diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 9e4cdcd20d..fde0a87e6f 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -25,7 +25,7 @@ on: - beta - development - master - - lineageondemand + - plt-474-cve-fix jobs: build: diff --git a/Dockerfile b/Dockerfile index cf2b8f382f..8915d575a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,7 +34,6 @@ RUN apt-get update \ netcat \ curl \ && cd / \ - && mkdir /opt/ranger-atlas-plugin \ && export MAVEN_OPTS="-Xms2g -Xmx2g" \ && export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64" \ && tar -xzvf /apache-atlas-3.0.0-SNAPSHOT-server.tar.gz -C /opt \ @@ -57,22 +56,11 @@ COPY atlas-hub/repair_index.py /opt/apache-atlas/bin/ RUN chmod +x /opt/apache-atlas/bin/repair_index.py COPY atlas-hub/atlas_start.py.patch atlas-hub/atlas_config.py.patch /opt/apache-atlas/bin/ -COPY atlas-hub/pre-conf/ranger/lib/ /opt/apache-atlas/libext/ -COPY atlas-hub/pre-conf/ranger/install/conf.templates/enable/ /opt/apache-atlas/conf/ COPY atlas-hub/pre-conf/atlas-log4j.xml /opt/apache-atlas/conf/ COPY atlas-hub/pre-conf/atlas-log4j2.xml /opt/apache-atlas/conf/ -COPY atlas-hub/pre-conf/ranger/ /opt/ranger-atlas-plugin/ -COPY atlas-hub/env_change.sh / RUN curl https://repo1.maven.org/maven2/org/jolokia/jolokia-jvm/1.6.2/jolokia-jvm-1.6.2-agent.jar -o /opt/apache-atlas/libext/jolokia-jvm-agent.jar -RUN cd /opt/apache-atlas/bin \ - && sed "s~ATLAS_INSTALL_DIR~/opt/apache-atlas~g" /opt/ranger-atlas-plugin/install.properties > /tmp/install.properties \ - && cp /tmp/install.properties /opt/ranger-atlas-plugin/install.properties \ - && chmod +x /env_change.sh -# && patch -b -f < atlas_start.py.patch \ -# && patch -b -f < atlas_config.py.patch \ - RUN cd /opt/apache-atlas/bin \ && ./atlas_start.py -setup || true diff --git a/addons/hbase-bridge/pom.xml b/addons/hbase-bridge/pom.xml index a6ed51421f..fe5a711816 100644 --- a/addons/hbase-bridge/pom.xml +++ b/addons/hbase-bridge/pom.xml @@ -214,12 +214,6 @@ - - org.apache.hadoop - hadoop-auth - ${hadoop.version} - compile - org.apache.atlas atlas-client-v2 diff --git a/addons/kafka-bridge/pom.xml b/addons/kafka-bridge/pom.xml index 30fb53d27c..820b478441 100644 --- a/addons/kafka-bridge/pom.xml +++ b/addons/kafka-bridge/pom.xml @@ -131,12 +131,6 @@ - - org.apache.hadoop - hadoop-auth - ${hadoop.version} - compile - diff --git a/atlas-hub/env_change.sh b/atlas-hub/env_change.sh deleted file mode 100644 index 66e0718bbf..0000000000 --- a/atlas-hub/env_change.sh +++ /dev/null @@ -1,24 +0,0 @@ -#! /bin/bash - -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -sed -i -e "s~RANGER_SERVICE_URL~${RANGER_SERVICE_URL}~g" /opt/ranger-atlas-plugin/install.properties -sed -i -e "s~ATLAS_REPOSITORY_NAME~${ATLAS_REPOSITORY_NAME}~g" /opt/ranger-atlas-plugin/install.properties -bash /opt/ranger-atlas-plugin/enable-atlas-plugin.sh -sleep 10 \ No newline at end of file diff --git a/atlas-hub/pre-conf/ranger/disable-atlas-plugin.sh b/atlas-hub/pre-conf/ranger/disable-atlas-plugin.sh deleted file mode 100755 index a15728f695..0000000000 --- a/atlas-hub/pre-conf/ranger/disable-atlas-plugin.sh +++ /dev/null @@ -1,795 +0,0 @@ -#!/bin/bash - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -function getInstallProperty() { - local propertyName=$1 - local propertyValue="" - - for file in "${COMPONENT_INSTALL_ARGS}" "${INSTALL_ARGS}" - do - if [ -f "${file}" ] - then - propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'` - if [ "${propertyValue}" != "" ] - then - break - fi - fi - done - - echo ${propertyValue} -} - -# -# Base env variable for Ranger related files/directories -# -PROJ_NAME=ranger - -# -# The script should be run by "root" user -# - -if [ ! -w /etc/passwd ] -then - echo "ERROR: $0 script should be run as root." - exit 1 -fi - -#Check for JAVA_HOME -if [ "${JAVA_HOME}" == "" ] -then - echo "ERROR: JAVA_HOME environment property not defined, aborting installation." - exit 1 -fi - -# -# Identify the component, action from the script file -# - -basedir=`dirname $0` -if [ "${basedir}" = "." ] -then - basedir=`pwd` -elif [ "${basedir}" = ".." ] -then - basedir=`(cd .. ;pwd)` -fi - -# -# As this script is common to all component, find the component name based on the script-name -# - -COMPONENT_NAME=`basename $0 | cut -d. -f1 | sed -e 's:^disable-::' | sed -e 's:^enable-::'` - -echo "${COMPONENT_NAME}" | grep 'plugin' > /dev/null 2>&1 - -if [ $? -ne 0 ] -then - echo "$0 : is not applicable for component [${COMPONENT_NAME}]. It is applicable only for ranger plugin component; Exiting ..." - exit 0 -fi - -HCOMPONENT_NAME=`echo ${COMPONENT_NAME} | sed -e 's:-plugin::'` - -CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" - -if [ "${HCOMPONENT_NAME}" = "hdfs" ] -then - HCOMPONENT_NAME="hadoop" -fi - -# -# Based on script name, identify if the action is enabled or disabled -# - -basename $0 | cut -d. -f1 | grep '^enable-' > /dev/null 2>&1 - -if [ $? -eq 0 ] -then - action=enable -else - action=disable -fi - - -# -# environment variables for enable|disable scripts -# - -PROJ_INSTALL_DIR=`(cd ${basedir} ; pwd)` -SET_ENV_SCRIPT_NAME=set-${COMPONENT_NAME}-env.sh -SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME} -DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/install/conf.templates/default/configuration.xml -PROJ_LIB_DIR=${PROJ_INSTALL_DIR}/lib -PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/install/lib" -INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties" -COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/${COMPONENT_NAME}-install.properties" -JAVA=$JAVA_HOME/bin/java - -PLUGIN_DEPENDENT_LIB_DIR=lib/"${PROJ_NAME}-${COMPONENT_NAME}-impl" -PROJ_LIB_PLUGIN_DIR=${PROJ_INSTALL_DIR}/${PLUGIN_DEPENDENT_LIB_DIR} - -HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME') - - -CUSTOM_USER=$(getInstallProperty 'CUSTOM_USER') -CUSTOM_USER=${CUSTOM_USER// } - -CUSTOM_GROUP=$(getInstallProperty 'CUSTOM_GROUP') -CUSTOM_GROUP=${CUSTOM_GROUP// } - -CUSTOM_GROUP_STATUS=${CUSTOM_GROUP}; -CUSTOM_USER_STATUS=${CUSTOM_USER}; -egrep "^$CUSTOM_GROUP" /etc/group >& /dev/null -if [ $? -ne 0 ] -then - CUSTOM_GROUP_STATUS="" -fi -id -u ${CUSTOM_USER} > /dev/null 2>&1 -if [ $? -ne 0 ] -then - CUSTOM_USER_STATUS="" -fi - -if [ ! -z "${CUSTOM_USER_STATUS}" ] && [ ! -z "${CUSTOM_GROUP_STATUS}" ] -then - echo "Custom user and group is available, using custom user and group." - CFG_OWNER_INF="${CUSTOM_USER}:${CUSTOM_GROUP}" -elif [ ! -z "${CUSTOM_USER_STATUS}" ] && [ -z "${CUSTOM_GROUP_STATUS}" ] -then - echo "Custom user is available, using custom user and default group." - CFG_OWNER_INF="${CUSTOM_USER}:${HCOMPONENT_NAME}" -elif [ -z "${CUSTOM_USER_STATUS}" ] && [ ! -z "${CUSTOM_GROUP_STATUS}" ] -then - echo "Custom group is available, using default user and custom group." - CFG_OWNER_INF="${HCOMPONENT_NAME}:${CUSTOM_GROUP}" -else - echo "Custom user and group are not available, using default user and group." - CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" -fi - -if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ] -then - if [ "${HCOMPONENT_NAME}" = "knox" ]; - then - HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'KNOX_HOME') - fi - if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ] - then - HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME} - fi -fi - -firstletter=${HCOMPONENT_INSTALL_DIR_NAME:0:1} -if [ "$firstletter" = "/" ]; then - hdir=${HCOMPONENT_INSTALL_DIR_NAME} -else - hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME} -fi - -# -# TEST - START -# -if [ ! -d ${hdir} ] -then - mkdir -p ${hdir} -fi -# -# TEST - END -# -HCOMPONENT_INSTALL_DIR=`(cd ${hdir} ; pwd)` -HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/lib -if [ "${HCOMPONENT_NAME}" = "knox" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/ext -elif [ "${HCOMPONENT_NAME}" = "solr" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib -elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libs -elif [ "${HCOMPONENT_NAME}" = "storm" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/extlib-daemon -elif [ "${HCOMPONENT_NAME}" = "atlas" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libext -elif [ "${HCOMPONENT_NAME}" = "hadoop" ] || - [ "${HCOMPONENT_NAME}" = "yarn" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/share/hadoop/hdfs/lib -elif [ "${HCOMPONENT_NAME}" = "sqoop" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/server/lib -elif [ "${HCOMPONENT_NAME}" = "kylin" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/tomcat/webapps/kylin/WEB-INF/lib -elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugins -elif [ "${HCOMPONENT_NAME}" = "presto" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugin/ranger - if [ ! -d "${HCOMPONENT_LIB_DIR}" ]; then - echo "INFO: Creating ${HCOMPONENT_LIB_DIR}" - mkdir -p ${HCOMPONENT_LIB_DIR} - fi -fi - -HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf -if [ "${HCOMPONENT_NAME}" = "solr" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/resources - if [ ! -d $HCOMPONENT_CONF_DIR ]; then - install_owner=`ls -ld | cut -f 3 -d " "` - echo "INFO: Creating $HCOMPONENT_CONF_DIR" - mkdir -p $HCOMPONENT_CONF_DIR - echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $install_owner" - chown $install_owner:$install_owner $HCOMPONENT_CONF_DIR - fi -elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/config -elif [ "${HCOMPONENT_NAME}" = "hadoop" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc/hadoop -elif [ "${HCOMPONENT_NAME}" = "yarn" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc/hadoop -elif [ "${HCOMPONENT_NAME}" = "sqoop" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf -elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/config/ranger-elasticsearch-plugin - if [ ! -d $HCOMPONENT_CONF_DIR ]; then - echo "INFO: Creating $HCOMPONENT_CONF_DIR" - mkdir -p $HCOMPONENT_CONF_DIR - echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $CFG_OWNER_INF" - chown $CFG_OWNER_INF $HCOMPONENT_CONF_DIR - fi -elif [ "${HCOMPONENT_NAME}" = "presto" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc -fi - -HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive -SET_ENV_SCRIPT=${HCOMPONENT_CONF_DIR}/${SET_ENV_SCRIPT_NAME} - - -if [ ! -d "${HCOMPONENT_INSTALL_DIR}" ] -then - echo "ERROR: Unable to find the install directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_INSTALL_DIR}] not found." - echo "Exiting installation." - exit 1 -fi - -if [ ! -d "${HCOMPONENT_CONF_DIR}" ] -then - echo "ERROR: Unable to find the conf directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_CONF_DIR}] not found." - echo "Exiting installation." - exit 1 -fi - -if [ ! -d "${HCOMPONENT_LIB_DIR}" ] -then - mkdir -p "${HCOMPONENT_LIB_DIR}" - if [ ! -d "${HCOMPONENT_LIB_DIR}" ] - then - echo "ERROR: Unable to find the lib directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_LIB_DIR}] not found." - echo "Exiting installation." - exit 1 - fi -fi - -ambari_hive_install="N" -if [ "${HCOMPONENT_NAME}" = "hive" ] -then - HCOMPONENT_CONF_SERVER_DIR="${HCOMPONENT_CONF_DIR}"/conf.server - if [ -d "${HCOMPONENT_CONF_SERVER_DIR}" ] - then - ambari_hive_install="Y" - fi -fi - -# -# Common functions used by all enable/disable scripts -# - -log() { - echo "+ `date` : $*" -} - - -create_jceks() { - - alias=$1 - pass=$2 - jceksFile=$3 - - if [ -f "${jceksFile}" ] - then - jcebdir=`dirname ${jceksFile}` - jcebname=`basename ${jceksFile}` - archive_jce=${jcebdir}/.${jcebname}.`date '+%Y%m%d%H%M%S'` - log "Saving current JCE file: ${jceksFile} to ${archive_jce} ..." - cp ${jceksFile} ${archive_jce} - fi - - tempFile=/tmp/jce.$$.out - - $JAVA_HOME/bin/java -cp ":${PROJ_INSTALL_LIB_DIR}/*:" org.apache.ranger.credentialapi.buildks create "${alias}" -value "${pass}" -provider "jceks://file${jceksFile}" > ${tempFile} 2>&1 - - if [ $? -ne 0 ] - then - echo "Unable to store password in non-plain text format. Error: [`cat ${tempFile}`]" - echo "Exiting plugin installation" - rm -f ${tempFile} - exit 0 - fi - - rm -f ${tempFile} -} - -log "${HCOMPONENT_NAME}: lib folder=$HCOMPONENT_LIB_DIR conf folder=$HCOMPONENT_CONF_DIR" - -# -# If there is a set-ranger-${COMPONENT}-env.sh, install it -# -dt=`date '+%Y%m%d-%H%M%S'` - -if [ -f "${SET_ENV_SCRIPT_TEMPLATE}" ] -then - # - # If the setenv script already exists, move it to the archive folder - # - if [ -f "${SET_ENV_SCRIPT}" ] - then - if [ ! -d "${HCOMPONENT_ARCHIVE_CONF_DIR}" ] - then - mkdir -p ${HCOMPONENT_ARCHIVE_CONF_DIR} - fi - log "Saving current ${SET_ENV_SCRIPT_NAME} to ${HCOMPONENT_ARCHIVE_CONF_DIR} ..." - mv ${SET_ENV_SCRIPT} ${HCOMPONENT_ARCHIVE_CONF_DIR}/${SET_ENV_SCRIPT_NAME}.${dt} - fi - - if [ "${action}" = "enable" ] - then - - cp ${SET_ENV_SCRIPT_TEMPLATE} ${SET_ENV_SCRIPT} - - DEST_SCRIPT_FILE=${HCOMPONENT_INSTALL_DIR}/libexec/${HCOMPONENT_NAME}-config.sh - - DEST_SCRIPT_ARCHIVE_FILE=${HCOMPONENT_INSTALL_DIR}/libexec/.