This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.6 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 8302220012c98101864f9c3fcddec0f970744f05 Author: Abhishek Kumar <[email protected]> AuthorDate: Sat Sep 7 00:04:40 2024 -0700 RANGER-3746: Introduce ubi9-minimal as the ranger base image with build & space optimizations (#288) Co-authored-by: abhishek-kumar <[email protected]> (cherry picked from commit 204801c62c8f90d40b348de331f864e42363c2b7) --- dev-support/ranger-docker/.env | 13 +++- dev-support/ranger-docker/Dockerfile.ranger | 6 +- dev-support/ranger-docker/Dockerfile.ranger-base | 1 + .../ranger-docker/Dockerfile.ranger-base-ubi | 83 ++++++++++++++++++++++ dev-support/ranger-docker/Dockerfile.ranger-build | 13 ++-- dev-support/ranger-docker/Dockerfile.ranger-knox | 13 ++-- .../ranger-docker/Dockerfile.ranger-tagsync | 3 + .../ranger-docker/Dockerfile.ranger-usersync | 3 + dev-support/ranger-docker/README.md | 4 ++ dev-support/ranger-docker/dist/.gitignore | 1 - .../docker-compose.ranger-base-ubi.yml | 19 +++++ dev-support/ranger-docker/scripts/ranger-hadoop.sh | 11 ++- dev-support/ranger-docker/scripts/ranger-hbase.sh | 10 ++- dev-support/ranger-docker/scripts/ranger-hive.sh | 10 ++- dev-support/ranger-docker/scripts/ranger-kafka.sh | 10 ++- .../ranger-docker/scripts/ranger-knox-expect.py | 24 +++++++ .../ranger-docker/scripts/ranger-knox-expect.sh | 29 -------- dev-support/ranger-docker/scripts/ranger-knox.sh | 14 +++- kms/scripts/setup.sh | 6 +- security-admin/scripts/setup.sh | 6 +- 20 files changed, 223 insertions(+), 56 deletions(-) diff --git a/dev-support/ranger-docker/.env b/dev-support/ranger-docker/.env index 63af93f88..d227d566e 100644 --- a/dev-support/ranger-docker/.env +++ b/dev-support/ranger-docker/.env @@ -8,11 +8,16 @@ BUILD_OPTS= # To build Trino plugins package, use following PROFILE # PROFILE=ranger-jdk11,!all,!linux -# Java version for RangerBase image. +# Java version for RangerBase ubuntu image. # This image gets used as base docker image for all images. # Valid values: 8, 11, 17 RANGER_BASE_JAVA_VERSION=8 +# Java version for RangerBase ubi image. +# This image gets used as base docker image for all images. +# Valid values: 1.8.0, 11, 17 +RANGER_BASE_UBI_JAVA_VERSION=1.8.0 + # Java version to use to build Apache Ranger # Valid values: 8, 11, 17 # Trino builds on jdk 11 and above @@ -20,10 +25,14 @@ RANGER_BUILD_JAVA_VERSION=8 # Java version to use to run Ranger Admin server # Valid values: 8, 11, 17 +# Should be same as RANGER_BASE_UBI_JAVA_VERSION when running on UBI BASE image. RANGER_ADMIN_JAVA_VERSION=8 -# base & third party images +# base image versions UBUNTU_VERSION=20.04 +UBI_VERSION=latest + +# third party image versions MARIADB_VERSION=10.7.3 POSTGRES_VERSION=12 ENABLE_DB_MOUNT=true diff --git a/dev-support/ranger-docker/Dockerfile.ranger b/dev-support/ranger-docker/Dockerfile.ranger index a0fd0fec7..27ae78cce 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger +++ b/dev-support/ranger-docker/Dockerfile.ranger @@ -22,8 +22,10 @@ ARG RANGER_DB_TYPE ARG TARGETARCH ARG RANGER_ADMIN_JAVA_VERSION -ENV JAVA_HOME /usr/lib/jvm/java-${RANGER_ADMIN_JAVA_VERSION}-openjdk-${TARGETARCH} -RUN update-java-alternatives --set /usr/lib/jvm/java-1.${RANGER_ADMIN_JAVA_VERSION}.0-openjdk-${TARGETARCH} +RUN if [ "${OS_NAME}" == "UBUNTU" ]; then\ + ENV JAVA_HOME /usr/lib/jvm/java-${RANGER_ADMIN_JAVA_VERSION}-openjdk-${TARGETARCH}\ + update-java-alternatives --set /usr/lib/jvm/java-1.