os.path.join(WEBAPP_ROOT,"WEB-INF","classes","conf"))
log(" Setting up installation files and directory DONE", "info");
pass
def write_config_to_file():
global conf_dict
RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
library_path = os.path.join(RANGER_ADMIN_HOME, 'cred', 'lib','*')
jceks_file_path = os.path.join(os.getenv("RANGER_HOME"), "jceks")
if not os.path.isdir(jceks_file_path):
mkdir_p(jceks_file_path)
jceks_file_path = os.path.join(jceks_file_path,'ranger_db.jceks')
file_path = os.path.dirname(os.path.realpath(__file__))
write_conf_to_file = os.path.join(file_path, "install_config.properties")
open(write_conf_to_file,'wb')
for key,value in conf_dict.items():
if 'PASSWORD' in key :
#call_keystore(library_path,key,value,jceks_file_path,'create')
value=''
ModConfig(write_conf_to_file , key,value)
def init_logfiles():
FORMAT = '%(asctime)-15s %(message)s'
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
def sanity_check_configure_files():
global conf_dict
log("Checking MYSQL executable and db files!!", 'debug')
db_core_file = conf_dict['db_core_file']
db_create_user_file = conf_dict['db_create_user_file']
db_audit_file = conf_dict['db_audit_file']
db_asset_file = conf_dict['db_asset_file']
#if os.path.isfile(MYSQL_BIN):
# log("MYSQL Client bin : " + MYSQL_BIN + " file found", 'info')
#else:
# os.sys.exit('MYSQL_BIN: ' + MYSQL_BIN + ' file does not exist')
if os.path.isfile(db_core_file):
log("DB core file " + db_core_file + " file found", 'info')
else:
log('db_core_file: ' + db_core_file + ' file does not exist','exception')
os.sys.exit(1)
if os.path.isfile(db_create_user_file):
log("DB create user file " + db_create_user_file + " file found", 'info')
else:
log('db_create_user_file: ' + db_create_user_file + ' file does not exist','exception')
os.sys.exit(1)
if os.path.isfile(db_audit_file):
log("DB audit file " + db_audit_file + " file found", 'info')
else:
log('db_audit_file: ' + db_audit_file + ' file does not exist','exception')
os.sys.exit(1)
if os.path.isfile(db_asset_file):
log("DB asset file " + db_asset_file + " file found", 'info')
else:
log('db_asset_file: ' + db_asset_file + ' file does not exist','exception')
os.sys.exit(1)
def get_mysql_cmd(user, password, host):
global conf_dict
MYSQL_BIN = conf_dict["MYSQL_BIN"]
cmdArr = [ MYSQL_BIN ,'-B' ,'--user=%s' %user, '--password=%s' %password, '--host=%s' %host , '--skip-column-names']
return cmdArr
def create_mysql_user(db_name, db_user, db_password, db_host, db_root_password):
global conf_dict
cmdArr = []
MYSQL_BIN = conf_dict["MYSQL_BIN"]
hosts_arr =["%", "localhost"]
#check_mysql_password()
### From properties file
log("\nCreating MySQL user "+db_user+" (using root priviledges)\n", 'debug')
for host in hosts_arr:
cmdArr = get_mysql_cmd('root', db_root_password, db_host)
#subprocess.call(["mysql", "-u", username, "-p%s" % password, "-e", "SELECT @@hostname"]
cmdArr.extend(["-e", "select count(*) from mysql.user where user='%s' and host='%s'" %(db_user, host)])
output = subprocess.check_output(cmdArr)
if output.strip("\n\r") is "1":
log( "\nMYSQL User already exists!\n", "debug")
else:
cmdArr = get_mysql_cmd('root', db_root_password, db_host)
if db_password == "":
#cmdStr = '"' + MYSQL_BIN + '"' + ' -B -u root --password='+db_root_password+' -h '+db_host+' -e \'create user "'+db_user+'"@"'+db_host+'";\''
cmdArr.extend(["-e", "create user %s@%s" %(db_user, host)])
else:
cmdArr.extend(["-e", "create user '%s'@'%s' identified by '%s' " %(db_user, host, db_password)])
#cmdStr = '"' + MYSQL_BIN + '"' + ' -B -u root --password='+db_root_password+' -h '+db_host+' -e \'create user "'+db_user+'"@"'+db_host+'" identified by "'+db_password+'";\''
ret = subprocess.check_call(cmdArr)
if ret == 0:
#mysqlquery="GRANT ALL ON "+db_name+".* TO \'"+db_user+"'@'"+db_host+"' ;\
#grant all privileges on "+db_name+".* to '"+db_user+"'@'"+db_host+"' with grant option;\
#FLUSH PRIVILEGES;"