${HCOMPONENT_NAME}-config.sh.${dt} - - if [ -f "${DEST_SCRIPT_FILE}" ] - then - - log "Saving current ${DEST_SCRIPT_FILE} to ${DEST_SCRIPT_ARCHIVE_FILE} ..." - - cp ${DEST_SCRIPT_FILE} ${DEST_SCRIPT_ARCHIVE_FILE} - - grep 'xasecure-.*-env.sh' ${DEST_SCRIPT_FILE} > /dev/null 2>&1 - if [ $? -eq 0 ] - then - ts=`date '+%Y%m%d%H%M%S'` - grep -v 'xasecure-.*-env.sh' ${DEST_SCRIPT_FILE} > ${DEST_SCRIPT_FILE}.${ts} - if [ $? -eq 0 ] - then - log "Removing old reference to xasecure setenv source ..." - cat ${DEST_SCRIPT_FILE}.${ts} > ${DEST_SCRIPT_FILE} - rm -f ${DEST_SCRIPT_FILE}.${ts} - fi - fi - - grep "[ \t]*.[ \t]*${SET_ENV_SCRIPT}" ${DEST_SCRIPT_FILE} > /dev/null - if [ $? -ne 0 ] - then - log "Appending sourcing script, ${SET_ENV_SCRIPT_NAME} in the file: ${DEST_SCRIPT_FILE} " - cat >> ${DEST_SCRIPT_FILE} <\n`date`\n" > ${HCOMPONENT_CONF_DIR}/ranger-security.xml - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/ranger-security.xml - chmod a+r ${HCOMPONENT_CONF_DIR}/ranger-security.xml - for cf in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.xml - do - cfb=`basename ${cf}` - if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ] - then - log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..." - cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} - fi - cp ${cf} ${HCOMPONENT_CONF_DIR}/ - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb} - chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb} - done - else - if [ -f ${HCOMPONENT_CONF_DIR}/ranger-security.xml ] - then - mv ${HCOMPONENT_CONF_DIR}/ranger-security.xml ${HCOMPONENT_CONF_DIR}/.ranger-security.xml.`date '+%Y%m%d%H%M%S'` - fi - fi - - # - # Ensure that POLICY_CACHE_FILE_PATH is accessible - # - REPO_NAME=$(getInstallProperty 'REPOSITORY_NAME') - export POLICY_CACHE_FILE_PATH=/etc/${PROJ_NAME}/${REPO_NAME}/policycache - export CREDENTIAL_PROVIDER_FILE=/etc/${PROJ_NAME}/${REPO_NAME}/cred.jceks - if [ ! -d ${POLICY_CACHE_FILE_PATH} ] - then - mkdir -p ${POLICY_CACHE_FILE_PATH} - fi - chmod a+rx /etc/${PROJ_NAME} - chmod a+rx /etc/${PROJ_NAME}/${REPO_NAME} - chmod a+rx ${POLICY_CACHE_FILE_PATH} - chown -R ${CFG_OWNER_INF} /etc/${PROJ_NAME}/${REPO_NAME} - - for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg - do - if [ -f "${f}" ] - then - fn=`basename $f` - orgfn=`echo $fn | sed -e 's:-changes.cfg:.xml:'` - fullpathorgfn="${HCOMPONENT_CONF_DIR}/${orgfn}" - if [ ! -f ${fullpathorgfn} ] - then - if [ -f ${DEFAULT_XML_CONFIG} ] - then - log "Creating default file from [${DEFAULT_XML_CONFIG}] for [${fullpathorgfn}] .." - cp ${DEFAULT_XML_CONFIG} ${fullpathorgfn} - chown ${CFG_OWNER_INF} ${fullpathorgfn} - chmod a+r ${fullpathorgfn} - else - echo "ERROR: Unable to find ${fullpathorgfn}" - exit 1 - fi - fi - archivefn="${HCOMPONENT_CONF_DIR}/.${orgfn}.${dt}" - newfn="${HCOMPONENT_CONF_DIR}/.${orgfn}-new.${dt}" - log "Saving current config file: ${fullpathorgfn} to ${archivefn} ..." - cp ${fullpathorgfn} ${archivefn} - if [ $? -eq 0 ] - then - ${JAVA} -cp "${INSTALL_CP}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} -p ${INSTALL_ARGS} - if [ $? -eq 0 ] - then - diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1 - if [ $? -ne 0 ] - then - cat ${newfn} > ${fullpathorgfn} - fi - - # For Ambari install copy the .xml to conf.server also - if [ "${ambari_hive_install}" = "Y" ] - then - fullpathorgHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/${orgfn}" - archiveHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/.${orgfn}.${dt}" - newHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/.${orgfn}-new.${dt}" - log "Saving current conf.server file: ${fullpathorgHS2fn} to ${archiveHS2fn} ..." - if [ -f ${fullpathorgHS2fn} ] - then - cp ${fullpathorgHS2fn} ${archiveHS2fn} - fi - cp ${fullpathorgfn} ${HCOMPONENT_CONF_SERVER_DIR}/${orgfn} - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_SERVER_DIR}/${orgfn} - fi - - else - echo "ERROR: Unable to make changes to config. file: ${fullpathorgfn}" - echo "exiting ...." - exit 1 - fi - else - echo "ERROR: Unable to save config. file: ${fullpathorgfn} to ${archivefn}" - echo "exiting ...." - exit 1 - fi - fi - done - if [ "${HCOMPONENT_NAME}" = "hbase" ] || [ "${HCOMPONENT_NAME}" = "storm" ]; - then - chmod 644 ${HCOMPONENT_CONF_DIR}/* - fi -fi - -# -# Create library link -# -if [ "${action}" = "enable" ] -then - dt=`date '+%Y%m%d%H%M%S'` - for f in ${PROJ_LIB_DIR}/* - do - if [ -f "${f}" ] || [ -d "${f}" ] - then - bn=`basename $f` - if [ -f ${HCOMPONENT_LIB_DIR}/${bn} ] || [ -d ${HCOMPONENT_LIB_DIR}/${bn} ] - then - log "Saving lib file: ${HCOMPONENT_LIB_DIR}/${bn} to ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} ..." - mv ${HCOMPONENT_LIB_DIR}/${bn} ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} - fi - if [ ! -f ${HCOMPONENT_LIB_DIR}/${bn} ] && [ ! -d ${HCOMPONENT_LIB_DIR}/${bn} ] - then - ln -s ${f} ${HCOMPONENT_LIB_DIR}/${bn} - fi - fi - done - - # - # Encrypt the password and keep it secure in Credential Provider API - # - CredFile=${CREDENTIAL_PROVIDER_FILE} - if ! [ `echo ${CredFile} | grep '^/.*'` ] - then - echo "ERROR:Please enter the Credential File Store with proper file path" - exit 1 - fi - - pardir=`dirname ${CredFile}` - - if [ ! -d "${pardir}" ] - then - mkdir -p "${pardir}" - if [ $? -ne 0 ] - then - echo "ERROR: Unable to create credential store file path" - exit 1 - fi - chmod a+rx "${pardir}" - fi - - # - # Generate Credential Provider file and Credential for SSL KEYSTORE AND TRUSTSTORE - # - sslkeystoreAlias="sslKeyStore" - sslkeystoreCred=$(getInstallProperty 'SSL_KEYSTORE_PASSWORD') - create_jceks "${sslkeystoreAlias}" "${sslkeystoreCred}" "${CredFile}" - ssltruststoreAlias="sslTrustStore" - ssltruststoreCred=$(getInstallProperty 'SSL_TRUSTSTORE_PASSWORD') - create_jceks "${ssltruststoreAlias}" "${ssltruststoreCred}" "${CredFile}" - chown ${CFG_OWNER_INF} ${CredFile} - # - # To allow all users in the server (where Hive CLI and HBase CLI is used), - # user needs to have read access for the credential file. - # - chmod a+r ${CredFile} -fi - -# -# Knox specific configuration -# -# - -if [ "${HCOMPONENT_NAME}" = "knox" ] -then - if [ "${action}" = "enable" ] - then - authFrom="AclsAuthz" - authTo="XASecurePDPKnox" - else - authTo="AclsAuthz" - authFrom="XASecurePDPKnox" - fi - - dt=`date '+%Y%m%d%H%M%S'` - for fn in `ls ${HCOMPONENT_CONF_DIR}/topologies/*.xml 2> /dev/null` - do - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - echo "Updating topology file: [${fn}] ... " - cat ${fn} | sed -e "s-${authFrom}-${authTo}-" > ${fn}.${dt}.new - if [ $? -eq 0 ] - then - cat ${fn}.${dt}.new > ${fn} - rm ${fn}.${dt}.new - fi - fi - done -fi - -if [ "${HCOMPONENT_NAME}" = "storm" ] -then - CFG_FILE=${HCOMPONENT_CONF_DIR}/storm.yaml - ARCHIVE_FILE=${HCOMPONENT_CONF_DIR}/.storm.yaml.`date '+%Y%m%d%H%M%S'` - - if [ -f "${CFG_FILE}" ] - then - cp ${CFG_FILE} ${ARCHIVE_FILE} - - if [ "${action}" = "enable" ] - then - awk -F: 'BEGIN { - configured = 0 ; - } - { - if ($1 == "nimbus.authorizer") { - if ($2 ~ /^[ \t]*"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer"[ \t]*$/) { - configured = 1 ; - printf("%s\n",$0) ; - } - else { - printf("#%s\n",$0); - printf("nimbus.authorizer: \"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer\"\n") ; - configured = 1 ; - } - } - else { - printf("%s\n",$0) ; - } - } - END { - if (configured == 0) { - printf("nimbus.authorizer: \"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer\"\n") ; - } - }' ${CFG_FILE} > ${CFG_FILE}.new && cat ${CFG_FILE}.new > ${CFG_FILE} && rm -f ${CFG_FILE}.new - - else - awk -F: 'BEGIN { - configured = 0 ; - } - { - if ($1 == "nimbus.authorizer") { - if ($2 ~ /^[ \t]*"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer"[ \t]*$/) { - configured = 1 ; - printf("%s\n",$0) ; - } - else { - printf("#%s\n",$0); - printf("nimbus.authorizer: \"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer\"\n") ; - configured = 1 ; - } - } - else { - printf("%s\n",$0) ; - } - } - END { - if (configured == 0) { - printf("nimbus.authorizer: \"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer\"\n") ; - } - }' ${CFG_FILE} > ${CFG_FILE}.new && cat ${CFG_FILE}.new > ${CFG_FILE} && rm -f ${CFG_FILE}.new - fi - fi -fi - -#Check Properties whether in File, return code 1 if not exist -#$1 -> propertyName; $2 -> fileName -checkPropertyInFile(){ - validate=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f1-) # for validation - if test -z "$validate" ; then return 1; fi -} - -#Add Properties to File -#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName -addPropertyToFile(){ - echo "$1=$2">>$3 - validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation - if test -z "$validate" ; then log "[E] Failed to add properties '$1' to $3 file!"; exit 1; fi - echo "Property $1 added successfully with : '$2'" -} - -#Update Properties to File -#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName -updatePropertyToFile(){ - sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3 - validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation - if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi - echo "Property $1 updated successfully with : '$2'" -} - -#Add or Update Properties to File -#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName -addOrUpdatePropertyToFile(){ - checkPropertyInFile $1 $3 - if [ $? -eq 1 ] - then - addPropertyToFile $1 $2 $3 - else - updatePropertyToFile $1 $2 $3 - fi -} - -if [ "${HCOMPONENT_NAME}" = "sqoop" ] -then - if [ "${action}" = "enable" ] - then - authName="org.apache.ranger.authorization.sqoop.authorizer.RangerSqoopAuthorizer" - else - authName="" - fi - - dt=`date '+%Y%m%d%H%M%S'` - fn=`ls ${HCOMPONENT_CONF_DIR}/sqoop.properties 2> /dev/null` - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - echo "Add or Update properties file: [${fn}] ... " - addOrUpdatePropertyToFile org.apache.sqoop.security.authorization.validator $authName ${fn} - fi -fi - -if [ "${HCOMPONENT_NAME}" = "kylin" ] -then - if [ "${action}" = "enable" ] - then - authName="org.apache.ranger.authorization.kylin.authorizer.RangerKylinAuthorizer" - else - authName="" - fi - - dt=`date '+%Y%m%d%H%M%S'` - fn=`ls ${HCOMPONENT_CONF_DIR}/kylin.properties 2> /dev/null` - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - echo "Add or Update properties file: [${fn}] ... " - addOrUpdatePropertyToFile kylin.server.external-acl-provider $authName ${fn} - fi -fi - -if [ "${HCOMPONENT_NAME}" = "presto" ] -then - if [ "${action}" = "enable" ] - then - controlName="ranger" - else - controlName="" - fi - dt=`date '+%Y%m%d%H%M%S'` - fn=`ls ${HCOMPONENT_CONF_DIR}/access-control.properties 2> /dev/null` - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - else - fn=${HCOMPONENT_CONF_DIR}/access-control.properties - fi - echo "Add or Update properties file: [${fn}] ... " - addOrUpdatePropertyToFile access-control.name $controlName ${fn} - echo "Linking config files" - cd ${HCOMPONENT_LIB_DIR}/ranger-presto-plugin-impl/ - ln -sf ${HCOMPONENT_CONF_DIR} conf -fi - - -# -# Set notice to restart the ${HCOMPONENT_NAME} -# - -echo "Ranger Plugin for ${HCOMPONENT_NAME} has been ${action}d. Please restart ${HCOMPONENT_NAME} to ensure that changes are effective." - -exit 0 diff --git a/atlas-hub/pre-conf/ranger/enable-atlas-plugin.sh b/atlas-hub/pre-conf/ranger/enable-atlas-plugin.sh deleted file mode 100755 index 10c7fcfb0a..0000000000 --- a/atlas-hub/pre-conf/ranger/enable-atlas-plugin.sh +++ /dev/null @@ -1,798 +0,0 @@ -#!