This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.5 by this push:
new 8699770b9 RANGER-5073: docker setup updated to support Oracle database
8699770b9 is described below
commit 8699770b92b466a5313d4d3e8e1acceb8e99b582
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Thu Dec 12 21:09:55 2024 -0800
RANGER-5073: docker setup updated to support Oracle database
---
dev-support/ranger-docker/.env | 1 +
dev-support/ranger-docker/Dockerfile.ranger | 4 +
dev-support/ranger-docker/Dockerfile.ranger-hive | 5 +-
dev-support/ranger-docker/Dockerfile.ranger-kms | 4 +
dev-support/ranger-docker/Dockerfile.ranger-oracle | 26 +++
dev-support/ranger-docker/README.md | 2 +-
dev-support/ranger-docker/config/init_oracle.sh | 45 +++++
.../ranger-docker/docker-compose.ranger-oracle.yml | 21 ++
dev-support/ranger-docker/download-archives.sh | 1 +
.../ranger-docker/scripts/hive-site-oracle.xml | 52 +++++
.../scripts/ranger-admin-install-oracle.properties | 93 +++++++++
.../scripts/ranger-kms-install-oracle.properties | 225 +++++++++++++++++++++
pom.xml | 29 +--
13 files changed, 480 insertions(+), 28 deletions(-)
diff --git a/dev-support/ranger-docker/.env b/dev-support/ranger-docker/.env
index 3936c1fac..708eeefb7 100644
--- a/dev-support/ranger-docker/.env
+++ b/dev-support/ranger-docker/.env
@@ -26,6 +26,7 @@ RANGER_ADMIN_JAVA_VERSION=8
UBUNTU_VERSION=20.04
MARIADB_VERSION=10.7.3
POSTGRES_VERSION=12
+ORACLE_VERSION=23.6
ENABLE_DB_MOUNT=true
ZK_VERSION=3.9.2
SOLR_VERSION=8.11.3
diff --git a/dev-support/ranger-docker/Dockerfile.ranger
b/dev-support/ranger-docker/Dockerfile.ranger
index a0fd0fec7..6658ea3bf 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger
+++ b/dev-support/ranger-docker/Dockerfile.ranger
@@ -52,6 +52,10 @@ COPY ./downloads/log4jdbc-1.2.jar
/home/ranger/dist/
RUN mv /home/ranger/dist/mysql-connector-java-8.0.28.jar
/usr/share/java/mysql-connector.jar \
&& mv /home/ranger/dist/log4jdbc-1.2.jar
${RANGER_HOME}/admin/ews/webapp/WEB-INF/lib/log4jdbc-1.2.jar
+FROM ranger AS ranger_oracle
+COPY ./downloads/ojdbc8.jar /home/ranger/dist/
+RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar
+
FROM ranger_${RANGER_DB_TYPE}
USER ranger
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-hive
b/dev-support/ranger-docker/Dockerfile.ranger-hive
index dd326f854..d404183d7 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-hive
+++ b/dev-support/ranger-docker/Dockerfile.ranger-hive
@@ -13,6 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+ARG RANGER_DB_TYPE
FROM ranger-base:latest
@@ -26,7 +27,8 @@ COPY ./dist/version
/home/ranger/dist/
COPY ./dist/ranger-${HIVE_PLUGIN_VERSION}-hive-plugin.tar.gz /home/ranger/dist/
COPY ./downloads/apache-hive-${HIVE_VERSION}-bin.tar.gz /home/ranger/dist/
COPY ./downloads/hadoop-${HIVE_HADOOP_VERSION}.tar.gz /home/ranger/dist/
-COPY ./downloads/mysql-connector-java-8.0.28.jar /home/ranger/dist
+COPY ./downloads/mysql-connector-java-8.0.28.jar /home/ranger/dist/
+COPY ./downloads/ojdbc8.jar /home/ranger/dist/
COPY ./scripts/ranger-hive-setup.sh /home/ranger/scripts/
COPY ./scripts/ranger-hive.sh /home/ranger/scripts/
@@ -37,6 +39,7 @@ RUN tar xvfz
/home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz --director
ln -s /opt/apache-hive-${HIVE_VERSION}-bin /opt/hive && \
rm -f /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz && \
mv /home/ranger/dist/mysql-connector-java-8.0.28.jar /opt/hive/lib/ && \
+ mv /home/ranger/dist/ojdbc8.jar /opt/hive/lib/ && \
tar xvfz /home/ranger/dist/hadoop-${HIVE_HADOOP_VERSION}.tar.gz
--directory=/opt/ && \
ln -s /opt/hadoop-${HIVE_HADOOP_VERSION} /opt/hadoop && \
rm -f /home/ranger/dist/hadoop-${HIVE_HADOOP_VERSION}.tar.gz && \
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-kms
b/dev-support/ranger-docker/Dockerfile.ranger-kms