cmdArr = get_mysql_cmd('root', db_root_password, db_host)
cmdArr.extend(["-e", "GRANT ALL ON *.* TO '%s'@'%s'; grant all privileges on *.* to '%s'@'%s' with grant option; FLUSH PRIVILEGES" %(db_user,host,db_user,host)])
ret = subprocess.check_call(cmdArr)
if ret == 0:
log("\nCreating MySQL user '" + db_user + "' (using root priviledges for % hosts ) DONE\n", "info")
else:
log("\nCreating MySQL user '" + db_user + "' (using root priviledges) FAILED\n", "info")
sys.exit(1)
def check_mysql_password ():
global conf_dict
db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
MYSQL_HOST = conf_dict['MYSQL_HOST']
MYSQL_BIN = conf_dict['MYSQL_BIN']
log("Checking MYSQL root password : **** ","debug")
cmdStr = "\""+MYSQL_BIN+"\""+" -u root --password="+db_root_password+" -h "+MYSQL_HOST+" -s -e \"select version();\""
status, output = getstatusoutput(cmdStr)
print "Status: " + str(status)
print "output: " + str(output)
if status == 0:
log("Checking MYSQL root password DONE", "info")
else:
log("COMMAND: mysql -u root --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + output + "\n*********************************\n", "exception")
sys.exit(1)
#def check_mysql_user_password():
# global conf_dict
# db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
# db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
# db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
# MYSQL_HOST = conf_dict['MYSQL_HOST']
#
# db = MySQLdb.connect(host=MYSQL_HOST, user=db_user, passwd=db_password)
# if db:
# log("Checking MYSQL "+ db_user +" password DONE", "info")
# else:
# log("COMMAND: mysql -u " + db_user + " --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + {msg} + "\n*********************************\n", "exception")
#
#def check_mysql_audit_user_password():
# global conf_dict
# audit_db = conf_dict["RANGER_AUDIT_DB_NAME"]
# audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
# audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
# MYSQL_HOST = conf_dict['MYSQL_HOST']
#
# try:
# db = MySQLdb.connect(host=MYSQL_HOST, user=audit_db_user, passwd=audit_db_password, db=audit_db)
# except MySQLdb.Error, e:
# exceptnMsg = "Error %d: %s" % (e.args[0], e.args[1])
# log("COMMAND: mysql -u " + audit_db_user + " --password=..... -h " + MYSQL_HOST + " : FAILED with error message:\n*********************************\n" + exceptnMsg + "\n*********************************\n", "exception")
# sys.exit (1)
# if db:
# log("Checking Ranger Audit Table owner password DONE", "info")
#def exec_sql_file(cursor, sql_file):
# log( "[INFO] Executing SQL script file: " + sql_file, "debug")
# statement = ""
# for line in open(sql_file):
# if re.match(r'--', line): # ignore sql comment lines
# continue
# if not re.search(r'[^-;]+;', line): # keep appending lines that don't end in ';'
# statement = statement + line
# else: # when you get a line ending in ';' then exec statement and reset for next statement
# statement = statement + line
# #print "\n\n[DEBUG] Executing SQL statement:\n%s" % (statement)
# try:
# cursor.execute(statement)
# print cursor
# except MySQLdb.Error, e:
# log( "[WARN] MySQLError during execute statement \n\tArgs: " + str(e.args), "debug")
# statement = ""
def upgrade_db():
global config_dict
db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
db_name = conf_dict["RANGER_ADMIN_DB_NAME"]
MYSQL_BIN = conf_dict['MYSQL_BIN']
MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
log("\nCreating Baseline DB upgrade ... \n", "debug")
DBVERSION_CATALOG_CREATION = os.path.join(conf_dict['RANGER_DB_DIR'], 'create_dbversion_catalog.sql')
PATCHES_PATH = os.path.join(conf_dict['RANGER_DB_DIR'], 'patches')
if os.path.isfile(DBVERSION_CATALOG_CREATION):
#import sql file
proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
out, err = proc.communicate(file(DBVERSION_CATALOG_CREATION).read())
log("\nBaseline DB upgraded successfully\n", "info")
#first get all patches and then apply each patch