/bin/bash -JAVA_HOME='/usr/lib/jvm/java-1.8.0-openjdk-amd64' - -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -function getInstallProperty() { - local propertyName=$1 - local propertyValue="" - - for file in "${COMPONENT_INSTALL_ARGS}" "${INSTALL_ARGS}" - do - if [ -f "${file}" ] - then - propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'` - if [ "${propertyValue}" != "" ] - then - break - fi - fi - done - - echo ${propertyValue} -} - -# -# Base env variable for Ranger related files/directories -# -PROJ_NAME=ranger - -# -# The script should be run by "root" user -# - -if [ ! -w /etc/passwd ] -then - echo "ERROR: $0 script should be run as root." - exit 1 -fi - -#Check for JAVA_HOME -if [ "${JAVA_HOME}" == "" ] -then - echo "ERROR: JAVA_HOME environment property not defined, aborting installation." - exit 1 -fi - -# -# Identify the component, action from the script file -# - -basedir=`dirname $0` -if [ "${basedir}" = "." ] -then - basedir=`pwd` -elif [ "${basedir}" = ".." ] -then - basedir=`(cd .. ;pwd)` -fi - -# -# As this script is common to all component, find the component name based on the script-name -# - -COMPONENT_NAME=`basename $0 | cut -d. -f1 | sed -e 's:^disable-::' | sed -e 's:^enable-::'` - -echo "${COMPONENT_NAME}" | grep 'plugin' > /dev/null 2>&1 - -if [ $? -ne 0 ] -then - echo "$0 : is not applicable for component [${COMPONENT_NAME}]. It is applicable only for ranger plugin component; Exiting ..." - exit 0 -fi - -HCOMPONENT_NAME=`echo ${COMPONENT_NAME} | sed -e 's:-plugin::'` - -CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" - -if [ "${HCOMPONENT_NAME}" = "hdfs" ] -then - HCOMPONENT_NAME="hadoop" -fi - -# -# Based on script name, identify if the action is enabled or disabled -# - -basename $0 | cut -d. -f1 | grep '^enable-' > /dev/null 2>&1 - -if [ $? -eq 0 ] -then - action=enable -else - action=disable -fi - - -# -# environment variables for enable|disable scripts -# - -PROJ_INSTALL_DIR=`(cd ${basedir} ; pwd)` -SET_ENV_SCRIPT_NAME=set-${COMPONENT_NAME}-env.sh -SET_ENV_SCRIPT_TEMPLATE=${PROJ_INSTALL_DIR}/install/conf.templates/enable/${SET_ENV_SCRIPT_NAME} -DEFAULT_XML_CONFIG=${PROJ_INSTALL_DIR}/install/conf.templates/default/configuration.xml -PROJ_LIB_DIR=${PROJ_INSTALL_DIR}/lib -PROJ_INSTALL_LIB_DIR="${PROJ_INSTALL_DIR}/install/lib" -INSTALL_ARGS="${PROJ_INSTALL_DIR}/install.properties" -COMPONENT_INSTALL_ARGS="${PROJ_INSTALL_DIR}/${COMPONENT_NAME}-install.properties" -JAVA=$JAVA_HOME/bin/java - -PLUGIN_DEPENDENT_LIB_DIR=lib/"${PROJ_NAME}-${COMPONENT_NAME}-impl" -PROJ_LIB_PLUGIN_DIR=${PROJ_INSTALL_DIR}/${PLUGIN_DEPENDENT_LIB_DIR} - -HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME') - - -CUSTOM_USER=$(getInstallProperty 'CUSTOM_USER') -CUSTOM_USER=${CUSTOM_USER// } - -CUSTOM_GROUP=$(getInstallProperty 'CUSTOM_GROUP') -CUSTOM_GROUP=${CUSTOM_GROUP// } - -CUSTOM_GROUP_STATUS=${CUSTOM_GROUP}; -CUSTOM_USER_STATUS=${CUSTOM_USER}; -egrep "^$CUSTOM_GROUP" /etc/group >& /dev/null -if [ $? -ne 0 ] -then - CUSTOM_GROUP_STATUS="" -fi -id -u ${CUSTOM_USER} > /dev/null 2>&1 -if [ $? -ne 0 ] -then - CUSTOM_USER_STATUS="" -fi - -if [ ! -z "${CUSTOM_USER_STATUS}" ] && [ ! -z "${CUSTOM_GROUP_STATUS}" ] -then - echo "Custom user and group is available, using custom user and group." - CFG_OWNER_INF="${CUSTOM_USER}:${CUSTOM_GROUP}" -elif [ ! -z "${CUSTOM_USER_STATUS}" ] && [ -z "${CUSTOM_GROUP_STATUS}" ] -then - echo "Custom user is available, using custom user and default group." - CFG_OWNER_INF="${CUSTOM_USER}:${HCOMPONENT_NAME}" -elif [ -z "${CUSTOM_USER_STATUS}" ] && [ ! -z "${CUSTOM_GROUP_STATUS}" ] -then - echo "Custom group is available, using default user and custom group." - CFG_OWNER_INF="${HCOMPONENT_NAME}:${CUSTOM_GROUP}" -else - echo "Custom user and group are not available, using default user and group." - CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}" -fi - -if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ] -then - if [ "${HCOMPONENT_NAME}" = "knox" ]; - then - HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'KNOX_HOME') - fi - if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ] - then - HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME} - fi -fi - -firstletter=${HCOMPONENT_INSTALL_DIR_NAME:0:1} -if [ "$firstletter" = "/" ]; then - hdir=${HCOMPONENT_INSTALL_DIR_NAME} -else - hdir=${PROJ_INSTALL_DIR}/../${HCOMPONENT_INSTALL_DIR_NAME} -fi - -# -# TEST - START -# -if [ ! -d ${hdir} ] -then - mkdir -p ${hdir} -fi -# -# TEST - END -# -HCOMPONENT_INSTALL_DIR=`(cd ${hdir} ; pwd)` -HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/lib -if [ "${HCOMPONENT_NAME}" = "knox" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/ext -elif [ "${HCOMPONENT_NAME}" = "solr" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/solr-webapp/webapp/WEB-INF/lib -elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libs -elif [ "${HCOMPONENT_NAME}" = "storm" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/extlib-daemon -elif [ "${HCOMPONENT_NAME}" = "atlas" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/libext -elif [ "${HCOMPONENT_NAME}" = "hadoop" ] || - [ "${HCOMPONENT_NAME}" = "yarn" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/share/hadoop/hdfs/lib -elif [ "${HCOMPONENT_NAME}" = "sqoop" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/server/lib -elif [ "${HCOMPONENT_NAME}" = "kylin" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/tomcat/webapps/kylin/WEB-INF/lib -elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugins -elif [ "${HCOMPONENT_NAME}" = "presto" ]; then - HCOMPONENT_LIB_DIR=${HCOMPONENT_INSTALL_DIR}/plugin/ranger - if [ ! -d "${HCOMPONENT_LIB_DIR}" ]; then - echo "INFO: Creating ${HCOMPONENT_LIB_DIR}" - mkdir -p ${HCOMPONENT_LIB_DIR} - fi -fi - -HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf -if [ "${HCOMPONENT_NAME}" = "solr" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/resources - if [ ! -d $HCOMPONENT_CONF_DIR ]; then - install_owner=`ls -ld | cut -f 3 -d " "` - echo "INFO: Creating $HCOMPONENT_CONF_DIR" - mkdir -p $HCOMPONENT_CONF_DIR - echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $install_owner" - chown $install_owner:$install_owner $HCOMPONENT_CONF_DIR - fi -elif [ "${HCOMPONENT_NAME}" = "kafka" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/config -elif [ "${HCOMPONENT_NAME}" = "hadoop" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc/hadoop -elif [ "${HCOMPONENT_NAME}" = "yarn" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc/hadoop -elif [ "${HCOMPONENT_NAME}" = "sqoop" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/conf -elif [ "${HCOMPONENT_NAME}" = "elasticsearch" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/config/ranger-elasticsearch-plugin - if [ ! -d $HCOMPONENT_CONF_DIR ]; then - echo "INFO: Creating $HCOMPONENT_CONF_DIR" - mkdir -p $HCOMPONENT_CONF_DIR - echo "INFO: Changing ownership of $HCOMPONENT_CONF_DIR to $CFG_OWNER_INF" - chown $CFG_OWNER_INF $HCOMPONENT_CONF_DIR - fi -elif [ "${HCOMPONENT_NAME}" = "presto" ]; then - HCOMPONENT_CONF_DIR=${HCOMPONENT_INSTALL_DIR}/etc -fi - -HCOMPONENT_ARCHIVE_CONF_DIR=${HCOMPONENT_CONF_DIR}/.archive -SET_ENV_SCRIPT=${HCOMPONENT_CONF_DIR}/${SET_ENV_SCRIPT_NAME} - - -if [ ! -d "${HCOMPONENT_INSTALL_DIR}" ] -then - echo "ERROR: Unable to find the install directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_INSTALL_DIR}] not found." - echo "Exiting installation." - exit 1 -fi - -if [ ! -d "${HCOMPONENT_CONF_DIR}" ] -then - echo "ERROR: Unable to find the conf directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_CONF_DIR}] not found." - echo "Exiting installation." - exit 1 -fi - -if [ ! -d "${HCOMPONENT_LIB_DIR}" ] -then - mkdir -p "${HCOMPONENT_LIB_DIR}" - if [ ! -d "${HCOMPONENT_LIB_DIR}" ] - then - echo "ERROR: Unable to find the lib directory of component [${HCOMPONENT_NAME}]; dir [${HCOMPONENT_LIB_DIR}] not found." - echo "Exiting installation." - exit 1 - fi -fi - -ambari_hive_install="N" -if [ "${HCOMPONENT_NAME}" = "hive" ] -then - HCOMPONENT_CONF_SERVER_DIR="${HCOMPONENT_CONF_DIR}"/conf.server - if [ -d "${HCOMPONENT_CONF_SERVER_DIR}" ] - then - ambari_hive_install="Y" - fi -fi - -# -# Common functions used by all enable/disable scripts -# - -log() { - echo "+ `date` : $*" -} - - -create_jceks() { - - alias=$1 - pass=$2 - jceksFile=$3 - - if [ -f "${jceksFile}" ] - then - jcebdir=`dirname ${jceksFile}` - jcebname=`basename ${jceksFile}` - archive_jce=${jcebdir}/.${jcebname}.`date '+%Y%m%d%H%M%S'` - log "Saving current JCE file: ${jceksFile} to ${archive_jce} ..." - cp ${jceksFile} ${archive_jce} - fi - - tempFile=/tmp/jce.$$.out - - $JAVA_HOME/bin/java -cp ":${PROJ_INSTALL_LIB_DIR}/*:" org.apache.ranger.credentialapi.buildks create "${alias}" -value "${pass}" -provider "jceks://file${jceksFile}" > ${tempFile} 2>&1 - - if [ $? -ne 0 ] - then - echo "Unable to store password in non-plain text format. Error: [`cat ${tempFile}`]" - echo "Exiting plugin installation" - rm -f ${tempFile} - exit 0 - fi - - rm -f ${tempFile} -} - -log "${HCOMPONENT_NAME}: lib folder=$HCOMPONENT_LIB_DIR conf folder=$HCOMPONENT_CONF_DIR" - -# -# If there is a set-ranger-${COMPONENT}-env.sh, install it -# -dt=`date '+%Y%m%d-%H%M%S'` - -if [ -f "${SET_ENV_SCRIPT_TEMPLATE}" ] -then - # - # If the setenv script already exists, move it to the archive folder - # - if [ -f "${SET_ENV_SCRIPT}" ] - then - if [ ! -d "${HCOMPONENT_ARCHIVE_CONF_DIR}" ] - then - mkdir -p ${HCOMPONENT_ARCHIVE_CONF_DIR} - fi - log "Saving current ${SET_ENV_SCRIPT_NAME} to ${HCOMPONENT_ARCHIVE_CONF_DIR} ..." - mv ${SET_ENV_SCRIPT} ${HCOMPONENT_ARCHIVE_CONF_DIR}/${SET_ENV_SCRIPT_NAME}.${dt} - fi - - if [ "${action}" = "enable" ] - then - - cp ${SET_ENV_SCRIPT_TEMPLATE} ${SET_ENV_SCRIPT} - - DEST_SCRIPT_FILE=${HCOMPONENT_INSTALL_DIR}/libexec/${HCOMPONENT_NAME}-config.sh - - DEST_SCRIPT_ARCHIVE_FILE=${HCOMPONENT_INSTALL_DIR}/libexec/.${HCOMPONENT_NAME}-config.sh.${dt} - - if [ -f "${DEST_SCRIPT_FILE}" ] - then - - log "Saving current ${DEST_SCRIPT_FILE} to ${DEST_SCRIPT_ARCHIVE_FILE} ..." - - cp ${DEST_SCRIPT_FILE} ${DEST_SCRIPT_ARCHIVE_FILE} - - grep 'xasecure-.*-env.sh' ${DEST_SCRIPT_FILE} > /dev/null 2>&1 - if [ $? -eq 0 ] - then - ts=`date '+%Y%m%d%H%M%S'` - grep -v 'xasecure-.*-env.sh' ${DEST_SCRIPT_FILE} > ${DEST_SCRIPT_FILE}.${ts} - if [ $? -eq 0 ] - then - log "Removing old reference to xasecure setenv source ..." - cat ${DEST_SCRIPT_FILE}.${ts} > ${DEST_SCRIPT_FILE} - rm -f ${DEST_SCRIPT_FILE}.${ts} - fi - fi - - grep "[ \t]*.[ \t]*${SET_ENV_SCRIPT}" ${DEST_SCRIPT_FILE} > /dev/null - if [ $? -ne 0 ] - then - log "Appending sourcing script, ${SET_ENV_SCRIPT_NAME} in the file: ${DEST_SCRIPT_FILE} " - cat >> ${DEST_SCRIPT_FILE} <\n`date`\n" > ${HCOMPONENT_CONF_DIR}/ranger-security.xml - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/ranger-security.xml - chmod a+r ${HCOMPONENT_CONF_DIR}/ranger-security.xml - for cf in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.xml - do - cfb=`basename ${cf}` - if [ -f "${HCOMPONENT_CONF_DIR}/${cfb}" ] - then - log "Saving ${HCOMPONENT_CONF_DIR}/${cfb} to ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} ..." - cp ${HCOMPONENT_CONF_DIR}/${cfb} ${HCOMPONENT_CONF_DIR}/.${cfb}.${dt} - fi - cp ${cf} ${HCOMPONENT_CONF_DIR}/ - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_DIR}/${cfb} - chmod a+r ${HCOMPONENT_CONF_DIR}/${cfb} - done - else - if [ -f ${HCOMPONENT_CONF_DIR}/ranger-security.xml ] - then - mv ${HCOMPONENT_CONF_DIR}/ranger-security.xml ${HCOMPONENT_CONF_DIR}/.ranger-security.xml.`date '+%Y%m%d%H%M%S'` - fi - fi - - # - # Ensure that POLICY_CACHE_FILE_PATH is accessible - # - REPO_NAME=$(getInstallProperty 'REPOSITORY_NAME') - export POLICY_CACHE_FILE_PATH=/etc/${PROJ_NAME}/${REPO_NAME}/policycache - export CREDENTIAL_PROVIDER_FILE=/etc/${PROJ_NAME}/${REPO_NAME}/cred.jceks - if [ ! -d ${POLICY_CACHE_FILE_PATH} ] - then - mkdir -p ${POLICY_CACHE_FILE_PATH} - fi - chmod a+rx /etc/${PROJ_NAME} - chmod a+rx /etc/${PROJ_NAME}/${REPO_NAME} - chmod a+rx ${POLICY_CACHE_FILE_PATH} - chown -R ${CFG_OWNER_INF} /etc/${PROJ_NAME}/${REPO_NAME} - - for f in ${PROJ_INSTALL_DIR}/install/conf.templates/${action}/*.cfg - do - if [ -f "${f}" ] - then - fn=`basename $f` - orgfn=`echo $fn | sed -e 's:-changes.cfg:.xml:'` - fullpathorgfn="${HCOMPONENT_CONF_DIR}/${orgfn}" - if [ ! -f ${fullpathorgfn} ] - then - if [ -f ${DEFAULT_XML_CONFIG} ] - then - log "Creating default file from [${DEFAULT_XML_CONFIG}] for [${fullpathorgfn}] .." - cp ${DEFAULT_XML_CONFIG} ${fullpathorgfn} - chown ${CFG_OWNER_INF} ${fullpathorgfn} - chmod a+r ${fullpathorgfn} - else - echo "ERROR: Unable to find ${fullpathorgfn}" - exit 1 - fi - fi - archivefn="${HCOMPONENT_CONF_DIR}/.${orgfn}.${dt}" - newfn="${HCOMPONENT_CONF_DIR}/.${orgfn}-new.${dt}" - log "Saving current config file: ${fullpathorgfn} to ${archivefn} ..." - cp ${fullpathorgfn} ${archivefn} - if [ $? -eq 0 ] - then - ${JAVA} -cp "${INSTALL_CP}" org.apache.ranger.utils.install.XmlConfigChanger -i ${archivefn} -o ${newfn} -c ${f} -p ${INSTALL_ARGS} - if [ $? -eq 0 ] - then - diff -w ${newfn} ${fullpathorgfn} > /dev/null 2>&1 - if [ $? -ne 0 ] - then - cat ${newfn} > ${fullpathorgfn} - fi - - # For Ambari install copy the .xml to conf.server also - if [ "${ambari_hive_install}" = "Y" ] - then - fullpathorgHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/${orgfn}" - archiveHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/.${orgfn}.${dt}" - newHS2fn="${HCOMPONENT_CONF_SERVER_DIR}/.${orgfn}-new.${dt}" - log "Saving current conf.server file: ${fullpathorgHS2fn} to ${archiveHS2fn} ..." - if [ -f ${fullpathorgHS2fn} ] - then - cp ${fullpathorgHS2fn} ${archiveHS2fn} - fi - cp ${fullpathorgfn} ${HCOMPONENT_CONF_SERVER_DIR}/${orgfn} - chown ${CFG_OWNER_INF} ${HCOMPONENT_CONF_SERVER_DIR}/${orgfn} - fi - - else - echo "ERROR: Unable to make changes to config. file: ${fullpathorgfn}" - echo "exiting ...." - exit 1 - fi - else - echo "ERROR: Unable to save config. file: ${fullpathorgfn} to ${archivefn}" - echo "exiting ...." - exit 1 - fi - fi - done - if [ "${HCOMPONENT_NAME}" = "hbase" ] || [ "${HCOMPONENT_NAME}" = "storm" ]; - then - chmod 644 ${HCOMPONENT_CONF_DIR}/* - fi -fi - -# -# Create library link -# -if [ "${action}" = "enable" ] -then - dt=`date '+%Y%m%d%H%M%S'` - for f in ${PROJ_LIB_DIR}/* - do - if [ -f "${f}" ] || [ -d "${f}" ] - then - bn=`basename $f` - if [ -f ${HCOMPONENT_LIB_DIR}/${bn} ] || [ -d ${HCOMPONENT_LIB_DIR}/${bn} ] - then - log "Saving lib file: ${HCOMPONENT_LIB_DIR}/${bn} to ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} ..." - mv ${HCOMPONENT_LIB_DIR}/${bn} ${HCOMPONENT_LIB_DIR}/.