index c3431c5b1..5e70d0da5 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-kms
+++ b/dev-support/ranger-docker/Dockerfile.ranger-kms
@@ -54,6 +54,10 @@ COPY ./downloads/log4jdbc-1.2.jar
/home/ranger/dist/
RUN mv /home/ranger/dist/mysql-connector-java-8.0.28.jar
/usr/share/java/mysql-connector-java.jar && \
mv /home/ranger/dist/log4jdbc-1.2.jar
${RANGER_HOME}/kms/ews/webapp/WEB-INF/lib/log4jdbc-1.2.jar
+FROM ranger-kms AS ranger_oracle
+COPY ./downloads/ojdbc8.jar /home/ranger/dist/
+RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar
+
FROM ranger_${RANGER_DB_TYPE}
ENTRYPOINT [ "/home/ranger/scripts/ranger-kms.sh" ]
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-oracle
b/dev-support/ranger-docker/Dockerfile.ranger-oracle
new file mode 100644
index 000000000..5b83334c8
--- /dev/null
+++ b/dev-support/ranger-docker/Dockerfile.ranger-oracle
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG ORACLE_VERSION
+FROM gvenzl/oracle-free:${ORACLE_VERSION}-slim
+
+# Copy DB init script
+USER 0
+RUN mkdir -p /docker-entrypoint-initdb.d
+COPY config/init_oracle.sh /docker-entrypoint-initdb.d/
+RUN chown -R oracle /docker-entrypoint-initdb.d/
+ENV ORACLE_PASSWORD=rangerR0cks!
+USER oracle
diff --git a/dev-support/ranger-docker/README.md
b/dev-support/ranger-docker/README.md
index 231e91fbf..75208928f 100644
--- a/dev-support/ranger-docker/README.md
+++ b/dev-support/ranger-docker/README.md
@@ -71,7 +71,7 @@ Docker files in this folder create docker images and run them
to build Apache Ra
docker-compose -f docker-compose.ranger-base.yml -f
docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f
docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml -f
docker-compose.ranger-kms.yml -f docker-compose.ranger-hadoop.yml -f
docker-compose.ranger-hbase.yml -f docker-compose.ranger-kafka.yml -f
docker-compose.ranger-hive.yml -f docker-compose.ranger-knox.yml up -d
~~~
- - valid values for RANGER_DB_TYPE: mysql or postgres
+ - valid values for RANGER_DB_TYPE: mysql or postgres or oracle
9. To run ranger enabled Trino in containers (Requires docker build with JDK
11):
~~~
docker-compose -f docker-compose.ranger-base.yml -f
docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f
docker-compose.ranger-trino.yml up -d
diff --git a/dev-support/ranger-docker/config/init_oracle.sh
b/dev-support/ranger-docker/config/init_oracle.sh
new file mode 100644
index 000000000..aae4c0056
--- /dev/null
+++ b/dev-support/ranger-docker/config/init_oracle.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+set -e
+
+export ORACLE_SID=FREE
+
+sqlplus / AS SYSDBA <<EOSQL
+ ALTER SESSION SET container=FREEPDB1;
+
+ CREATE TABLESPACE ranger DATAFILE '/tmp/ranger.dbf' SIZE 50m ONLINE;
+ CREATE USER rangeradmin IDENTIFIED BY "rangerR0cks!" DEFAULT TABLESPACE
ranger QUOTA 50m ON ranger ACCOUNT UNLOCK;
+ GRANT SELECT_CATALOG_ROLE TO rangeradmin;
+ GRANT CONNECT, RESOURCE TO rangeradmin;
+ GRANT CREATE SESSION, CREATE PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE
SEQUENCE, CREATE PUBLIC SYNONYM, CREATE ANY SYNONYM, CREATE TRIGGER, UNLIMITED
TABLESPACE TO rangeradmin;
+
+ CREATE TABLESPACE rangerkms DATAFILE '/tmp/rangerkms.dbf' SIZE 10m ONLINE;
+ CREATE USER rangerkms IDENTIFIED BY "rangerR0cks!" DEFAULT TABLESPACE
rangerkms QUOTA 25m ON rangerkms ACCOUNT UNLOCK;
+ GRANT SELECT_CATALOG_ROLE TO rangerkms;
+ GRANT CONNECT, RESOURCE TO rangerkms;
+ GRANT CREATE SESSION, CREATE PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE
SEQUENCE, CREATE PUBLIC SYNONYM, CREATE ANY SYNONYM, CREATE TRIGGER, UNLIMITED
TABLESPACE TO rangerkms;
+
+
+ CREATE TABLESPACE hive DATAFILE '/tmp/hive.dbf' SIZE 25m ONLINE;
+ CREATE USER hive IDENTIFIED BY "rangerR0cks!" DEFAULT TABLESPACE hive