files = os.listdir(PATCHES_PATH)
# files: coming from os.listdir() sorted alphabetically, thus not numerically
sorted_files = sorted(files, key=lambda x: str(x.split('.')[0]))
for filename in sorted_files:
currentPatch = PATCHES_PATH + "/"+filename
if os.path.isfile(currentPatch):
#apply_patches(cursor,currentPatch)
proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
out, err = proc.communicate(file(currentPatch).read())
log( "\nPatch applied: " + currentPatch +"\n", "debug")
def verify_db (db_user, db_password, db_name, db_host):
global conf_dict
MYSQL_BIN = conf_dict['MYSQL_BIN']
log("\nVerifying Database: " + db_name+"\n","debug")
cmdArr = get_mysql_cmd(db_user, db_password, db_host)
cmdArr.extend(["-e", "show databases like '%s'" %(db_name)])
output = subprocess.check_output(cmdArr)
if output.strip('\r\n') == db_name:
return True
else:
return False
def import_db ():
global conf_dict
db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
db_name = conf_dict['RANGER_ADMIN_DB_NAME']
MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
db_core_file = conf_dict['db_core_file']
db_asset_file = conf_dict['db_asset_file']
MYSQL_BIN = conf_dict['MYSQL_BIN']
log ("\nImporting to Database: " + db_name,"debug");
if verify_db(db_user, db_password, db_name, MYSQL_HOST):
log("\nDatabase "+db_name + " already exists. Ignoring import_db\n","info")
else:
log("\nDatabase does not exist. Creating databse : \n" + db_name,"info")
cmdArr = get_mysql_cmd('root', db_root_password, MYSQL_HOST)
cmdArr.extend(["-e", "create database %s" %(db_name)])
ret = subprocess.check_call(cmdArr)
if ret != 0:
log("\nDatabase creation failed!!\n","exception")
sys.exit(1)
##execute each line from sql file to import DB
if os.path.isfile(db_core_file):
log("Importing database : " + db_name + " from file: " + db_core_file,"info")
proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
out, err = proc.communicate(file(db_core_file).read())
if (proc.returncode == 0):
log("\nAdmin db file Imported successfully\n","info")
else:
log("\nAdmin db file Import failed!\n","info")
sys.exit(1)
else:
log("\nImport sql file not found\n","exception")
sys.exit(1)
if os.path.isfile(db_asset_file):
proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % db_password, db_name],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
out, err = proc.communicate(file(db_asset_file).read())
if (proc.returncode == 0):
log("\nAsset file Imported successfully\n","info")
else:
log("\nAsset file Import filed!\n","info")
sys.exit(1)
else:
log("\nImport asset sql file not found\n","exception")
sys.exit(1)
#def extract_war():
# global conf_dict
# war_file = conf_dict['war_file']
# WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
#
# if os.path.isfile(war_file):
# log("Extract War file " + war_file + " to " + WEBAPP_ROOT,"info")
# else:
# log(war_file + " file not found!","exception")
#
# if os.path.isdir(WEBAPP_ROOT):
# with zipfile.ZipFile(war_file, "r") as z:
# z.extractall(WEBAPP_ROOT)
# log("Extract War file " + war_file + " to " + WEBAPP_ROOT + " DONE! ","info")
# if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod")) :
# shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml"))
# def copy_mysql_connector():
# log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib ","info")
# shutil.copyfile(MYSQL_CONNECTOR_JAR, app_home+"/WEB-INF/lib/"+MYSQL_CONNECTOR_JAR)
# if os.path.isfile(app_home+"/WEB-INF/lib/"+MYSQL_CONNECTOR_JAR):
# log("Copying MYSQL Connector to app_home/WEB-INF/lib DONE","info");
# else:
# log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib failed","exception")
#Update Properties to File
#1 -> propertyName 2 -> newPropertyValue 3 -> fileName
def updatePropertyToFile(propertyName, newPropertyValue, fileName):
replaceStr = propertyName +"="+ newPropertyValue
log("replaceStr: " + replaceStr, "debug")
successMsg = "property : " + propertyName + " not found!"