${bn}.${dt} - fi - if [ ! -f ${HCOMPONENT_LIB_DIR}/${bn} ] && [ ! -d ${HCOMPONENT_LIB_DIR}/${bn} ] - then - ln -s ${f} ${HCOMPONENT_LIB_DIR}/${bn} - fi - fi - done - - # - # Encrypt the password and keep it secure in Credential Provider API - # - CredFile=${CREDENTIAL_PROVIDER_FILE} - if ! [ `echo ${CredFile} | grep '^/.*'` ] - then - echo "ERROR:Please enter the Credential File Store with proper file path" - exit 1 - fi - - pardir=`dirname ${CredFile}` - - if [ ! -d "${pardir}" ] - then - mkdir -p "${pardir}" - if [ $? -ne 0 ] - then - echo "ERROR: Unable to create credential store file path" - exit 1 - fi - chmod a+rx "${pardir}" - fi - - # - # Generate Credential Provider file and Credential for SSL KEYSTORE AND TRUSTSTORE - # - sslkeystoreAlias="sslKeyStore" - sslkeystoreCred=$(getInstallProperty 'SSL_KEYSTORE_PASSWORD') - create_jceks "${sslkeystoreAlias}" "${sslkeystoreCred}" "${CredFile}" - ssltruststoreAlias="sslTrustStore" - ssltruststoreCred=$(getInstallProperty 'SSL_TRUSTSTORE_PASSWORD') - create_jceks "${ssltruststoreAlias}" "${ssltruststoreCred}" "${CredFile}" - chown ${CFG_OWNER_INF} ${CredFile} - # - # To allow all users in the server (where Hive CLI and HBase CLI is used), - # user needs to have read access for the credential file. - # - chmod a+r ${CredFile} -fi - -# -# Knox specific configuration -# -# - -if [ "${HCOMPONENT_NAME}" = "knox" ] -then - if [ "${action}" = "enable" ] - then - authFrom="AclsAuthz" - authTo="XASecurePDPKnox" - else - authTo="AclsAuthz" - authFrom="XASecurePDPKnox" - fi - - dt=`date '+%Y%m%d%H%M%S'` - for fn in `ls ${HCOMPONENT_CONF_DIR}/topologies/*.xml 2> /dev/null` - do - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - echo "Updating topology file: [${fn}] ... " - cat ${fn} | sed -e "s-${authFrom}-${authTo}-" > ${fn}.${dt}.new - if [ $? -eq 0 ] - then - cat ${fn}.${dt}.new > ${fn} - rm ${fn}.${dt}.new - fi - fi - done -fi - -if [ "${HCOMPONENT_NAME}" = "storm" ] -then - CFG_FILE=${HCOMPONENT_CONF_DIR}/storm.yaml - ARCHIVE_FILE=${HCOMPONENT_CONF_DIR}/.storm.yaml.`date '+%Y%m%d%H%M%S'` - - if [ -f "${CFG_FILE}" ] - then - cp ${CFG_FILE} ${ARCHIVE_FILE} - - if [ "${action}" = "enable" ] - then - awk -F: 'BEGIN { - configured = 0 ; - } - { - if ($1 == "nimbus.authorizer") { - if ($2 ~ /^[ \t]*"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer"[ \t]*$/) { - configured = 1 ; - printf("%s\n",$0) ; - } - else { - printf("#%s\n",$0); - printf("nimbus.authorizer: \"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer\"\n") ; - configured = 1 ; - } - } - else { - printf("%s\n",$0) ; - } - } - END { - if (configured == 0) { - printf("nimbus.authorizer: \"org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer\"\n") ; - } - }' ${CFG_FILE} > ${CFG_FILE}.new && cat ${CFG_FILE}.new > ${CFG_FILE} && rm -f ${CFG_FILE}.new - - else - awk -F: 'BEGIN { - configured = 0 ; - } - { - if ($1 == "nimbus.authorizer") { - if ($2 ~ /^[ \t]*"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer"[ \t]*$/) { - configured = 1 ; - printf("%s\n",$0) ; - } - else { - printf("#%s\n",$0); - printf("nimbus.authorizer: \"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer\"\n") ; - configured = 1 ; - } - } - else { - printf("%s\n",$0) ; - } - } - END { - if (configured == 0) { - printf("nimbus.authorizer: \"org.apache.storm.security.auth.authorizer.SimpleACLAuthorizer\"\n") ; - } - }' ${CFG_FILE} > ${CFG_FILE}.new && cat ${CFG_FILE}.new > ${CFG_FILE} && rm -f ${CFG_FILE}.new - fi - fi -fi - -#Check Properties whether in File, return code 1 if not exist -#$1 -> propertyName; $2 -> fileName -checkPropertyInFile(){ - validate=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f1-) # for validation - if test -z "$validate" ; then return 1; fi -} - -#Add Properties to File -#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName -addPropertyToFile(){ - echo "$1=$2">>$3 - validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation - if test -z "$validate" ; then log "[E] Failed to add properties '$1' to $3 file!"; exit 1; fi - echo "Property $1 added successfully with : '$2'" -} - -#Update Properties to File -#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName -updatePropertyToFile(){ - sed 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3 > /tmp/temporaryfile - cp /tmp/temporaryfile $3 - rm /tmp/temporaryfile - validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation - if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi - echo "Property $1 updated successfully with : '$2'" -} - -#Add or Update Properties to File -#$1 -> propertyName; $2 -> newPropertyValue; $3 -> fileName -addOrUpdatePropertyToFile(){ - checkPropertyInFile $1 $3 - if [ $? -eq 1 ] - then - addPropertyToFile $1 $2 $3 - else - updatePropertyToFile $1 $2 $3 - fi -} - -if [ "${HCOMPONENT_NAME}" = "sqoop" ] -then - if [ "${action}" = "enable" ] - then - authName="org.apache.ranger.authorization.sqoop.authorizer.RangerSqoopAuthorizer" - else - authName="" - fi - - dt=`date '+%Y%m%d%H%M%S'` - fn=`ls ${HCOMPONENT_CONF_DIR}/sqoop.properties 2> /dev/null` - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - echo "Add or Update properties file: [${fn}] ... " - addOrUpdatePropertyToFile org.apache.sqoop.security.authorization.validator $authName ${fn} - fi -fi - -if [ "${HCOMPONENT_NAME}" = "kylin" ] -then - if [ "${action}" = "enable" ] - then - authName="org.apache.ranger.authorization.kylin.authorizer.RangerKylinAuthorizer" - else - authName="" - fi - - dt=`date '+%Y%m%d%H%M%S'` - fn=`ls ${HCOMPONENT_CONF_DIR}/kylin.properties 2> /dev/null` - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - echo "Add or Update properties file: [${fn}] ... " - addOrUpdatePropertyToFile kylin.server.external-acl-provider $authName ${fn} - fi -fi - -if [ "${HCOMPONENT_NAME}" = "presto" ] -then - if [ "${action}" = "enable" ] - then - controlName="ranger" - else - controlName="" - fi - dt=`date '+%Y%m%d%H%M%S'` - fn=`ls ${HCOMPONENT_CONF_DIR}/access-control.properties 2> /dev/null` - if [ -f "${fn}" ] - then - dn=`dirname ${fn}` - bn=`basename ${fn}` - bf=${dn}/.${bn}.${dt} - echo "backup of ${fn} to ${bf} ..." - cp ${fn} ${bf} - else - fn=${HCOMPONENT_CONF_DIR}/access-control.properties - fi - echo "Add or Update properties file: [${fn}] ... " - addOrUpdatePropertyToFile access-control.name $controlName ${fn} - echo "Linking config files" - cd ${HCOMPONENT_LIB_DIR}/ranger-presto-plugin-impl/ - ln -sf ${HCOMPONENT_CONF_DIR} conf -fi - - -# -# Set notice to restart the ${HCOMPONENT_NAME} -# - -echo "Ranger Plugin for ${HCOMPONENT_NAME} has been ${action}d. Please restart ${HCOMPONENT_NAME} to ensure that changes are effective." - -exit 0 diff --git a/atlas-hub/pre-conf/ranger/install.properties b/atlas-hub/pre-conf/ranger/install.properties deleted file mode 100755 index 8cf19fc3b8..0000000000 --- a/atlas-hub/pre-conf/ranger/install.properties +++ /dev/null @@ -1,106 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Location of Policy Manager URL -# -# Example: -# POLICY_MGR_URL=http://policymanager.xasecure.net:6080 -# -POLICY_MGR_URL=RANGER_SERVICE_URL - -# -# This is the repository name created within policy manager -# -# Example: -# REPOSITORY_NAME=atlasdev -# -REPOSITORY_NAME=ATLAS_REPOSITORY_NAME - -# -# Atlas installation directory -# -COMPONENT_INSTALL_DIR_NAME=ATLAS_INSTALL_DIR - -# AUDIT configuration with V3 properties - -#Should audit be summarized at source -XAAUDIT.SUMMARY.ENABLE=true - -# Enable audit logs to Solr -#Example -#XAAUDIT.SOLR.ENABLE=true -#XAAUDIT.SOLR.URL=http://localhost:6083/solr/ranger_audits -#XAAUDIT.SOLR.ZOOKEEPER= -#XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/atlas/audit/solr/spool - -XAAUDIT.SOLR.ENABLE=false -XAAUDIT.SOLR.URL=NONE -XAAUDIT.SOLR.USER=NONE -XAAUDIT.SOLR.PASSWORD=NONE -XAAUDIT.SOLR.ZOOKEEPER=NONE - -# Enable audit logs to HDFS -#Example -#XAAUDIT.HDFS.ENABLE=true -#XAAUDIT.HDFS.HDFS_DIR=hdfs://node-1.example.com:8020/ranger/audit -# If using Azure Blob Storage -#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://@.blob.core.windows.net/ -#XAAUDIT.HDFS.HDFS_DIR=wasb://ranger_audit_container@my-azure-account.blob.core.windows.net/ranger/audit -#XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/atlas/audit/hdfs/spool - -XAAUDIT.HDFS.ENABLE=false -XAAUDIT.HDFS.HDFS_DIR=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit - -# Following additional propertis are needed When auditing to Azure Blob Storage via HDFS -# Get these values from your /etc/hadoop/conf/core-site.xml -#XAAUDIT.HDFS.HDFS_DIR=wasb[s]://@.blob.core.windows.net/ -XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME -XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY -XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER -XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER - -# End of V3 properties - - -# -# SSL Client Certificate Information -# -# Example: -# SSL_KEYSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-keystore.jks -# SSL_KEYSTORE_PASSWORD=none -# SSL_TRUSTSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-truststore.jks -# SSL_TRUSTSTORE_PASSWORD=none -# -# You do not need use SSL between agent and security admin tool, please leave these sample value as it is. -# -SSL_KEYSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-keystore.jks -SSL_KEYSTORE_PASSWORD=myKeyFilePassword -SSL_TRUSTSTORE_FILE_PATH=/etc/atlas/conf/ranger-plugin-truststore.jks -SSL_TRUSTSTORE_PASSWORD=changeit - -# -# Custom component user -# CUSTOM_COMPONENT_USER= -# keep blank if component user is default -CUSTOM_USER=atlas - - -# -# Custom component group -# CUSTOM_COMPONENT_GROUP= -# keep blank if component group is default -CUSTOM_GROUP=hadoop - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/default/configuration.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/default/configuration.xml deleted file mode 100755 index bdb0125891..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/default/configuration.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-audit.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-audit.xml deleted file mode 100755 index 39dbcdc1c3..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-audit.xml +++ /dev/null @@ -1,139 +0,0 @@ - - - - - - xasecure.audit.is.enabled - true - - - - - - xasecure.audit.destination.solr - false - - - - xasecure.audit.destination.solr.urls - NONE - - - - xasecure.audit.destination.solr.zookeepers - - - - - xasecure.audit.destination.solr.collection - NONE - - - - - - xasecure.audit.destination.hdfs - false - - - - xasecure.audit.destination.hdfs.dir - hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit - - - - xasecure.audit.destination.hdfs.subdir - %app-type%/%time:yyyyMMdd% - - - - xasecure.audit.destination.hdfs.filename.format - %app-type%_ranger_audit_%hostname%.log - - - - xasecure.audit.destination.hdfs.file.rollover.sec - 86400 - - - - - - - xasecure.audit.destination.log4j - false - - - - xasecure.audit.destination.log4j.logger - AUTH_AUDIT - - - - - xasecure.audit.destination.elasticsearch - true - - - xasecure.audit.elasticsearch.is.enabled - true/ - - - xasecure.audit.destination.elasticsearch.urls - logging-master.logging.svc.cluster.local - - - xasecure.audit.destination.elasticsearch.index - ranger-audit - - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-security-changes.cfg b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-security-changes.cfg deleted file mode 100755 index 8fd6e09274..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-security-changes.cfg +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Change the original policy parameter to work with policy manager based. -# -# -atlas.plugin.atlas.service.name %REPOSITORY_NAME% mod create-if-not-exists - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-security.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-security.xml deleted file mode 100755 index 6b16b6ee1e..