QUOTA 25m ON hive ACCOUNT UNLOCK;
+ GRANT SELECT_CATALOG_ROLE TO hive;
+ GRANT CONNECT, RESOURCE TO hive;
+ GRANT CREATE SESSION, CREATE PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE
SEQUENCE, CREATE PUBLIC SYNONYM, CREATE ANY SYNONYM, CREATE TRIGGER, UNLIMITED
TABLESPACE TO hive;
+EOSQL
diff --git a/dev-support/ranger-docker/docker-compose.ranger-oracle.yml
b/dev-support/ranger-docker/docker-compose.ranger-oracle.yml
new file mode 100644
index 000000000..64113d5e5
--- /dev/null
+++ b/dev-support/ranger-docker/docker-compose.ranger-oracle.yml
@@ -0,0 +1,21 @@
+services:
+ ranger-db:
+ build:
+ context: .
+ dockerfile: Dockerfile.ranger-oracle
+ args:
+ - ORACLE_VERSION=${ORACLE_VERSION}
+ image: ranger-oracle
+ container_name: ranger-oracle
+ hostname: ranger-db.example.com
+ networks:
+ - ranger
+ healthcheck:
+ test: ["CMD", "healthcheck.sh"]
+ interval: 10s
+ timeout: 2s
+ retries: 30
+
+networks:
+ ranger:
+ name: rangernw
diff --git a/dev-support/ranger-docker/download-archives.sh
b/dev-support/ranger-docker/download-archives.sh
index 4b2736fb6..c04ce41e3 100755
--- a/dev-support/ranger-docker/download-archives.sh
+++ b/dev-support/ranger-docker/download-archives.sh
@@ -50,6 +50,7 @@ downloadIfNotPresent apache-hive-${HIVE_VERSION}-bin.tar.gz
https://archive.apac
downloadIfNotPresent hadoop-${HIVE_HADOOP_VERSION}.tar.gz
https://archive.apache.org/dist/hadoop/common/hadoop-${HIVE_HADOOP_VERSION}
downloadIfNotPresent postgresql-42.2.16.jre7.jar
https://search.maven.org/remotecontent?filepath=org/postgresql/postgresql/42.2.16.jre7
downloadIfNotPresent mysql-connector-java-8.0.28.jar
https://search.maven.org/remotecontent?filepath=mysql/mysql-connector-java/8.0.28
+downloadIfNotPresent ojdbc8.jar
https://download.oracle.com/otn-pub/otn_software/jdbc/236
downloadIfNotPresent log4jdbc-1.2.jar
https://repo1.maven.org/maven2/com/googlecode/log4jdbc/log4jdbc/1.2
downloadIfNotPresent knox-${KNOX_VERSION}.tar.gz
https://archive.apache.org/dist/knox/${KNOX_VERSION}
diff --git a/dev-support/ranger-docker/scripts/hive-site-oracle.xml
b/dev-support/ranger-docker/scripts/hive-site-oracle.xml
new file mode 100644
index 000000000..2b8cc5e08
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/hive-site-oracle.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!--
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>javax.jdo.option.ConnectionURL</name>
+ <value>jdbc:oracle:thin:@//ranger-db:1521/FREEPDB1</value>
+ </property>
+ <property>
+ <name>javax.jdo.option.ConnectionDriverName</name>
+ <value>oracle.jdbc.OracleDriver</value>
+ </property>
+ <property>
+ <name>javax.jdo.option.ConnectionUserName</name>
+ <value>hive</value>
+ </property>
+ <property>
+ <name>javax.jdo.option.ConnectionPassword</name>
+ <value>rangerR0cks!</value>
+ </property>
+
+ <property>
+ <name>hive.server2.enable.doAs</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>hive.zookeeper.quorum</name>
+ <value>ranger-zk.example.com</value>
+ </property>
+ <property>
+ <name>hive.zookeeper.client.port</name>
+ <value>2181</value>
+ </property>
+</configuration>
diff --git
a/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties
b/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties
new file mode 100644
index 000000000..dfc3c5504
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties
@@ -0,0 +1,93 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file provides a list of the deployment variables for the Policy Manager
Web Application
+#
+
+PYTHON_COMMAND_INVOKER=python3
+RANGER_ADMIN_LOG_DIR=/var/log/ranger
+RANGER_PID_DIR_PATH=/var/run/ranger
+DB_FLAVOR=ORACLE
+SQL_CONNECTOR_JAR=/usr/share/java/oracle.jar
+RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml
+
+db_root_user=system
+db_root_password=rangerR0cks!