${RANGER_ADMIN_JAVA_VERSION}.0-openjdk-${TARGETARCH};\ + fi COPY ./dist/version /home/ranger/dist/ COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz /home/ranger/dist/ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-base b/dev-support/ranger-docker/Dockerfile.ranger-base index 72a850482..e9e0f1aae 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-base +++ b/dev-support/ranger-docker/Dockerfile.ranger-base @@ -19,6 +19,7 @@ FROM ubuntu:${UBUNTU_VERSION} ARG TARGETARCH ARG RANGER_BASE_JAVA_VERSION +ENV OS_NAME UBUNTU # Install tzdata, Python, Java, python-requests RUN apt-get update && \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-base-ubi b/dev-support/ranger-docker/Dockerfile.ranger-base-ubi new file mode 100644 index 000000000..bac55fec4 --- /dev/null +++ b/dev-support/ranger-docker/Dockerfile.ranger-base-ubi @@ -0,0 +1,83 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG UBI_VERSION +FROM registry.access.redhat.com/ubi9/ubi-minimal:${UBI_VERSION} + +USER root +ARG RANGER_BASE_UBI_JAVA_VERSION +ENV OS_NAME RHEL + +RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs \ + install -y java-${RANGER_BASE_UBI_JAVA_VERSION}-openjdk-devel \ + && microdnf clean all \ + && rpm -q java-${RANGER_BASE_UBI_JAVA_VERSION}-openjdk-devel + +ENV JAVA_HOME="/usr/lib/jvm/java-${RANGER_BASE_UBI_JAVA_VERSION}" \ + JAVA_VENDOR="openjdk" \ + JAVA_VERSION="${RANGER_BASE_UBI_JAVA_VERSION}" \ + JBOSS_CONTAINER_OPENJDK_JDK_MODULE="/opt/jboss/container/openjdk/jdk" + +# Install tzdata, Python, python-requests +RUN microdnf install -y python3 python3-pip bc iputils hostname +RUN microdnf install -y tar +RUN microdnf install -y gzip +RUN microdnf install -y procps +RUN microdnf install -y vim + +# for command useradd, groupadd +RUN microdnf install -y shadow-utils + +# for command su +RUN microdnf install -y util-linux-user +RUN microdnf install -y sudo + +# for command service +RUN microdnf install -y initscripts +RUN microdnf install -y openssh-clients +RUN microdnf install -y openssh-server +RUN pip3 install apache-ranger + +# Set environment variables +ENV RANGER_HOME /opt/ranger +ENV RANGER_DIST /home/ranger/dist +ENV RANGER_SCRIPTS /home/ranger/scripts +ENV PATH /usr/java/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +RUN sudo sed -i 's/^HOME_MODE.*/HOME_MODE 0755/' /etc/login.defs + +# setup groups, users, directories +RUN groupadd ranger \ + && groupadd knox \ + && groupadd hadoop \ + && useradd -g ranger -ms /bin/bash ranger \ + && useradd -g ranger -ms /bin/bash rangeradmin \ + && useradd -g ranger -ms /bin/bash rangerusersync \ + && useradd -g ranger -ms /bin/bash rangertagsync \ + && useradd -g ranger -ms /bin/bash rangerkms \ + && useradd -g knox -ms /bin/bash knox \ + && useradd -g hadoop -ms /bin/bash hdfs \ + && useradd -g hadoop -ms /bin/bash yarn \ + && useradd -g hadoop -ms /bin/bash hive \ + && useradd -g hadoop -ms /bin/bash hbase \ + && useradd -g hadoop -ms /bin/bash kafka \ + && mkdir -p /home/ranger/dist \ + && mkdir -p /home/ranger/scripts \ + && chown -R ranger:ranger /home/ranger \ + && mkdir -p /opt/ranger \ + && chown -R ranger:ranger /opt/ranger + +ENTRYPOINT [ "/bin/bash" ] diff --git a/dev-support/ranger-docker/Dockerfile.ranger-build b/dev-support/ranger-docker/Dockerfile.ranger-build