for line in fileinput.input(fileName, inplace = 1): # Does a list of files, and writes redirects STDOUT to the file in question
if line.replace(propertyName, replaceStr):
successMsg = "File " + fileName + " Updated successfully : "+ propertyName
log(successMsg, "info")
pass
def update_xapolicymgr_properties():
global conf_dict
WEBAPP_ROOT = conf_dict['WEBAPP_ROOT']
xapolicymgr_properties = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "conf", "ranger_webserver.properties")
log("xapolicymgr_properties: " + xapolicymgr_properties, "debug")
ModConfig(xapolicymgr_properties,"xa.webapp.dir", WEBAPP_ROOT.replace('\\','/' ))
def updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file):
ret = subprocess.call(['python', '%s\update_property.py' %os.getenv("RANGER_ADMIN_HOME"), propertyName ,newPropertyValue ,to_file])
if ret == 0:
log("Updated property for :"+to_file,"info")
else:
log("Update property failed for :"+to_file,"info")
sys.exit(1)
def update_properties():
global conf_dict
sys_conf_dict={}
RANGER_DB_FLAVOR = conf_dict["RANGER_DB_FLAVOR"]
RANGER_AUDIT_DB_FLAVOR = conf_dict["RANGER_DB_FLAVOR"]
MYSQL_HOST = conf_dict["RANGER_ADMIN_DB_HOST"]
WEBAPP_ROOT = conf_dict["WEBAPP_ROOT"]
db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
db_name = conf_dict["RANGER_ADMIN_DB_NAME"]
RANGER_ADMIN_DB_PORT = conf_dict["RANGER_ADMIN_DB_PORT"]
RANGER_AUDIT_DB_PORT = conf_dict["RANGER_AUDIT_DB_PORT"]
audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
audit_db_name = conf_dict["RANGER_AUDIT_DB_NAME"]
to_file_ranger = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "conf", "ranger-admin-site.xml")
newPropertyValue=''
to_file_default = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "conf", "ranger-admin-default-site.xml")
if os.path.isfile(to_file_ranger):
log("to_file_ranger: " + to_file_ranger + " file found", "info")
else:
log("to_file_ranger: " + to_file_ranger + " does not exists", "warning")
if os.path.isfile(to_file_default):
log("to_file_default: " + to_file_default + " file found", "info")
else:
log("to_file_default: " + to_file_default + " does not exists", "warning")
log("SQL_HOST is : " + MYSQL_HOST,"debug")
if RANGER_DB_FLAVOR == "MYSQL":
propertyName="ranger.jpa.jdbc.url"
newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.user"
newPropertyValue=db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.user"
newPropertyValue=audit_db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.url"
newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.audit.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.jdbc.driver"
newPropertyValue="net.sf.log4jdbc.DriverSpy"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.driver"
newPropertyValue="net.sf.log4jdbc.DriverSpy"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif RANGER_DB_FLAVOR == "ORACLE":
propertyName="ranger.jpa.jdbc.url"
#if MYSQL_HOST.count(":") == 2:
if MYSQL_HOST.count(":") == 2 or MYSQL_HOST.count(":") == 0:
#jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
cstring="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
else:
#jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
cstring="jdbc:oracle:thin:@//%s" %(MYSQL_HOST)
newPropertyValue=cstring
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.user"
newPropertyValue=db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.user"
newPropertyValue=audit_db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.url"
newPropertyValue=cstring
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.audit.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.jdbc.driver"
newPropertyValue="oracle.jdbc.OracleDriver"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.driver"
newPropertyValue="oracle.jdbc.OracleDriver"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif RANGER_DB_FLAVOR == "POSTGRES":
propertyName="ranger.jpa.jdbc.url"
newPropertyValue="jdbc:postgresql://%s:%s/%s" %(MYSQL_HOST, RANGER_ADMIN_DB_PORT, db_name)
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.user"