+db_host=ranger-db:1521/FREEPDB1
+
+db_name=ranger
+db_user=rangeradmin
+db_password=rangerR0cks!
+
+postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql
+postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
+mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
+mysql_audit_file=db/mysql/xa_audit_db.sql
+oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql
+oracle_audit_file=db/oracle/xa_audit_db_oracle.sql
+
+rangerAdmin_password=rangerR0cks!
+rangerTagsync_password=rangerR0cks!
+rangerUsersync_password=rangerR0cks!
+keyadmin_password=rangerR0cks!
+
+
+audit_store=solr
+audit_solr_urls=http://ranger-solr:8983/solr/ranger_audits
+audit_solr_collection_name=ranger_audits
+
+# audit_store=elasticsearch
+audit_elasticsearch_urls=
+audit_elasticsearch_port=9200
+audit_elasticsearch_protocol=http
+audit_elasticsearch_user=elastic
+audit_elasticsearch_password=elasticsearch
+audit_elasticsearch_index=ranger_audits
+audit_elasticsearch_bootstrap_enabled=true
+
+policymgr_external_url=http://ranger-admin:6080
+policymgr_http_enabled=true
+
+unix_user=ranger
+unix_user_pwd=ranger
+unix_group=ranger
+
+# Following variables are referenced in db_setup.py. Do not remove these
+sqlserver_core_file=
+sqlanywhere_core_file=
+cred_keystore_filename=
+
+# ################# DO NOT MODIFY ANY VARIABLES BELOW
#########################
+#
+# --- These deployment variables are not to be modified unless you understand
the full impact of the changes
+#
+################################################################################
+XAPOLICYMGR_DIR=$PWD
+app_home=$PWD/ews/webapp
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+LOGFILES="$LOGFILE"
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.8'
+
+ranger_admin_max_heap_size=1g
+#retry DB and Java patches after the given time in seconds.
+PATCH_RETRY_INTERVAL=120
+STALE_PATCH_ENTRY_HOLD_TIME=10
+
+hadoop_conf=
+authentication_method=UNIX
diff --git
a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties
b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties
new file mode 100755
index 000000000..33097eb40
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties
@@ -0,0 +1,225 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file provides a list of the deployment variables for the Ranger KMS Web
Application
+#
+
+PYTHON_COMMAND_INVOKER=python3
+DB_FLAVOR=ORACLE
+SQL_CONNECTOR_JAR=/usr/share/java/oracle.jar
+
+db_root_user=system
+db_root_password=rangerR0cks!
+db_host=ranger-db:1521/FREEPDB1
+
+db_name=rangerkms
+db_user=rangerkms
+db_password=rangerR0cks!
+
+mysql_core_file=db/mysql/kms_core_db.sql
+postgres_core_file=db/postgres/kms_core_db_postgres.sql
+oracle_core_file=db/oracle/kms_core_db_oracle.sql
+
+#SSL config
+db_ssl_enabled=false
+db_ssl_required=false
+db_ssl_verifyServerCertificate=false
+#db_ssl_auth_type=1-way|2-way, where 1-way represents standard one way ssl
authentication and 2-way represents mutual ssl authentication
+db_ssl_auth_type=2-way
+javax_net_ssl_keyStore=
+javax_net_ssl_keyStorePassword=
+javax_net_ssl_trustStore=
+javax_net_ssl_trustStorePassword=
+javax_net_ssl_trustStore_type=jks
+javax_net_ssl_keyStore_type=jks
+
+# For postgresql db
+db_ssl_certificate_file=
+
+#For over-riding the jdbc url.