index 9a192f152..bf5972d6b 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-build +++ b/dev-support/ranger-docker/Dockerfile.ranger-build @@ -20,15 +20,20 @@ ARG RANGER_BUILD_JAVA_VERSION ARG TARGETARCH # Install necessary packages to build Ranger -RUN apt-get update && apt-get -y install git maven build-essential +RUN if [ "${OS_NAME}" == "UBUNTU" ]; then\ + apt-get update && apt-get -y install git maven build-essential\ + update-java-alternatives --set /usr/lib/jvm/java-1.${RANGER_BUILD_JAVA_VERSION}.0-openjdk-${TARGETARCH}\ + ENV JAVA_HOME /usr/lib/jvm/java-${RANGER_BUILD_JAVA_VERSION}-openjdk-${TARGETARCH};\ + fi + +RUN if [ "${OS_NAME}" == "RHEL" ]; then\ + microdnf install -y git maven gcc;\ + fi # Set environment variables -ENV JAVA_HOME /usr/lib/jvm/java-${RANGER_BUILD_JAVA_VERSION}-openjdk-${TARGETARCH} ENV MAVEN_HOME /usr/share/maven ENV PATH /usr/java/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/apache-maven/bin -RUN update-java-alternatives --set /usr/lib/jvm/java-1.${RANGER_BUILD_JAVA_VERSION}.0-openjdk-${TARGETARCH} - # setup ranger group, and users RUN mkdir -p /home/ranger/git && \ mkdir -p /home/ranger/.m2 && \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-knox b/dev-support/ranger-docker/Dockerfile.ranger-knox index 93ae15fb9..43928cbce 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-knox +++ b/dev-support/ranger-docker/Dockerfile.ranger-knox @@ -27,11 +27,10 @@ COPY ./downloads/knox-${KNOX_VERSION}.tar.gz /home/ranger/dist/ COPY ./scripts/ranger-knox-setup.sh /home/ranger/scripts/ COPY ./scripts/ranger-knox.sh /home/ranger/scripts/ COPY ./scripts/ranger-knox-plugin-install.properties /home/ranger/scripts/ -COPY ./scripts/ranger-knox-expect.sh /home/ranger/scripts/ +COPY ./scripts/ranger-knox-expect.py /home/ranger/scripts/ COPY ./scripts/ranger-knox-sandbox.xml /home/ranger/scripts/ -RUN apt-get update && apt-get install -y expect && \ - tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ && \ +RUN tar xvfz /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz --directory=/opt/ && \ ln -s /opt/knox-${KNOX_VERSION} /opt/knox && \ rm -f /home/ranger/dist/knox-${KNOX_VERSION}.tar.gz && \ tar xvfz /home/ranger/dist/ranger-${KNOX_PLUGIN_VERSION}-knox-plugin.tar.gz --directory=/opt/ranger && \ @@ -39,12 +38,14 @@ RUN apt-get update && apt-get install -y expect && \ rm -f /home/ranger/dist/ranger-${KNOX_PLUGIN_VERSION}-knox-plugin.tar.gz && \ cp -f /home/ranger/scripts/ranger-knox-plugin-install.properties /opt/ranger/ranger-knox-plugin/install.properties && \ cp -f /home/ranger/scripts/ranger-knox-sandbox.xml /opt/knox/conf/topologies/sandbox.xml && \ - chmod 744 ${RANGER_SCRIPTS}/ranger-knox-setup.sh ${RANGER_SCRIPTS}/ranger-knox.sh ${RANGER_SCRIPTS}/ranger-knox-expect.sh + chmod 744 ${RANGER_SCRIPTS}/ranger-knox-setup.sh ${RANGER_SCRIPTS}/ranger-knox.sh ${RANGER_SCRIPTS}/ranger-knox-expect.py ENV KNOX_HOME /opt/knox ENV PATH /usr/java/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/knox/bin -RUN chmod a+rwx /home/ranger/scripts/ranger-knox-expect.sh -RUN /home/ranger/scripts/ranger-knox-expect.sh +RUN chmod a+rwx /home/ranger/scripts/ranger-knox-expect.py + +RUN pip3 install pexpect +RUN python3 /home/ranger/scripts/ranger-knox-expect.py ENTRYPOINT [ "/home/ranger/scripts/ranger-knox.sh" ] diff --git a/dev-support/ranger-docker/Dockerfile.ranger-tagsync