newPropertyValue=db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.user"
newPropertyValue=audit_db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.url"
newPropertyValue="jdbc:postgresql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.audit.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.jdbc.driver"
newPropertyValue="org.postgresql.Driver"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.driver"
newPropertyValue="org.postgresql.Driver"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif RANGER_DB_FLAVOR == "MSSQL":
propertyName="ranger.jpa.jdbc.url"
newPropertyValue="jdbc:sqlserver://%s:%s;databaseName=%s" %(MYSQL_HOST, RANGER_ADMIN_DB_PORT, db_name)
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.user"
newPropertyValue=db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.user"
newPropertyValue=audit_db_user
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.url"
newPropertyValue="jdbc:sqlserver://%s:%s;databaseName=%s" % (MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.audit.jdbc.dialect"
newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.jdbc.driver"
newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.driver"
newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
if (os.path.isfile(os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE"))):
propertyName="ranger.credential.provider.path"
newPropertyValue=os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.jdbc.credential.alias"
newPropertyValue="ranger.jpa.jdbc.password"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.credential.provider.path"
newPropertyValue=os.getenv("RANGER_ADMIN_CRED_KEYSTORE_FILE")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.jdbc.password"
newPropertyValue="_"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.credential.alias"
newPropertyValue="ranger.jpa.audit.jdbc.password"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
propertyName="ranger.jpa.audit.jdbc.password"
newPropertyValue="_"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
else:
propertyName="ranger.jpa.jdbc.password"
newPropertyValue=os.getenv("RANGER_ADMIN_DB_PASSWORD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.jpa.audit.jdbc.password"
newPropertyValue=os.getenv("RANGER_AUDIT_DB_PASSWORD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP":
password_validation(os.getenv("RANGER_LDAP_BIND_PASSWORD"), "LDAP_BIND")
propertyName="ranger.authentication.method"
newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.url"
newPropertyValue=os.getenv("RANGER_LDAP_URL")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.user.dnpattern"
newPropertyValue=os.getenv("RANGER_LDAP_USERDNPATTERN")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.group.searchbase"
newPropertyValue=os.getenv("RANGER_LDAP_GROUPSEARCHBASE")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.group.searchfilter"
newPropertyValue=os.getenv("RANGER_LDAP_GROUPSEARCHFILTER")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.group.roleattribute"
newPropertyValue=os.getenv("RANGER_LDAP_GROUPROLEATTRIBUTE")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.base.dn"
newPropertyValue=os.getenv("RANGER_LDAP_BASE_DN")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.bind.dn"
newPropertyValue=os.getenv("RANGER_LDAP_BIND_DN")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.bind.password"
newPropertyValue="_"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.referral"
newPropertyValue=os.getenv("RANGER_LDAP_REFERRAL")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.user.searchfilter"
newPropertyValue=os.getenv("RANGER_LDAP_USERSEARCHFILTER")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY":
password_validation(os.getenv("RANGER_LDAP_AD_BIND_PASSWORD"), "AD_BIND")
propertyName="ranger.authentication.method"
newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.domain"
newPropertyValue=os.getenv("RANGER_LDAP_AD_DOMAIN")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.url"