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/atlas-atlas-security.xml +++ /dev/null @@ -1,88 +0,0 @@ - - - - - - atlas.plugin.atlas.service.name - atlas - - Name of the Ranger service containing policies for this YARN instance - - - - - atlas.plugin.atlas.policy.source.impl - org.apache.atlas.authz.admin.client.AtlasAuthRESTClient - - Class to retrieve policies from the source - - - - - atlas.plugin.atlas.authz.rest.url - localhost:21000/api/atlas/v2/auth - - URL to Ranger Admin - - - - - atlas.plugin.atlas.policy.rest.ssl.config.file - /etc/atlas/conf/ranger-policymgr-ssl.xml - - Path to the file containing SSL details to contact Ranger Admin - - - - - atlas.plugin.atlas.policy.pollIntervalMs - 30000 - - How often to poll for changes in policies? - - - - - atlas.plugin.atlas.policy.cache.dir - /etc/atlas/atlasdev/policycache - - Directory where Ranger policies are cached after successful retrieval from the source - - - - - atlas.plugin.atlas.policy.rest.client.connection.timeoutMs - 120000 - - RangerRestClient Connection Timeout in Milli Seconds - - - - - atlas.plugin.atlas.policy.rest.client.read.timeoutMs - 120000 - - AtlasAuth read Timeout in Milli Seconds - - - - - atlas.plugin.atlas.policyengine.option.disable.tag.retriever - true - - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-audit-changes.cfg b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-audit-changes.cfg deleted file mode 100755 index 07fc382798..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-audit-changes.cfg +++ /dev/null @@ -1,30 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -#solr configuration -xasecure.audit.destination.solr %XAAUDIT.SOLR.ENABLE% mod create-if-not-exists -xasecure.audit.destination.solr.urls %XAAUDIT.SOLR.URL% mod create-if-not-exists -xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exists -xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists -xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists - - -#hdfs configuration -xasecure.audit.destination.hdfs %XAAUDIT.HDFS.ENABLE% mod create-if-not-exists -xasecure.audit.destination.hdfs.dir %XAAUDIT.HDFS.HDFS_DIR% mod create-if-not-exists - - - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-audit.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-audit.xml deleted file mode 100755 index ca1dd338f2..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-audit.xml +++ /dev/null @@ -1,139 +0,0 @@ - - - - - - xasecure.audit.is.enabled - true - - - - - - xasecure.audit.destination.solr - false - - - - xasecure.audit.destination.solr.urls - NONE - - - - xasecure.audit.destination.solr.zookeepers - - - - - xasecure.audit.destination.solr.collection - NONE - - - - - - xasecure.audit.destination.hdfs - false - - - - xasecure.audit.destination.hdfs.dir - hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit - - - - xasecure.audit.destination.hdfs.subdir - %app-type%/%time:yyyyMMdd% - - - - xasecure.audit.destination.hdfs.filename.format - %app-type%_ranger_audit_%hostname%.log - - - - xasecure.audit.destination.hdfs.file.rollover.sec - 86400 - - - - - - - xasecure.audit.destination.log4j - true - - - - xasecure.audit.destination.log4j.logger - AUDIT - - - - - xasecure.audit.destination.elasticsearch - true - - - xasecure.audit.elasticsearch.is.enabled - true/ - - - xasecure.audit.destination.elasticsearch.urls - logging-master.logging.svc.cluster.local - - - xasecure.audit.destination.elasticsearch.index - ranger-audit - - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-security-changes.cfg b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-security-changes.cfg deleted file mode 100755 index 08790b9852..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-security-changes.cfg +++ /dev/null @@ -1,29 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Change the original policy parameter to work with policy manager based. -# -# -ranger.plugin.atlas.service.name %REPOSITORY_NAME% mod create-if-not-exists - -ranger.plugin.atlas.policy.source.impl org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists - -ranger.plugin.atlas.policy.rest.url %POLICY_MGR_URL% mod create-if-not-exists -ranger.plugin.atlas.policy.rest.ssl.config.file /etc/atlas/conf/ranger-policymgr-ssl.xml mod create-if-not-exists -ranger.plugin.atlas.policy.pollIntervalMs 30000 mod create-if-not-exists -ranger.plugin.atlas.policy.cache.dir %POLICY_CACHE_FILE_PATH% mod create-if-not-exists -ranger.plugin.atlas.policy.rest.client.connection.timeoutMs 120000 mod create-if-not-exists -ranger.plugin.atlas.policy.rest.client.read.timeoutMs 30000 mod create-if-not-exists - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-security.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-security.xml deleted file mode 100755 index 933c8e78df..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-atlas-security.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - ranger.plugin.atlas.service.name - atlasdev - - Name of the Ranger service containing policies for this YARN instance - - - - - ranger.plugin.atlas.policy.source.impl - org.apache.ranger.admin.client.RangerAdminRESTClient - - Class to retrieve policies from the source - - - - - ranger.plugin.atlas.policy.rest.url - http://policymanagerhost:port - - URL to Ranger Admin - - - - - ranger.plugin.atlas.policy.rest.ssl.config.file - /etc/atlas/conf/ranger-policymgr-ssl.xml - - Path to the file containing SSL details to contact Ranger Admin - - - - - ranger.plugin.atlas.policy.pollIntervalMs - 30000 - - How often to poll for changes in policies? - - - - - ranger.plugin.atlas.policy.cache.dir - /etc/ranger/atlasdev/policycache - - Directory where Ranger policies are cached after successful retrieval from the source - - - - - ranger.plugin.atlas.policy.rest.client.connection.timeoutMs - 120000 - - RangerRestClient Connection Timeout in Milli Seconds - - - - - ranger.plugin.atlas.policy.rest.client.read.timeoutMs - 30000 - - RangerRestClient read Timeout in Milli Seconds - - - diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-policymgr-ssl-changes.cfg b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-policymgr-ssl-changes.cfg deleted file mode 100755 index 47126492f2..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-policymgr-ssl-changes.cfg +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SSL Params -# -xasecure.policymgr.clientssl.keystore %SSL_KEYSTORE_FILE_PATH% mod create-if-not-exists -xasecure.policymgr.clientssl.keystore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists -xasecure.policymgr.clientssl.truststore %SSL_TRUSTSTORE_FILE_PATH% mod create-if-not-exists -xasecure.policymgr.clientssl.truststore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists \ No newline at end of file diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-policymgr-ssl.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-policymgr-ssl.xml deleted file mode 100755 index 3baf7725cf..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-policymgr-ssl.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - xasecure.policymgr.clientssl.keystore - hadoopdev-clientcert.jks - - Java Keystore files - - - - xasecure.policymgr.clientssl.truststore - cacerts-xasecure.jks - - java truststore file - - - - xasecure.policymgr.clientssl.keystore.credential.file - jceks://file/tmp/keystore-hadoopdev-ssl.jceks - - java keystore credential file - - - - xasecure.policymgr.clientssl.truststore.credential.file - jceks://file/tmp/truststore-hadoopdev-ssl.jceks - - java truststore credential file - - - \ No newline at end of file diff --git a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-security.xml b/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-security.xml deleted file mode 100644 index 1a7cb6fe0e..0000000000 --- a/atlas-hub/pre-conf/ranger/install/conf.templates/enable/ranger-security.xml +++ /dev/null @@ -1,17 +0,0 @@ - -\nThu Apr 30 22:10:46 UTC 2020\n \ No newline at end of file diff --git a/atlas-hub/pre-conf/ranger/install/lib/commons-cli-1.2.jar b/atlas-hub/pre-conf/ranger/install/lib/commons-cli-1.2.jar deleted file mode 100644 index ce4b9fffe4..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/commons-cli-1.2.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/commons-collections-3.2.2.jar b/atlas-hub/pre-conf/ranger/install/lib/commons-collections-3.2.2.jar deleted file mode 100644 index fa5df82a63..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/commons-collections-3.2.2.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/commons-configuration2-2.1.1.jar b/atlas-hub/pre-conf/ranger/install/lib/commons-configuration2-2.1.1.jar deleted file mode 100644 index 666baa09d2..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/commons-configuration2-2.1.1.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/commons-io-2.5.jar b/atlas-hub/pre-conf/ranger/install/lib/commons-io-2.5.jar deleted file mode 100644 index 107b061f5f..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/commons-io-2.5.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/commons-lang-2.6.jar b/atlas-hub/pre-conf/ranger/install/lib/commons-lang-2.6.jar deleted file mode 100644 index 98467d3a65..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/commons-lang-2.6.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/commons-logging-1.2.jar b/atlas-hub/pre-conf/ranger/install/lib/commons-logging-1.2.jar deleted file mode 100644 index 93a3b9f6db..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/commons-logging-1.2.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/credentialbuilder-2.0.0.jar b/atlas-hub/pre-conf/ranger/install/lib/credentialbuilder-2.0.0.jar deleted file mode 100644 index b082d9bcea..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/credentialbuilder-2.0.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/guava-25.1-jre.jar b/atlas-hub/pre-conf/ranger/install/lib/guava-25.1-jre.jar deleted file mode 100644 index babc175535..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/guava-25.1-jre.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/hadoop-auth-3.1.1.jar b/atlas-hub/pre-conf/ranger/install/lib/hadoop-auth-3.1.1.jar deleted file mode 100644 index 0d2a9dcd3f..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/hadoop-auth-3.1.1.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/hadoop-common-3.1.1.jar b/atlas-hub/pre-conf/ranger/install/lib/hadoop-common-3.1.1.jar deleted file mode 100644 index 0bbed5ac7e..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/hadoop-common-3.1.1.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/htrace-core4-4.1.0-incubating.jar b/atlas-hub/pre-conf/ranger/install/lib/htrace-core4-4.1.0-incubating.jar deleted file mode 100644 index 12349a2066..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/htrace-core4-4.1.0-incubating.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/ranger-plugins-cred-2.0.0.jar b/atlas-hub/pre-conf/ranger/install/lib/ranger-plugins-cred-2.0.0.jar deleted file mode 100644 index 01653b1fc5..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/ranger-plugins-cred-2.0.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/ranger-plugins-installer-2.0.0.jar b/atlas-hub/pre-conf/ranger/install/lib/ranger-plugins-installer-2.0.0.jar deleted file mode 100644 index ab774b9329..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/ranger-plugins-installer-2.0.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/slf4j-api-1.7.30.jar b/atlas-hub/pre-conf/ranger/install/lib/slf4j-api-1.7.30.jar deleted file mode 100644 index 29ac26fb8c..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/slf4j-api-1.7.30.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/stax2-api-3.1.4.jar b/atlas-hub/pre-conf/ranger/install/lib/stax2-api-3.1.4.jar deleted file mode 100644 index dded036928..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/stax2-api-3.1.4.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/install/lib/woodstox-core-5.0.3.jar b/atlas-hub/pre-conf/ranger/install/lib/woodstox-core-5.0.3.jar deleted file mode 100644 index 1c268641c8..0000000000 Binary files a/atlas-hub/pre-conf/ranger/install/lib/woodstox-core-5.0.3.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/eclipselink-2.5.2.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/eclipselink-2.5.2.jar deleted file mode 100644 index 325e2a3f90..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/eclipselink-2.5.2.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/gethostname4j-0.0.2.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/gethostname4j-0.0.2.jar deleted file mode 100644 index 507d8d7b4c..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/gethostname4j-0.0.2.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/guava-25.1-jre.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/guava-25.1-jre.jar deleted file mode 100644 index babc175535..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/guava-25.1-jre.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jackson-jaxrs-1.9.13.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jackson-jaxrs-1.9.13.jar deleted file mode 100644 index b85f45cf40..