b/dev-support/ranger-docker/Dockerfile.ranger-tagsync index 75b2753cf..6e41ae808 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-tagsync +++ b/dev-support/ranger-docker/Dockerfile.ranger-tagsync @@ -35,6 +35,9 @@ RUN tar xvfz /home/ranger/dist/ranger-${TAGSYNC_VERSION}-tagsync.tar.gz --direct mkdir -p /var/log/ranger/tagsync && \ ln -s /usr/bin/python3 /usr/bin/python && \ mkdir -p /etc/ranger && \ + mkdir /etc/init.d || true && \ + mkdir /etc/rc2.d || true && \ + mkdir /etc/rc3.d || true && \ touch /etc/init.d/ranger-tagsync && \ ln -s /etc/init.d/ranger-tagsync /etc/rc2.d/S99ranger-tagsync && \ ln -s /etc/init.d/ranger-tagsync /etc/rc2.d/K00ranger-tagsync && \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-usersync b/dev-support/ranger-docker/Dockerfile.ranger-usersync index f40332701..c1bfe9289 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-usersync +++ b/dev-support/ranger-docker/Dockerfile.ranger-usersync @@ -33,6 +33,9 @@ RUN tar xvfz /home/ranger/dist/ranger-${USERSYNC_VERSION}-usersync.tar.gz --dire mkdir -p /var/log/ranger/usersync && \ ln -s /usr/bin/python3 /usr/bin/python && \ mkdir -p /etc/ranger && \ + mkdir /etc/init.d || true && \ + mkdir /etc/rc2.d || true && \ + mkdir /etc/rc3.d || true && \ touch /etc/init.d/ranger-usersync && \ ln -s /etc/init.d/ranger-usersync /etc/rc2.d/S99ranger-usersync && \ ln -s /etc/init.d/ranger-usersync /etc/rc2.d/K00ranger-usersync && \ diff --git a/dev-support/ranger-docker/README.md b/dev-support/ranger-docker/README.md index 231e91fbf..4ebaf27c8 100644 --- a/dev-support/ranger-docker/README.md +++ b/dev-support/ranger-docker/README.md @@ -62,7 +62,11 @@ Docker files in this folder create docker images and run them to build Apache Ra 3. Build the ranger-base image: ~~~ + # ubuntu base image: docker-compose -f docker-compose.ranger-base.yml build --no-cache + # OR + # ubi base image: + docker-compose -f docker-compose.ranger-base-ubi.yml build --no-cache ~~~ 7. To enable file based sync source for usersync execute: ```export ENABLE_FILE_SYNC_SOURCE=true``` diff --git a/dev-support/ranger-docker/dist/.gitignore b/dev-support/ranger-docker/dist/.gitignore deleted file mode 100644 index 72e8ffc0d..000000000 --- a/dev-support/ranger-docker/dist/.gitignore +++ /dev/null @@ -1 +0,0 @@ -* diff --git a/dev-support/ranger-docker/docker-compose.ranger-base-ubi.yml b/dev-support/ranger-docker/docker-compose.ranger-base-ubi.yml new file mode 100644 index 000000000..80db5b416 --- /dev/null +++ b/dev-support/ranger-docker/docker-compose.ranger-base-ubi.yml @@ -0,0 +1,19 @@ +version: '3' +services: + ranger-base: + build: + context: . + dockerfile: Dockerfile.ranger-base-ubi + args: + - UBI_VERSION=${UBI_VERSION} + - RANGER_BASE_UBI_JAVA_VERSION=${RANGER_BASE_UBI_JAVA_VERSION} + image: ranger-base + container_name: ranger-base + networks: + - ranger + environment: + - RANGER_VERSION + +networks: + ranger: + name: rangernw diff --git a/dev-support/ranger-docker/scripts/ranger-hadoop.sh b/dev-support/ranger-docker/scripts/ranger-hadoop.sh index fca9b6f3e..1ca5af31d 100755 --- a/dev-support/ranger-docker/scripts/ranger-hadoop.sh +++ b/dev-support/ranger-docker/scripts/ranger-hadoop.sh @@ -15,8 +15,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -service ssh start +if [ "${OS_NAME}" = "UBUNTU" ]; then + service ssh start +fi CREATE_HDFS_DIR=false @@ -26,10 +27,16 @@ then su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" hdfs su -c "chmod 0600 ~/.ssh/authorized_keys" hdfs + if [ "${OS_NAME}" = "RHEL" ]; then + ssh-keygen -A + /usr/sbin/sshd + fi + su -c "ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa" yarn su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" yarn su -c "chmod 0600 ~/.ssh/authorized_keys" yarn + # pdsh is unavailable with microdnf in rhel based image. echo "ssh" > /etc/pdsh/rcmd_default diff --git a/dev-support/ranger-docker/scripts/ranger-hbase.sh b/dev-support/ranger-docker/scripts/ranger-hbase.sh index ff27735dc..16ca5efce 100755 --- a/dev-support/ranger-docker/scripts/ranger-hbase.sh +++ b/dev-support/ranger-docker/scripts/ranger-hbase.sh @@ -16,14 +16,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -service ssh start +if [ "${OS_NAME}" = "UBUNTU" ]; then + service ssh start +fi if [ ! -e ${HBASE_HOME}/.setupDone ] then + if [ "${OS_NAME}" = "RHEL" ]; then + ssh-keygen -A + /usr/sbin/sshd + fi + su -c "ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa" hbase su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" hbase su -c "chmod 0600 ~/.ssh/authorized_keys" hbase + # pdsh is unavailable with microdnf in rhel based image. echo "ssh" > /etc/pdsh/rcmd_default diff --git a/dev-support/ranger-docker/scripts/ranger-hive.sh b/dev-support/ranger-docker/scripts/ranger-hive.sh index 403eac9fb..6e8dc4f84 100755 --- a/dev-support/ranger-docker/scripts/ranger-hive.sh +++ b/dev-support/ranger-docker/scripts/ranger-hive.sh @@ -16,7 +16,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -service ssh start +if [ "${OS_NAME}" = "UBUNTU" ]; then + service ssh start +fi if [ ! -e ${HIVE_HOME}/.setupDone ] then @@ -24,10 +26,16 @@ then su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" hdfs su -c "chmod 0600 ~/.ssh/authorized_keys" hdfs + if [ "${OS_NAME}" = "RHEL" ]; then + ssh-keygen -A + /usr/sbin/sshd + fi + su -c "ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa" yarn su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" yarn su -c "chmod 0600 ~/.ssh/authorized_keys" yarn + # pdsh is unavailable with microdnf in rhel based image. echo "ssh" > /etc/pdsh/rcmd_default diff --git a/dev-support/ranger-docker/scripts/ranger-kafka.sh b/dev-support/ranger-docker/scripts/ranger-kafka.sh index 0f505eb4c..c1f6139b1 100755 --- a/dev-support/ranger-docker/scripts/ranger-kafka.sh +++ b/dev-support/ranger-docker/scripts/ranger-kafka.sh @@ -16,14 +16,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -service ssh start +if [ "${OS_NAME}" = "UBUNTU" ]; then + service ssh start +fi if [ ! -e ${KAFKA_HOME}/.setupDone ] then + if [ "${OS_NAME}" = "RHEL" ]; then + ssh-keygen -A + /usr/sbin/sshd + fi + su -c "ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa" kafka su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" kafka su -c "chmod 0600 ~/.ssh/authorized_keys" kafka + # pdsh is unavailable with microdnf in rhel based image. echo "ssh" > /etc/pdsh/rcmd_default diff --git a/dev-support/ranger-docker/scripts/ranger-knox-expect.py b/dev-support/ranger-docker/scripts/ranger-knox-expect.py new file mode 100644 index 000000000..2707c7386 --- /dev/null +++ b/dev-support/ranger-docker/scripts/ranger-knox-expect.py @@ -0,0 +1,24 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. See accompanying LICENSE