newPropertyValue=os.getenv("RANGER_LDAP_AD_URL")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.base.dn"
newPropertyValue=os.getenv("RANGER_LDAP_AD_BASE_DN")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.bind.dn"
newPropertyValue=os.getenv("RANGER_LDAP_AD_BIND_DN")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.bind.password"
newPropertyValue="_"
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.referral"
newPropertyValue=os.getenv("RANGER_LDAP_AD_REFERRAL")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
propertyName="ranger.ldap.ad.user.searchfilter"
newPropertyValue=os.getenv("RANGER_LDAP_AD_USERSEARCHFILTER")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
def setup_authentication(authentication_method, xmlPath):
if authentication_method == "UNIX":
# log("Setting up UNIX authentication for : " + xmlPath,"debug")
# appContextPath = xmlPath + "/META-INF/security-applicationContext.xml"
# beanSettingPath = xmlPath + "/META-INF/contextXML/unix_bean_settings.xml"
# secSettingPath = xmlPath + "/META-INF/contextXML/unix_security_settings.xml"
# ## Logic is to find UNIX_BEAN_SETTINGS_START,UNIX_SEC_SETTINGS_START from appContext xml file and append
# ## the xml properties from unix bean settings file
# if os.path.isfile(appContextPath) and os.path.isfile(unixSettingPath):
# beanStrToBeAppended = open(beanSettingPath).read()
# secStrToBeAppended = open(secSettingPath).read()
# fileObj = open(appContextPath)
# for line in fileObj.read().split(';\n'):
# beanLineToAppend = line.match("UNIX_BEAN_SETTINGS_START")
# beanLineToAppend.apend(beanStrToBeAppended)
# secLineToAppend = line.match("UNIX_SEC_SETTINGS_START")
# secLineToAppend.append(secStrToBeAppended)
#
# fileObj.close()
# sys.exit(0);
pass
elif authentication_method == "LDAP":
log("Setting up authentication for : " + xmlPath,"debug")
log("Setting up "+authentication_method+" authentication for : " + xmlPath,"debug")
appContextPath = os.path.join(xmlPath, "WEB-INF", "classes", "conf", "security-applicationContext.xml")
beanSettingPath = os.path.join(xmlPath, "META-INF","contextXML","ldap_bean_settings.xml")
secSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ldap_security_settings.xml")
## Logic is to find LDAP_BEAN_SETTINGS_START,LDAP_SEC_SETTINGS_START from appContext xml file and append
## the xml properties from unix bean settings file
if os.path.isfile(appContextPath) and os.path.isfile(beanSettingPath):
beanStrToBeAppended = open(beanSettingPath).read()
secStrToBeAppended = open(secSettingPath).read()
fileObj = open(appContextPath)
data = ''
for line in fileObj.read().split('\n'):
if ("LDAP_BEAN_SETTINGS_START") in line:
line = line + '\n' + beanStrToBeAppended
if ("LDAP_SEC_SETTINGS_START") in line:
line = line + '\n' + secStrToBeAppended
if data == '':
data = line
else:
data = data + '\n' + line
fileObj.close()
fileObj = open(appContextPath,'w')
fileObj.writelines(data)
fileObj.close()
elif authentication_method == "ACTIVE_DIRECTORY":
log("Setting up "+authentication_method+" authentication for : " + xmlPath,"debug")
appContextPath = os.path.join(xmlPath, "WEB-INF", "classes", "conf", "security-applicationContext.xml")
beanSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ad_bean_settings.xml")
secSettingPath = os.path.join(xmlPath , "META-INF","contextXML","ad_security_settings.xml")
## Logic is to find AD_BEAN_SETTINGS_START,AD_SEC_SETTINGS_START from appContext xml file and append
## the xml properties from unix bean settings file
if os.path.isfile(appContextPath) and os.path.isfile(beanSettingPath):
beanStrToBeAppended = open(beanSettingPath).read()
secStrToBeAppended = open(secSettingPath).read()
fileObj = open(appContextPath)
data = ''
for line in fileObj.read().split('\n'):
if ("AD_BEAN_SETTINGS_START") in line :
line = line + '\n'+ beanStrToBeAppended
if ("AD_SEC_SETTINGS_START") in line:
line = line + '\n' + secStrToBeAppended
if data == '':
data = line
else:
data = data + '\n' + line
fileObj.close()
fileObj = open(appContextPath,'w')
fileObj.writelines(data)
fileObj.close()
