| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # |
| # This file provides list of deployment variables for the Ranger KMS Web Application |
| # |
| |
| #------------------------- DB CONFIG - BEGIN ---------------------------------- |
| # Uncomment the below if the DBA steps need to be run separately |
| #setup_mode=SeparateDBA |
| |
| PYTHON_COMMAND_INVOKER=python |
| |
| #DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL |
| DB_FLAVOR=MYSQL |
| # |
| # The executable path to be used to invoke command-line MYSQL |
| # |
| #SQL_COMMAND_INVOKER='mysql' |
| #SQL_COMMAND_INVOKER='sqlplus' |
| SQL_COMMAND_INVOKER='mysql' |
| |
| # |
| # Location of DB client library (please check the location of the jar file) |
| # |
| #SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar |
| #SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar |
| #SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar |
| #SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar |
| SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar |
| |
| |
| # |
| # DB password for the DB admin user-id |
| # ************************************************************************** |
| # ** If the password is left empty or not-defined here, |
| # ** it will be prompted to enter the password during installation process |
| # ************************************************************************** |
| # |
| #db_root_user=root|SYS|postgres|sa |
| db_root_user=root |
| db_root_password= |
| db_host=localhost |
| |
| # |
| # DB UserId used for the Ranger KMS schema |
| # |
| db_name=rangerkms |
| db_user=rangerkms |
| db_password= |
| |
| #------------------------- DB CONFIG - END ---------------------------------- |
| |
| #------------------------- RANGER KMS Master Key Crypt Key ------------------ |
| KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd |
| |
| # |
| # ------- UNIX User CONFIG ---------------- |
| # |
| unix_user=kms |
| unix_group=kms |
| # |
| # ------- UNIX User CONFIG - END ---------------- |
| # |
| |
| # |
| # ------- |
| # |
| |
| # Location of Policy Manager URL |
| # |
| # Example: |
| # POLICY_MGR_URL=http://policymanager.xasecure.net:6080 |
| # |
| POLICY_MGR_URL= |
| |
| # |
| # This is the repository name created within policy manager |
| # |
| # Example: |
| # REPOSITORY_NAME=kmsdev |
| # |
| REPOSITORY_NAME=kmsdev |
| |
| # AUDIT configuration with V3 properties |
| |
| #Should audit be summarized at source |
| XAAUDIT.SUMMARY.ENABLE=false |
| |
| # Enable audit logs to Solr |
| #Example |
| #XAAUDIT.SOLR.ENABLE=true |
| #XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits |
| #XAAUDIT.SOLR.ZOOKEEPER= |
| #XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool |
| |
| XAAUDIT.SOLR.ENABLE=false |
| XAAUDIT.SOLR.URL=NONE |
| XAAUDIT.SOLR.USER=NONE |
| XAAUDIT.SOLR.PASSWORD=NONE |
| XAAUDIT.SOLR.ZOOKEEPER=NONE |
| XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool |
| |
| # Enable audit logs to HDFS |
| #Example |
| #XAAUDIT.HDFS.ENABLE=true |
| #XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit |
| #XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/hdfs/spool |
| |
| XAAUDIT.HDFS.ENABLE=false |
| XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit |
| XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/hdfs/spool |
| |
| # End of V3 properties |
| |
| |
| # |
| # AUDIT DB Configuration |
| # |
| # This information should match with the one you specified during the PolicyManager Installation |
| # |
| # Example: |
| # XAAUDIT.DB.IS_ENABLED=true |
| # XAAUDIT.DB.FLAVOUR=MYSQL |
| # XAAUDIT.DB.FLAVOUR=ORACLE |
| # XAAUDIT.DB.HOSTNAME=localhost |
| # XAAUDIT.DB.DATABASE_NAME=ranger_audit |
| # XAAUDIT.DB.USER_NAME=rangerlogger |
| # XAAUDIT.DB.PASSWORD=rangerlogger |
| # |
| XAAUDIT.DB.IS_ENABLED=true |
| XAAUDIT.DB.FLAVOUR=MYSQL |
| XAAUDIT.DB.HOSTNAME= |
| XAAUDIT.DB.DATABASE_NAME= |
| XAAUDIT.DB.USER_NAME= |
| XAAUDIT.DB.PASSWORD= |
| |
| # |
| # Audit to HDFS Configuration |
| # |
| # If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens |
| # that start with __REPLACE__ with appropriate values |
| # XAAUDIT.HDFS.IS_ENABLED=true |
| # XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% |
| # XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit |
| # XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive |
| # |
| # |
| # Example: |
| # XAAUDIT.HDFS.IS_ENABLED=true |
| # XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd% |
| # XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/kms/audit |
| # XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/kms/audit/archive |
| # |
| XAAUDIT.HDFS.IS_ENABLED=false |
| XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% |
| XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/kms/audit |
| XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/kms/audit/archive |
| |
| XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log |
| XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900 |
| XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400 |
| XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60 |
| XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log |
| XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60 |
| XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600 |
| XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10 |
| |
| #Solr Audit Provder |
| XAAUDIT.SOLR.IS_ENABLED=false |
| XAAUDIT.SOLR.MAX_QUEUE_SIZE=1 |
| XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000 |
| XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits |
| |
| # |
| # SSL Client Certificate Information |
| # |
| # Example: |
| # SSL_KEYSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-keystore.jks |
| # SSL_KEYSTORE_PASSWORD=none |
| # SSL_TRUSTSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-truststore.jks |
| # SSL_TRUSTSTORE_PASSWORD=none |
| # |
| # You do not need use SSL between agent and security admin tool, please leave these sample value as it is. |
| # |
| SSL_KEYSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-keystore.jks |
| SSL_KEYSTORE_PASSWORD=myKeyFilePassword |
| SSL_TRUSTSTORE_FILE_PATH=/etc/ranger/kms/conf/ranger-plugin-truststore.jks |
| SSL_TRUSTSTORE_PASSWORD=changeit |
| |
| # ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### |
| # |
| # --- These deployment variables are not to be modified unless you understand the full impact of the changes |
| # |
| ################################################################################ |
| |
| KMS_DIR=$PWD |
| app_home=$PWD/ews/webapp |
| TMPFILE=$PWD/.fi_tmp |
| LOGFILE=$PWD/logfile |
| LOGFILES="$LOGFILE" |
| |
| JAVA_BIN='java' |
| JAVA_VERSION_REQUIRED='1.7' |
| JAVA_ORACLE='Java(TM) SE Runtime Environment' |
| |
| mysql_core_file=db/mysql/kms_core_db.sql |
| |
| oracle_core_file=db/oracle/kms_core_db_oracle.sql |
| |
| postgres_core_file=db/postgres/kms_core_db_postgres.sql |
| |
| sqlserver_core_file=db/sqlserver/kms_core_db_sqlserver.sql |
| |
| cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks |
| |
| KMS_BLACKLIST_DECRYPT_EEK=hdfs |