file. +# +import pexpect + +child = pexpect.spawn('/opt/knox/bin/knoxcli.sh create-master --force') + +child.expect('Enter master secret:') +child.send("admin\r") + +child.expect("Enter master secret again:") +child.send("admin\r") + +child.expect("Master secret has been persisted to disk.") diff --git a/dev-support/ranger-docker/scripts/ranger-knox-expect.sh b/dev-support/ranger-docker/scripts/ranger-knox-expect.sh deleted file mode 100644 index b0890d669..000000000 --- a/dev-support/ranger-docker/scripts/ranger-knox-expect.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env expect - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - - -spawn /opt/knox/bin/knoxcli.sh create-master --force - -expect "Enter master secret:" -send "admin\r" - -expect "Enter master secret again:" -send "admin\r" - -expect "Master secret has been persisted to disk." \ No newline at end of file diff --git a/dev-support/ranger-docker/scripts/ranger-knox.sh b/dev-support/ranger-docker/scripts/ranger-knox.sh index fbcbb20b9..ddd04e244 100755 --- a/dev-support/ranger-docker/scripts/ranger-knox.sh +++ b/dev-support/ranger-docker/scripts/ranger-knox.sh @@ -16,14 +16,22 @@ # See the License for the specific language governing permissions and # limitations under the License. -service ssh start +if [ "${OS_NAME}" = "UBUNTU" ]; then + service ssh start +fi -if [ ! -e ${KNOX_HOME}/.setupDone ] +if [ ! -e "${KNOX_HOME}"/.setupDone ] then + if [ "${OS_NAME}" = "RHEL" ]; then + ssh-keygen -A + /usr/sbin/sshd + fi + su -c "ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa" knox su -c "cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys" knox su -c "chmod 0600 ~/.ssh/authorized_keys" knox + # pdsh is unavailable with microdnf in rhel based image. echo "ssh" > /etc/pdsh/rcmd_default @@ -46,5 +54,5 @@ if [ -z "$KNOX_GATEWAY_PID" ] then echo "The Knox Gateway process probably exited, no process id found!" else - tail --pid=$KNOX_GATEWAY_PID -f /dev/null + tail --pid="$KNOX_GATEWAY_PID" -f /dev/null fi diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh index e45075883..9e31f5d34 100755 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -192,9 +192,11 @@ get_distro(){ log "[I] Checking distribution name.." ver=$(cat /etc/*{issues,release,version} 2> /dev/null) if [[ $(echo $ver | grep DISTRIB_ID) ]]; then - DIST_NAME=$(lsb_release -si) + DIST_NAME=$(lsb_release -si) + elif [[ $(echo $ver | grep -E '^NAME=' | cut -d'"' -f2) ]]; then + DIST_NAME=$(echo $ver | grep -E '^NAME=' | cut -d'"' -f2) else - DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1) + DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1) fi export $DIST_NAME log "[I] Found distribution : $DIST_NAME" diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 16864980d..b5eec25dd 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -219,9 +219,11 @@ get_distro(){ log "[I] Checking distribution name.." ver=$(cat /etc/*{issues,release,version} 2> /dev/null) if [[ $(echo $ver | grep DISTRIB_ID) ]]; then - DIST_NAME=$(lsb_release -si) + DIST_NAME=$(lsb_release -si) + elif [[ $(echo $ver | grep -E '^NAME=' | cut -d'"' -f2) ]]; then + DIST_NAME=$(echo $ver | grep -E '^NAME=' | cut -d'"' -f2) else - DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1) + DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1) fi export $DIST_NAME log "[I] Found distribution : $DIST_NAME"