elif authentication_method == "NONE":
log("Authentication Method: "+authentication_method+" authentication for : " + xmlPath,"debug")
#pass
#
def do_authentication_setup():
global conf_dict
webappRoot = conf_dict['WEBAPP_ROOT']
sys_conf_dict={}
# ##Written new function to perform authentication setup for all cases
authentication_method = conf_dict['RANGER_AUTHENTICATION_METHOD']
log("Starting setup based on user authentication method = " + authentication_method,"debug")
setup_authentication(authentication_method, webappRoot)
# ldap_file= os.path.join(webappRoot ,"WEB-INF","resources","xa_ldap.properties")
ldap_file= os.path.join(webappRoot, "WEB-INF", "classes", "conf", "xa_ldap.properties")
if os.path.isfile(ldap_file):
log(ldap_file + " file found", "info")
else:
log(ldap_file + " does not exists", "warning")
"""
config = StringIO.StringIO()
config.write('[LDAP_AD_CONF]\n')
config.write(open(ldap_file).read())
config.seek(0, os.SEEK_SET)
##Now parse using configparser
cObj = ConfigParser.ConfigParser()
cObj.optionxform = str
cObj.readfp(config)
options = cObj.options('LDAP_AD_CONF')
for option in options:
value = cObj.get('LDAP_AD_CONF', option)
sys_conf_dict[option] = value
cObj.set("LDAP_AD_CONF",option, value)
log("LDAP file : "+ ldap_file + " file found", "info")
"""
if authentication_method == "LDAP":
log("Loading LDAP attributes and properties", "debug");
newPropertyValue=''
##########
propertyName="xa_ldap_url"
newPropertyValue=conf_dict['RANGER_LDAP_URL']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="xa_ldap_userDNpattern"
newPropertyValue=conf_dict['RANGER_LDAP_USERDNPATTERN']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="xa_ldap_groupSearchBase"
newPropertyValue=conf_dict['RANGER_LDAP_GROUPSEARCHBASE']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="xa_ldap_groupSearchFilter"
newPropertyValue=conf_dict['RANGER_LDAP_GROUPSEARCHFILTER']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="xa_ldap_groupRoleAttribute"
newPropertyValue=conf_dict['RANGER_ldap_GROUPROLEATTRIBUTE']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="authentication_method"
newPropertyValue=authentication_method
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
else:
log( "LDAP file: "+ ldap_file +" does not exists","exception")
if authentication_method == "ACTIVE_DIRECTORY":
log("[I] Loading ACTIVE DIRECTORY attributes and properties", "debug")
newPropertyValue=''
ldap_file= os.path.join(webappRoot, "WEB-INF", "classes", "conf", "xa_ldap.properties")
if os.path.isfile(ldap_file):
log("LDAP file : "+ ldap_file + " file found", "info")
propertyName="xa_ldap_ad_url"
newPropertyValue=conf_dict['RANGER_LDAP_AD_URL']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="xa_ldap_ad_domain"
newPropertyValue=conf_dict['RANGER_LDAP_AD_DOMAIN']
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
###########
propertyName="authentication_method"
newPropertyValue=authentication_method
# cObj.set('LDAP_AD_CONF',propertyName,newPropertyValue)
ModConfig(ldap_file,propertyName,newPropertyValue)
else:
log(ldap_file + " does not exists", "exception")
# with open(ldap_file, 'wb') as configfile:
# cObj.write(configfile)
#
# #if authentication_method == "UNIX":
# ## I think it is not needed for Windows
# ##do_unixauth_setup
# log("Finished setup based on user authentication method=authentication_method", "info")
#pass
def setup_audit_user_db():
global conf_dict
MYSQL_BIN = conf_dict['MYSQL_BIN']
MYSQL_HOST = conf_dict['RANGER_AUDIT_DB_HOST']
db_root_password = conf_dict["RANGER_AUDIT_DB_ROOT_PASSWORD"]
audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"]
audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"]
audit_db_name = conf_dict['RANGER_AUDIT_DB_NAME']
db_audit_file = conf_dict['db_audit_file']
#check_mysql_audit_user_password()
log("\n--------- Creating mysql audit user --------- \n","info")
create_mysql_user(audit_db_name, audit_db_user, audit_db_password, MYSQL_HOST, db_root_password)
log("\n--------- Creating mysql audit user DONE----- \n","info")