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jackson-jaxrs-1.9.13.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/javax.persistence-2.1.0.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/javax.persistence-2.1.0.jar deleted file mode 100644 index e48d2e9618..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/javax.persistence-2.1.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jersey-bundle-1.19.3.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jersey-bundle-1.19.3.jar deleted file mode 100644 index bd786a7821..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jersey-bundle-1.19.3.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jna-5.2.0.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jna-5.2.0.jar deleted file mode 100644 index 0b5fabdd8b..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jna-5.2.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jna-platform-5.2.0.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jna-platform-5.2.0.jar deleted file mode 100644 index 4722681821..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/jna-platform-5.2.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-atlas-plugin-2.2.0.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-atlas-plugin-2.2.0.jar deleted file mode 100644 index 178b6191eb..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-atlas-plugin-2.2.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-audit-2.2.0.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-audit-2.2.0.jar deleted file mode 100644 index e108d19e1d..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-audit-2.2.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-common-2.2.0.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-common-2.2.0.jar deleted file mode 100644 index cc23b8a0b2..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-common-2.2.0.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-cred-2.2.0-SNAPSHOT.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-cred-2.2.0-SNAPSHOT.jar deleted file mode 100644 index d270f48d96..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/ranger-plugins-cred-2.2.0-SNAPSHOT.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/solr-solrj-7.7.1.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/solr-solrj-7.7.1.jar deleted file mode 100644 index 0cd9fd57ba..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-impl/solr-solrj-7.7.1.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-shim-3.0.0-SNAPSHOT.jar b/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-shim-3.0.0-SNAPSHOT.jar deleted file mode 100644 index 89893ad6ce..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-atlas-plugin-shim-3.0.0-SNAPSHOT.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/lib/ranger-plugin-classloader-3.0.0-SNAPSHOT.jar b/atlas-hub/pre-conf/ranger/lib/ranger-plugin-classloader-3.0.0-SNAPSHOT.jar deleted file mode 100644 index 866c8a72b6..0000000000 Binary files a/atlas-hub/pre-conf/ranger/lib/ranger-plugin-classloader-3.0.0-SNAPSHOT.jar and /dev/null differ diff --git a/atlas-hub/pre-conf/ranger/ranger_credential_helper.py b/atlas-hub/pre-conf/ranger/ranger_credential_helper.py deleted file mode 100755 index b36adeace1..0000000000 --- a/atlas-hub/pre-conf/ranger/ranger_credential_helper.py +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/python -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import sys -import os -from subprocess import Popen,PIPE -from optparse import OptionParser - -if os.getenv('JAVA_HOME') is None: - print "ERROR: JAVA_HOME environment property was not defined, exit." - sys.exit(1) -else: - JAVA_BIN=os.path.join(os.getenv('JAVA_HOME'),'bin','java') -print "Using Java:" + str(JAVA_BIN) - -def main(): - - parser = OptionParser() - - parser.add_option("-l", "--libpath", dest="library_path", help="Path to folder where credential libs are present") - parser.add_option("-f", "--file", dest="jceks_file_path", help="Path to jceks file to use") - parser.add_option("-k", "--key", dest="key", help="Key to use") - parser.add_option("-v", "--value", dest="value", help="Value to use") - parser.add_option("-c", "--create", dest="create", help="Add a new alias") - - (options, args) = parser.parse_args() - library_path = options.library_path - jceks_file_path = options.jceks_file_path - key = options.key - value = options.value - getorcreate = 'create' if options.create else 'get' - call_keystore(library_path, jceks_file_path, key, value, getorcreate) - - -def call_keystore(libpath, filepath, aliasKey, aliasValue='', getorcreate='get'): - finalLibPath = libpath.replace('\\','/').replace('//','/') - finalFilePath = 'jceks://file/'+filepath.replace('\\','/').replace('//','/') - if getorcreate == 'create': - commandtorun = [JAVA_BIN, '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'create', aliasKey, '-value', aliasValue, '-provider',finalFilePath] - p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE) - output, error = p.communicate() - statuscode = p.returncode - if statuscode == 0: - print "Alias " + aliasKey + " created successfully!" - else : - print "Error creating Alias!! Error: " + str(error) - - elif getorcreate == 'get': - commandtorun = [JAVA_BIN, '-cp', finalLibPath, 'org.apache.ranger.credentialapi.buildks' ,'get', aliasKey, '-provider',finalFilePath] - p = Popen(commandtorun,stdin=PIPE, stdout=PIPE, stderr=PIPE) - output, error = p.communicate() - statuscode = p.returncode - if statuscode == 0: - print "Alias : " + aliasKey + " Value : " + str(output) - else : - print "Error getting value!! Error: " + str(error) - - else: - print 'Invalid Arguments!!' - -if __name__ == '__main__': - main() diff --git a/atlas-hub/pre-conf/solr/currency.xml b/atlas-hub/pre-conf/solr/currency.xml deleted file mode 100644 index 3a9c58afee..0000000000 --- a/atlas-hub/pre-conf/solr/currency.xml +++ /dev/null @@ -1,67 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/atlas-hub/pre-conf/solr/lang/stopwords_en.txt b/atlas-hub/pre-conf/solr/lang/stopwords_en.txt deleted file mode 100644 index 2c164c0b2a..0000000000 --- a/atlas-hub/pre-conf/solr/lang/stopwords_en.txt +++ /dev/null @@ -1,54 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# a couple of test stopwords to test that the words are really being -# configured from this file: -stopworda -stopwordb - -# Standard english stop words taken from Lucene's StopAnalyzer -a -an -and -are -as -at -be -but -by -for -if -in -into -is -it -no -not -of -on -or -such -that -the -their -then -there -these -they -this -to -was -will -with diff --git a/atlas-hub/pre-conf/solr/protwords.txt b/atlas-hub/pre-conf/solr/protwords.txt deleted file mode 100644 index 1dfc0abecb..0000000000 --- a/atlas-hub/pre-conf/solr/protwords.txt +++ /dev/null @@ -1,21 +0,0 @@ -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#----------------------------------------------------------------------- -# Use a protected word file to protect against the stemmer reducing two -# unrelated words to the same base word. - -# Some non-words that normally won't be encountered, -# just to test that they won't be stemmed. -dontstems -zwhacky - diff --git a/atlas-hub/pre-conf/solr/schema.xml b/atlas-hub/pre-conf/solr/schema.xml deleted file mode 100644 index 1d445b1500..0000000000 --- a/atlas-hub/pre-conf/solr/schema.xml +++ /dev/null @@ -1,534 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - id - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/atlas-hub/pre-conf/solr/solrconfig.xml b/atlas-hub/pre-conf/solr/solrconfig.xml deleted file mode 100644 index 1d414f76e9..0000000000 --- a/atlas-hub/pre-conf/solr/solrconfig.xml +++ /dev/null @@ -1,625 +0,0 @@ - - - - - - - - - 5.0.0 - - - ${solr.data.dir:} - - - - - - - - ${solr.hdfs.home:} - - ${solr.hdfs.confdir:} - - ${solr.hdfs.blockcache.enabled:true} - - ${solr.hdfs.blockcache.global:true} - - - - - - - - - - - - - - - - ${solr.lock.type:native} - - - true - - - - - - - - - - - - - - - - ${solr.ulog.dir:} - - - - - ${solr.autoCommit.maxTime:15000} - false - - - - - ${solr.autoSoftCommit.maxTime:-1} - - - - - - - - 1024 - - - - - - - - - - - - - - - - - - true - - - 20 - - - 200 - - - false - - - 2 - - - - - - - - - - - - - - - - - - - - explicit - 10 - - - - - - - - explicit - json - true - text - - - - - - - {!xport} - xsort - false - - - - query - - - - - - - text - - - - - - - - - - - - - - explicit - true - - - - - - - - - - - - - - true - false - - - terms - - - - - - *:* - - - - - - - timestamp - - - 5 - ttl - expire_at - - - expire_at_dt - - - - - diff --git a/atlas-hub/pre-conf/solr/stopwords.txt b/atlas-hub/pre-conf/solr/stopwords.txt deleted file mode 100644 index ae1e83eeb3..0000000000 --- a/atlas-hub/pre-conf/solr/stopwords.txt +++ /dev/null @@ -1,14 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. diff --git a/atlas-hub/pre-conf/solr/synonyms.txt b/atlas-hub/pre-conf/solr/synonyms.txt deleted file mode 100644 index 7f72128303..0000000000 --- a/atlas-hub/pre-conf/solr/synonyms.txt +++ /dev/null @@ -1,29 +0,0 @@ -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#----------------------------------------------------------------------- -#some test synonym mappings unlikely to appear in real input text -aaafoo => aaabar -bbbfoo => bbbfoo bbbbar -cccfoo => cccbar cccbaz -fooaaa,baraaa,bazaaa - -# Some synonym groups specific to this example -GB,gib,gigabyte,gigabytes -MB,mib,megabyte,megabytes -Television, Televisions, TV, TVs -#notice we use "gib" instead of "GiB" so any WordDelimiterFilter coming -#after us won't split it into two words. - -# Synonym mappings can be used for spelling correction too -pixima => pixma - diff --git a/auth-audits/pom.xml b/auth-audits/pom.xml index c19e686740..60037a3183 100644 --- a/auth-audits/pom.xml +++ b/auth-audits/pom.xml @@ -48,46 +48,6 @@ ${commons-lang.version} - - org.apache.solr - solr-solrj - ${solr.version} - - - io.netty - * - - - org.eclipse.jetty.http2 - * - - - org.apache.commons - commons-math3 - - - commons-io - commons-io - - - org.apache.httpcomponents - * - - - org.apache.zookeeper - * - - - org.codehaus.woodstox - * - - - org.eclipse.jetty - * - - - - org.elasticsearch.client elasticsearch-rest-high-level-client diff --git a/auth-audits/src/main/java/org/apache/atlas/audit/destination/SolrAuditDestination.java b/auth-audits/src/main/java/org/apache/atlas/audit/destination/SolrAuditDestination.java deleted file mode 100644 index 7b42926ca9..0000000000 --- a/auth-audits/src/main/java/org/apache/atlas/audit/destination/SolrAuditDestination.java +++ /dev/null @@ -1,489 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.audit.destination; - -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.atlas.audit.model.AuditEventBase; -import org.apache.atlas.audit.model.AuthzAuditEvent; -import org.apache.atlas.audit.provider.MiscUtil; -import org.apache.atlas.audit.utils.InMemoryJAASConfiguration; -import org.apache.atlas.audit.utils.KerberosAction; -import org.apache.atlas.audit.utils.KerberosJAASConfigUser; -import org.apache.atlas.audit.utils.KerberosUser; -import org.apache.solr.client.solrj.SolrClient; -import org.apache.solr.client.solrj.impl.CloudSolrClient; -import org.apache.solr.client.solrj.impl.HttpClientUtil; -import org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder; -import org.apache.solr.client.solrj.impl.LBHttpSolrClient; -import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder; -import org.apache.solr.client.solrj.response.UpdateResponse; -import org.apache.solr.common.SolrException; -import org.apache.solr.common.SolrInputDocument; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.security.auth.login.LoginException; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivilegedExceptionAction; -import java.security.SecureRandom; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.List; -import java.util.Optional; -import java.util.Properties; - - -public class SolrAuditDestination extends AuditDestination { - private static final Log LOG = LogFactory - .getLog(SolrAuditDestination.class); - - public static final String PROP_SOLR_URLS = "urls"; - public static final String PROP_SOLR_ZK = "zookeepers"; - public static final String PROP_SOLR_COLLECTION = "collection"; - public static final String PROP_SOLR_FORCE_USE_INMEMORY_JAAS_CONFIG = "force.use.inmemory.jaas.config"; - - public static final String DEFAULT_COLLECTION_NAME = "ranger_audits"; - public static final String PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config"; - - private volatile SolrClient solrClient = null; - private volatile KerberosUser kerberosUser = null; - - public SolrAuditDestination() { - } - - @Override - public void init(Properties props, String propPrefix) { - LOG.info("init() called"); - super.init(props, propPrefix); - init(); - connect(); - } - - @Override - public void stop() { - LOG.info("SolrAuditDestination.stop() called.."); - logStatus(); - - if (solrClient != null) { - try { - solrClient.close(); - } catch (IOException ioe) { - LOG.error("Error while stopping slor!", ioe); - } finally { - solrClient = null; - } - } - - if (kerberosUser != null) { - try { - kerberosUser.logout(); - } catch (LoginException excp) { - LOG.error("Error logging out keytab user", excp); - } finally { - kerberosUser = null; - } - } - } - - synchronized void connect() { - SolrClient me = solrClient; - if (me == null) { - synchronized(SolrAuditDestination.class) { - me = solrClient; - if (solrClient == null) { - KeyManager[] kmList = getKeyManagers(); - TrustManager[] tmList = getTrustManagers(); - SSLContext sslContext = getSSLContext(kmList, tmList); - if(sslContext != null) { - SSLContext.setDefault(sslContext); - } - String urls = MiscUtil.getStringProperty(props, propPrefix - + "." + PROP_SOLR_URLS); - if (urls != null) { - urls = urls.trim(); - } - if (urls != null && urls.equalsIgnoreCase("NONE")) { - urls = null; - } - List solrURLs = new ArrayList(); - String zkHosts = null; - solrURLs = MiscUtil.toArray(urls, ","); - zkHosts = MiscUtil.getStringProperty(props, propPrefix + "." - + PROP_SOLR_ZK); - if (zkHosts != null && zkHosts.equalsIgnoreCase("NONE")) { - zkHosts = null; - } - String collectionName = MiscUtil.getStringProperty(props, - propPrefix + "." + PROP_SOLR_COLLECTION); - if (collectionName == null - || collectionName.equalsIgnoreCase("none")) { - collectionName = DEFAULT_COLLECTION_NAME; - } - - LOG.info("Solr zkHosts=" + zkHosts + ", solrURLs=" + urls - + ", collectionName=" + collectionName); - - if (zkHosts != null && !zkHosts.isEmpty()) { - LOG.info("Connecting to solr cloud using zkHosts=" - + zkHosts); - try { - // Instantiate - Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder(); - SolrHttpClientBuilder kb = krbBuild.getBuilder(); - HttpClientUtil.setHttpClientBuilder(kb); - - final List zkhosts = new ArrayList(Arrays.asList(zkHosts.split(","))); - final CloudSolrClient solrCloudClient = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction() { - @Override - public CloudSolrClient run() throws Exception { - CloudSolrClient solrCloudClient = new CloudSolrClient.Builder(zkhosts, Optional.empty()).build(); - return solrCloudClient; - }; - }); - - solrCloudClient.setDefaultCollection(collectionName); - me = solrClient = solrCloudClient; - } catch (Throwable t) { - LOG.fatal("Can't connect to Solr server. ZooKeepers=" - + zkHosts, t); - } - } else if (solrURLs != null && !solrURLs.isEmpty()) { - try { - LOG.info("Connecting to Solr using URLs=" + solrURLs); - Krb5HttpClientBuilder krbBuild = new Krb5HttpClientBuilder(); - SolrHttpClientBuilder kb = krbBuild.getBuilder(); - HttpClientUtil.setHttpClientBuilder(kb); - final List solrUrls = solrURLs; - final LBHttpSolrClient lbSolrClient = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction() { - @Override - public LBHttpSolrClient run() throws Exception { - LBHttpSolrClient.Builder builder = new LBHttpSolrClient.Builder(); - builder.withBaseSolrUrl(solrUrls.get(0)); - builder.withConnectionTimeout(1000); - LBHttpSolrClient lbSolrClient = builder.build(); - return lbSolrClient; - }; - }); - - for (int i = 1; i < solrURLs.size(); i++) { - lbSolrClient.addSolrServer(solrURLs.get(i)); - } - me = solrClient = lbSolrClient; - } catch (Throwable t) { - LOG.fatal("Can't connect to Solr server. URL=" - + solrURLs, t); - } - } - } - } - } - } - - @Override - public boolean log(Collection events) { - boolean ret = false; - try { - logStatusIfRequired(); - addTotalCount(events.size()); - - if (solrClient == null) { - connect(); - if (solrClient == null) { - // Solr is still not initialized. So need return error - addDeferredCount(events.size()); - return ret; - } - } - - final Collection docs = new ArrayList(); - for (AuditEventBase event : events) { - AuthzAuditEvent authzEvent = (AuthzAuditEvent) event; - // Convert AuditEventBase to Solr document - SolrInputDocument document = toSolrDoc(authzEvent); - docs.add(document); - } - try { - final UpdateResponse response = addDocsToSolr(solrClient, docs); - - if (response.getStatus() != 0) { - addFailedCount(events.size()); - logFailedEvent(events, response.toString()); - } else { - addSuccessCount(events.size()); - ret = true; - } - } catch (SolrException ex) { - addFailedCount(events.size()); - logFailedEvent(events, ex); - } - } catch (Throwable t) { - addDeferredCount(events.size()); - logError("Error sending message to Solr", t); - } - return ret; - } - - /* - * (non-Javadoc) - * - * @see org.apache.ranger.audit.provider.AuditProvider#flush() - */ - @Override - public void flush() { - - } - - SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) { - SolrInputDocument doc = new SolrInputDocument(); - doc.addField("id", auditEvent.getEventId()); - doc.addField("access", auditEvent.getAccessType()); - doc.addField("enforcer", auditEvent.getAclEnforcer()); - doc.addField("agent", auditEvent.getAgentId()); - doc.addField("repo", auditEvent.getRepositoryName()); - doc.addField("sess", auditEvent.getSessionId()); - doc.addField("reqUser", auditEvent.getUser()); - doc.addField("reqData", auditEvent.getRequestData()); - doc.addField("resource", auditEvent.getResourcePath()); - doc.addField("cliIP", auditEvent.getClientIP()); - doc.addField("logType", auditEvent.getLogType()); - doc.addField("result", auditEvent.getAccessResult()); - doc.addField("policy", auditEvent.getPolicyId()); - doc.addField("repoType", auditEvent.getRepositoryType()); - doc.addField("resType", auditEvent.getResourceType()); - doc.addField("reason", auditEvent.getResultReason()); - doc.addField("action", auditEvent.getAction()); - doc.addField("evtTime", auditEvent.getEventTime()); - doc.addField("seq_num", auditEvent.getSeqNum()); - doc.setField("event_count", auditEvent.getEventCount()); - doc.setField("event_dur_ms", auditEvent.getEventDurationMS()); - doc.setField("tags", auditEvent.getTags()); - doc.setField("cluster", auditEvent.getClusterName()); - doc.setField("zoneName", auditEvent.getZoneName()); - doc.setField("agentHost", auditEvent.getAgentHostname()); - doc.setField("policyVersion", auditEvent.getPolicyVersion()); - - return doc; - } - - public boolean isAsync() { - return true; - } - - private void init() { - LOG.info("==>SolrAuditDestination.init()" ); - try { - // SolrJ requires "java.security.auth.login.config" property to be set to identify itself that it is kerberized. So using a dummy property for it - // Acutal solrclient JAAS configs are read from the ranger--audit.xml present in components conf folder and set by InMemoryJAASConfiguration - // Refer InMemoryJAASConfiguration doc for JAAS Configuration - String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG); - LOG.info("In solrAuditDestination.init() : JAAS Configuration set as [" + confFileName + "]"); - if ( System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null ) { - if ( MiscUtil.getBooleanProperty(props, propPrefix + "." + PROP_SOLR_FORCE_USE_INMEMORY_JAAS_CONFIG,false) ) { - System.setProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG, "/dev/null"); - } else { - LOG.warn("No Client JAAS config present in solr audit config. Ranger Audit to Kerberized Solr will fail..."); - } - } - - LOG.info("Loading SolrClient JAAS config from Ranger audit config if present..."); - - InMemoryJAASConfiguration conf = InMemoryJAASConfiguration.init(props); - - KerberosUser kerberosUser = new KerberosJAASConfigUser("Client", conf); - - if (kerberosUser.getPrincipal() != null) { - this.kerberosUser = kerberosUser; - } - } catch (Exception e) { - LOG.error("ERROR: Unable to load SolrClient JAAS config from Audit config file. Audit to Kerberized Solr will fail...", e); - } finally { - String confFileName = System.getProperty(PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG); - LOG.info("In solrAuditDestination.init() (finally) : JAAS Configuration set as [" + confFileName + "]"); - } - LOG.info("<==SolrAuditDestination.init()" ); - } - - private KeyManager[] getKeyManagers() { - KeyManager[] kmList = null; - String credentialProviderPath = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL); - String keyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS; - String keyStoreFile = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE); - String keyStoreFilepwd = MiscUtil.getCredentialString(credentialProviderPath, keyStoreAlias); - if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) { - InputStream in = null; - - try { - in = getFileInputStream(keyStoreFile); - - if (in != null) { - String keyStoreType = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE); - keyStoreType = StringUtils.isNotEmpty(keyStoreType) ? keyStoreType : RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT; - KeyStore keyStore = KeyStore.getInstance(keyStoreType); - - keyStore.load(in, keyStoreFilepwd.toCharArray()); - - KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE); - - keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray()); - - kmList = keyManagerFactory.getKeyManagers(); - } else { - LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]"); - } - } catch (KeyStoreException e) { - LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e); - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is NOT available in the environment", e); - } catch (CertificateException e) { - LOG.error("Unable to obtain the requested certification ", e); - } catch (FileNotFoundException e) { - LOG.error("Unable to find the necessary SSL Keystore Files", e); - } catch (IOException e) { - LOG.error("Unable to read the necessary SSL Keystore Files", e); - } catch (UnrecoverableKeyException e) { - LOG.error("Unable to recover the key from keystore", e); - } finally { - close(in, keyStoreFile); - } - } - - return kmList; - } - - private TrustManager[] getTrustManagers() { - TrustManager[] tmList = null; - String credentialProviderPath = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL); - String trustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS; - String trustStoreFile = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_TRUSTSTORE_FILE); - String trustStoreFilepwd = MiscUtil.getCredentialString(credentialProviderPath, trustStoreAlias); - if (StringUtils.isNotEmpty(trustStoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) { - InputStream in = null; - - try { - in = getFileInputStream(trustStoreFile); - - if (in != null) { - String trustStoreType = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE); - trustStoreType = StringUtils.isNotEmpty(trustStoreType) ? trustStoreType : RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT; - KeyStore trustStore = KeyStore.getInstance(trustStoreType); - - trustStore.load(in, trustStoreFilepwd.toCharArray()); - - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE); - - trustManagerFactory.init(trustStore); - - tmList = trustManagerFactory.getTrustManagers(); - } else { - LOG.error("Unable to obtain truststore from file [" + trustStoreFile + "]"); - } - } catch (KeyStoreException e) { - LOG.error("Unable to obtain from KeyStore", e); - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is NOT available in the environment :" + e.getMessage(), e); - } catch (CertificateException e) { - LOG.error("Unable to obtain the requested certification :" + e.getMessage(), e); - } catch (FileNotFoundException e) { - LOG.error("Unable to find the necessary SSL TrustStore File:" + trustStoreFile, e); - } catch (IOException e) { - LOG.error("Unable to read the necessary SSL TrustStore Files :" + trustStoreFile, e); - } finally { - close(in, trustStoreFile); - } - } - - return tmList; - } - - private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) { - SSLContext sslContext = null; - try { - sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE); - if (sslContext != null) { - sslContext.init(kmList, tmList, new SecureRandom()); - } - } catch (NoSuchAlgorithmException e) { - LOG.error("SSL algorithm is not available in the environment", e); - } catch (KeyManagementException e) { - LOG.error("Unable to initialise the SSLContext", e); - } - return sslContext; - } - - private UpdateResponse addDocsToSolr(final SolrClient solrClient, final Collection docs) throws Exception { - final UpdateResponse ret; - - try { - final PrivilegedExceptionAction action = () -> solrClient.add(docs); - - if (kerberosUser != null) { - // execute the privileged action as the given keytab user - final KerberosAction kerberosAction = new KerberosAction<>(kerberosUser, action, LOG); - - ret = (UpdateResponse) kerberosAction.execute(); - } else { - ret = action.run(); - } - } catch (Exception e) { - throw e; - } - - return ret; - } - - private InputStream getFileInputStream(String fileName) throws IOException { - InputStream in = null; - if (StringUtils.isNotEmpty(fileName)) { - File file = new File(fileName); - if (file != null && file.exists()) { - in = new FileInputStream(file); - } else { - in = ClassLoader.getSystemResourceAsStream(fileName); - } - } - return in; - } - - private void close(InputStream str, String filename) { - if (str != null) { - try { - str.close(); - } catch (IOException excp) { - LOG.error("Error while closing file: [" + filename + "]", excp); - } - } - } -} diff --git a/auth-audits/src/main/java/org/apache/atlas/audit/provider/AuditProviderFactory.java b/auth-audits/src/main/java/org/apache/atlas/audit/provider/AuditProviderFactory.java index 269da05423..7b67e9c640 100644 --- a/auth-audits/src/main/java/org/apache/atlas/audit/provider/AuditProviderFactory.java +++ b/auth-audits/src/main/java/org/apache/atlas/audit/provider/AuditProviderFactory.java @@ -23,7 +23,6 @@ import org.apache.hadoop.util.ShutdownHookManager; import org.apache.atlas.audit.destination.