log("\n--------- Importing Audit Database ---------\n","info")
# Verify if audit db is present
if verify_db(audit_db_user, audit_db_password, audit_db_name, MYSQL_HOST):
log("\nDatabase "+audit_db_name + " already exists. Ignoring import_db\n","info")
else:
log("\nCreating Database " + audit_db_name, "info")
# Create audit db is not present
cmdArr = get_mysql_cmd('root', db_root_password, MYSQL_HOST)
cmdArr.extend(["-e", "create database %s" %(audit_db_name)])
ret = subprocess.check_call(cmdArr)
if ret != 0:
log("Database creation failed!!","error")
sys.exit(1)
else:
log("Creating database "+audit_db_name+" succeeded", "info")
# Check if audit table exists
AUDIT_TABLE="xa_access_audit"
log("Verifying table "+AUDIT_TABLE+" in audit database "+audit_db_name, "debug")
cmdArr = get_mysql_cmd(audit_db_user, audit_db_password, MYSQL_HOST)
cmdArr.extend([audit_db_name, "-e", "show tables like '%s'" %(AUDIT_TABLE)])
output = subprocess.check_output(cmdArr)
if output.strip('\r\n') != AUDIT_TABLE:
# Import audit table
log("\nImporting Audit Database file: " + db_audit_file,"debug")
if os.path.isfile(db_audit_file):
proc = subprocess.Popen([MYSQL_BIN, "--user=%s" % audit_db_user, "--host=%s" %MYSQL_HOST, "--password=%s" % audit_db_password, audit_db_name],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
out, err = proc.communicate(file(db_audit_file).read())
if (proc.returncode == 0):
log("\nAudit file Imported successfully\n","info")
else:
log("\nAudit file Import failed!\n","info")
sys.exit(1)
else:
log("\nAudit file not found!\n","info")
else:
log("\nTable "+AUDIT_TABLE+" already exists in audit database "+audit_db_name +"\n","info")
log("\n--------- Importing Audit Database DONE-----\n","info")
def setup_admin_db_user():
global conf_dict
MYSQL_HOST = conf_dict['RANGER_ADMIN_DB_HOST']
db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"]
db_password = conf_dict["RANGER_ADMIN_DB_PASSWORD"]
db_root_password = conf_dict["RANGER_ADMIN_DB_ROOT_PASSWORD"]
db_name = conf_dict['RANGER_ADMIN_DB_NAME']
log("--------- Creating mysql user --------- ","info")
create_mysql_user(db_name, db_user, db_password, MYSQL_HOST, db_root_password)
#log("--------- Creating mysql user DONE----- ","info")
#log("--------- Importing Admin Database --------- ","info")
import_db()
#log("--------- Importing Admin Database DONE----- ","info")
#log("--------- Applying patches --------------- ","info")
upgrade_db()
#log("--------- Applying patches DONE----------- ","info")
## Ranger Functions Ends here --------------------
def call_keystore(libpath,aliasKey,aliasValue , filepath,getorcreate):
finalLibPath = libpath.replace('\\','/').replace('//','/')
finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/')
if getorcreate == 'create':
commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath]
p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
output, error = p.communicate()
statuscode = p.returncode
return statuscode
elif getorcreate == 'get':
commandtorun = ['java', '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath]
p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE)
output, error = p.communicate()
statuscode = p.returncode
return statuscode, output
else:
print 'proper command not received for input need get or create'
# Entry point to script using --service
def run_setup(cmd):
init_logfiles()
log("--------- Running Ranger PolicyManager Install Script ---------","debug")
#parse_config_file()
init_variables("service")
setup_install_files()
write_config_to_file()
#extract_war()
update_properties()
#do_authentication_setup()
return
# Entry point to script using --configure
def configure():
init_logfiles()
log("--------- Running Ranger PolicyManager Configure Script --------- ","info")
#parse_config_file()
init_variables("configure")
sanity_check_configure_files()
#log(" --------- Importing DB --------- ","info")
# copy_mysql_connector()
#log(" --------- Creatin Audit DB --------- ","info")
setup_admin_db_user()
setup_audit_user_db()