*; import org.apache.atlas.audit.provider.hdfs.HdfsAuditProvider; -import org.apache.atlas.audit.provider.solr.SolrAuditProvider; import org.apache.atlas.audit.queue.AuditAsyncQueue; import org.apache.atlas.audit.queue.AuditBatchQueue; import org.apache.atlas.audit.queue.AuditFileQueue; @@ -331,19 +330,6 @@ public synchronized void init(Properties props, String appType) { } }*/ - if (isAuditToSolrEnabled) { - LOG.info("SolrAuditProvider is enabled"); - SolrAuditProvider solrProvider = new SolrAuditProvider(); - solrProvider.init(props); - - if (solrProvider.isAsync()) { - AsyncAuditProvider asyncProvider = new AsyncAuditProvider( - "MySolrAuditProvider", 1000, 1000, solrProvider); - providers.add(asyncProvider); - } else { - providers.add(solrProvider); - } - } if (isAuditToLog4jEnabled) { Log4jAuditProvider log4jProvider = new Log4jAuditProvider(); @@ -416,8 +402,6 @@ private AuditHandler getProviderFromConfig(Properties props, provider = new FileAuditDestination(); } else if (providerName.equalsIgnoreCase("hdfs")) { provider = new HDFSAuditDestination(); - } else if (providerName.equalsIgnoreCase("solr")) { - provider = new SolrAuditDestination(); } else if (providerName.equalsIgnoreCase("elasticsearch")) { provider = new ElasticSearchAuditDestination(); } /*else if (providerName.equalsIgnoreCase("kafka")) { diff --git a/auth-audits/src/main/java/org/apache/atlas/audit/provider/solr/SolrAuditProvider.java b/auth-audits/src/main/java/org/apache/atlas/audit/provider/solr/SolrAuditProvider.java deleted file mode 100644 index 914f45685e..0000000000 --- a/auth-audits/src/main/java/org/apache/atlas/audit/provider/solr/SolrAuditProvider.java +++ /dev/null @@ -1,303 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.audit.provider.solr; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.atlas.audit.destination.AuditDestination; -import org.apache.atlas.audit.model.AuditEventBase; -import org.apache.atlas.audit.model.AuthzAuditEvent; -import org.apache.atlas.audit.provider.MiscUtil; -import org.apache.atlas.audit.utils.SolrAppUtil; -import org.apache.solr.client.solrj.SolrClient; -import org.apache.solr.client.solrj.impl.HttpSolrClient; -import org.apache.solr.client.solrj.response.UpdateResponse; -import org.apache.solr.common.SolrInputDocument; - -import java.io.IOException; -import java.security.PrivilegedExceptionAction; -import java.util.Collection; -import java.util.Collections; -import java.util.Date; -import java.util.Properties; - -public class SolrAuditProvider extends AuditDestination { - private static final Log LOG = LogFactory.getLog(SolrAuditProvider.class); - - public static final String AUDIT_MAX_QUEUE_SIZE_PROP = "xasecure.audit.solr.async.max.queue.size"; - public static final String AUDIT_MAX_FLUSH_INTERVAL_PROP = "xasecure.audit.solr.async.max.flush.interval.ms"; - public static final String AUDIT_RETRY_WAIT_PROP = "xasecure.audit.solr.retry.ms"; - - static final Object lock = new Object(); - volatile SolrClient solrClient = null; - Date lastConnectTime = null; - long lastFailTime = 0; - - int retryWaitTime = 30000; - - public SolrAuditProvider() { - } - - @Override - public void init(Properties props) { - LOG.info("init() called"); - super.init(props); - - retryWaitTime = MiscUtil.getIntProperty(props, - AUDIT_RETRY_WAIT_PROP, retryWaitTime); - } - - void connect() { - SolrClient me = solrClient; - if (me == null) { - synchronized (lock) { - me = solrClient; - if (me == null) { - final String solrURL = MiscUtil.getStringProperty(props, - "xasecure.audit.solr.solr_url"); - - if (lastConnectTime != null) { - // Let's wait for enough time before retrying - long diff = System.currentTimeMillis() - - lastConnectTime.getTime(); - if (diff < retryWaitTime) { - if (LOG.isDebugEnabled()) { - LOG.debug("Ignore connecting to solr url=" - + solrURL + ", lastConnect=" + diff - + "ms"); - } - return; - } - } - lastConnectTime = new Date(); - - if (solrURL == null || solrURL.isEmpty()) { - LOG.fatal("Solr URL for Audit is empty"); - return; - } - - try { - // TODO: Need to support SolrCloud also - solrClient = MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction() { - @Override - public SolrClient run() throws Exception { - HttpSolrClient.Builder builder = new HttpSolrClient.Builder(); - builder.withBaseSolrUrl(solrURL); - builder.allowCompression(true); - builder.withConnectionTimeout(1000); - HttpSolrClient httpSolrClient = builder.build(); - return httpSolrClient; - }; - }); - - me = solrClient; - } catch (Throwable t) { - LOG.fatal("Can't connect to Solr server. URL=" - + solrURL, t); - } - } - } - } - } - - /* - * (non-Javadoc) - * - * @see - * org.apache.ranger.audit.provider.AuditProvider#log(org.apache.ranger. - * audit.model.AuditEventBase) - */ - @Override - public boolean log(AuditEventBase event) { - if (!(event instanceof AuthzAuditEvent)) { - LOG.error(event.getClass().getName() - + " audit event class type is not supported"); - return false; - } - AuthzAuditEvent authzEvent = (AuthzAuditEvent) event; - // TODO: This should be done at a higher level - - if (authzEvent.getAgentHostname() == null) { - authzEvent.setAgentHostname(MiscUtil.getHostname()); - } - - if (authzEvent.getLogType() == null) { - authzEvent.setLogType("RangerAudit"); - } - - if (authzEvent.getEventId() == null) { - authzEvent.setEventId(MiscUtil.generateUniqueId()); - } - - try { - if (solrClient == null) { - connect(); - if (solrClient == null) { - // Solr is still not initialized. So need to throw error - return false; - } - } - - if (lastFailTime > 0) { - long diff = System.currentTimeMillis() - lastFailTime; - if (diff < retryWaitTime) { - if (LOG.isDebugEnabled()) { - LOG.debug("Ignore sending audit. lastConnect=" + diff - + " ms"); - } - return false; - } - } - // Convert AuditEventBase to Solr document - final SolrInputDocument document = toSolrDoc(authzEvent); - final Collection docs = Collections.singletonList(document); - final UpdateResponse response = SolrAppUtil.addDocsToSolr(solrClient, docs); - - if (response.getStatus() != 0) { - lastFailTime = System.currentTimeMillis(); - - // System.out.println("Response=" + response.toString() - // + ", status= " + response.getStatus() + ", event=" - // + event); - // throw new Exception("Aborting. event=" + event + - // ", response=" - // + response.toString()); - } else { - lastFailTime = 0; - } - - } catch (Throwable t) { - LOG.error("Error sending message to Solr", t); - return false; - } - return true; - } - - @Override - public boolean log(Collection events) { - for (AuditEventBase event : events) { - log(event); - } - return true; - } - - @Override - public boolean logJSON(String event) { - AuditEventBase eventObj = MiscUtil.fromJson(event, - AuthzAuditEvent.class); - return log(eventObj); - } - - @Override - public boolean logJSON(Collection events) { - for (String event : events) { - logJSON(event); - } - return false; - } - - /* - * (non-Javadoc) - * - * @see org.apache.ranger.audit.provider.AuditProvider#start() - */ - @Override - public void start() { - connect(); - } - - /* - * (non-Javadoc) - * - * @see org.apache.ranger.audit.provider.AuditProvider#stop() - */ - @Override - public void stop() { - LOG.info("SolrAuditProvider.stop() called.."); - try { - if (solrClient != null) { - solrClient.close(); - } - } catch (IOException ioe) { - LOG.error("Error while stopping slor!", ioe); - } finally { - solrClient = null; - } - } - - /* - * (non-Javadoc) - * - * @see org.apache.ranger.audit.provider.AuditProvider#waitToComplete() - */ - @Override - public void waitToComplete() { - - } - - - @Override - public void waitToComplete(long timeout) { - - } - - /* - * (non-Javadoc) - * - * @see org.apache.ranger.audit.provider.AuditProvider#flush() - */ - @Override - public void flush() { - // TODO Auto-generated method stub - - } - - SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) { - SolrInputDocument doc = new SolrInputDocument(); - doc.addField("id", auditEvent.getEventId()); - doc.addField("access", auditEvent.getAccessType()); - doc.addField("enforcer", auditEvent.getAclEnforcer()); - doc.addField("agent", auditEvent.getAgentId()); - doc.addField("repo", auditEvent.getRepositoryName()); - doc.addField("sess", auditEvent.getSessionId()); - doc.addField("reqUser", auditEvent.getUser()); - doc.addField("reqData", auditEvent.getRequestData()); - doc.addField("resource", auditEvent.getResourcePath()); - doc.addField("cliIP", auditEvent.getClientIP()); - doc.addField("logType", auditEvent.getLogType()); - doc.addField("result", auditEvent.getAccessResult()); - doc.addField("policy", auditEvent.getPolicyId()); - doc.addField("repoType", auditEvent.getRepositoryType()); - doc.addField("resType", auditEvent.getResourceType()); - doc.addField("reason", auditEvent.getResultReason()); - doc.addField("action", auditEvent.getAction()); - doc.addField("evtTime", auditEvent.getEventTime()); - doc.addField("tags", auditEvent.getTags()); - doc.addField("cluster", auditEvent.getClusterName()); - doc.addField("zone", auditEvent.getZoneName()); - doc.addField("agentHost", auditEvent.getAgentHostname()); - return doc; - } - - public boolean isAsync() { - return true; - } - -} diff --git a/auth-audits/src/main/java/org/apache/atlas/audit/utils/SolrAppUtil.java b/auth-audits/src/main/java/org/apache/atlas/audit/utils/SolrAppUtil.java deleted file mode 100644 index c232b945fc..0000000000 --- a/auth-audits/src/main/java/org/apache/atlas/audit/utils/SolrAppUtil.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.audit.utils; - -import org.apache.atlas.audit.provider.MiscUtil; -import org.apache.solr.client.solrj.SolrClient; -import org.apache.solr.client.solrj.response.UpdateResponse; -import org.apache.solr.common.SolrInputDocument; - -import java.security.PrivilegedExceptionAction; -import java.util.Collection; - -public class SolrAppUtil { - public static UpdateResponse addDocsToSolr(final SolrClient solrClient, final Collection docs) throws Exception { - return MiscUtil.executePrivilegedAction(new PrivilegedExceptionAction() { - @Override - public UpdateResponse run() throws Exception { - return solrClient.add(docs); - } - }); - } -} diff --git a/graphdb/janus/pom.xml b/graphdb/janus/pom.xml index 7ae163ec5e..3662d6b3b7 100644 --- a/graphdb/janus/pom.xml +++ b/graphdb/janus/pom.xml @@ -203,22 +203,6 @@ - - - org.apache.solr - solr-solrj - ${solr.version} - - - org.codehaus.woodstox - woodstox-core-asl - - - io.netty - * - - - org.apache.lucene diff --git a/notification/pom.xml b/notification/pom.xml index 4d7c810708..3cd4e07de9 100644 --- a/notification/pom.xml +++ b/notification/pom.xml @@ -151,11 +151,6 @@ hadoop-common ${hadoop.version} - - org.apache.hadoop - hadoop-auth - ${hadoop.version} - org.slf4j slf4j-api diff --git a/pom.xml b/pom.xml index 6e23472641..364a7d59e4 100644 --- a/pom.xml +++ b/pom.xml @@ -1041,12 +1041,6 @@ - - org.apache.hadoop - hadoop-auth - ${hadoop.version} - - org.apache.hadoop hadoop-client diff --git a/repository/src/main/java/org/apache/atlas/repository/graph/GraphBackedSearchIndexer.java b/repository/src/main/java/org/apache/atlas/repository/graph/GraphBackedSearchIndexer.java index 3a730b0ce9..550b69e4ad 100755 --- a/repository/src/main/java/org/apache/atlas/repository/graph/GraphBackedSearchIndexer.java +++ b/repository/src/main/java/org/apache/atlas/repository/graph/GraphBackedSearchIndexer.java @@ -130,7 +130,7 @@ public GraphBackedSearchIndexer(AtlasTypeRegistry typeRegistry) throws AtlasExce this.typeRegistry = typeRegistry; //make sure solr index follows graph backed index listener - addIndexListener(new SolrIndexHelper(typeRegistry)); + //addIndexListener(new SolrIndexHelper(typeRegistry)); if (!HAConfiguration.isHAEnabled(configuration)) { initialize(provider.get());