+is_override_db_connection_string=false
+db_override_connection_string=
+
+
+#------------------------- DB CONFIG - END ----------------------------------
+#KMS Server config
+ranger_kms_http_enabled=true
+ranger_kms_https_keystore_file=
+ranger_kms_https_keystore_keyalias=rangerkms
+ranger_kms_https_keystore_password=
+
+#------------------------- RANGER KMS Install Dir ------------------
+COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms
+
+#------------------------- RANGER KMS Master Key Crypt Key ------------------
+KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd
+
+#------------------------- Ranger KMS Kerberos Configuration
---------------------------
+kms_principal=
+kms_keytab=
+hadoop_conf=
+
+#------------------------- Ranger KMS HSM CONFIG ------------------------------
+HSM_TYPE=LunaProvider
+HSM_ENABLED=false
+HSM_PARTITION_NAME=par19
+HSM_PARTITION_PASSWORD=S@fenet123
+
+#------------------------- Ranger SAFENET KEYSECURE CONFIG
------------------------------
+KEYSECURE_ENABLED=false
+KEYSECURE_USER_PASSWORD_AUTHENTICATION=true
+KEYSECURE_MASTERKEY_NAME=safenetkeysecure
+KEYSECURE_USERNAME=user1
+KEYSECURE_PASSWORD=t1e2s3t4
+KEYSECURE_HOSTNAME=SunPKCS11-keysecurehn
+KEYSECURE_MASTER_KEY_SIZE=256
+KEYSECURE_LIB_CONFIG_PATH=/opt/safenetConf/64/8.3.1/sunpkcs11.cfg
+
+#------------------------- Ranger Azure Key Vault
------------------------------
+AZURE_KEYVAULT_ENABLED=false
+AZURE_KEYVAULT_SSL_ENABLED=false
+AZURE_CLIENT_ID=50fd7ca6-fd4f-4785-a13f-1a6cc4e95e42
+AZURE_CLIENT_SECRET=<AzureKeyVaultPassword>
+AZURE_AUTH_KEYVAULT_CERTIFICATE_PATH=/home/machine/Desktop/azureAuthCertificate/keyvault-MyCert.pfx
+# Initialize below prop if your certificate file has any password
+#AZURE_AUTH_KEYVAULT_CERTIFICATE_PASSWORD=certPass
+AZURE_MASTERKEY_NAME=RangerMasterKey
+# E.G. RSA, RSA_HSM, EC, EC_HSM, OCT
+AZURE_MASTER_KEY_TYPE=RSA
+# E.G. RSA_OAEP, RSA_OAEP_256, RSA1_5, RSA_OAEP
+ZONE_KEY_ENCRYPTION_ALGO=RSA_OAEP
+AZURE_KEYVAULT_URL=https://shahkeyvault.vault.azure.net/
+
+#------------------------- Ranger Google Cloud HSM
------------------------------
+IS_GCP_ENABLED=false
+GCP_KEYRING_ID=
+GCP_CRED_JSON_FILE=/full/path/to/credfile.json
+GCP_PROJECT_ID=
+GCP_LOCATION_ID=
+GCP_MASTER_KEY_NAME=MyMasterKeyNameChangeIt
+
+#------------------------- Ranger Tencent KMS ------------------------------
+TENCENT_KMS_ENABLED=false
+TENCENT_MASTERKEY_ID=b756b016-6e11-11ec-a735-525400fe0300
+TENCENT_CLIENT_ID=AKIDrXx6ybx2qNdiaBWaNs76pGQJvFJ6crpW
+TENCENT_CLIENT_SECRET=<TencentSecretKey>
+TENCENT_CLIENT_REGION=ap-beijing
+
+# ------- UNIX User CONFIG ----------------
+#
+unix_user=rangerkms
+unix_user_pwd=kms
+unix_group=ranger
+
+# Following variables are referenced in db_setup.py. Do not remove these
+sqlserver_core_file=
+sqlanywhere_core_file=
+cred_keystore_filename=
+
+#
+# ------- UNIX User CONFIG - END ----------------
+#
+
+POLICY_MGR_URL=http://ranger:6080
+REPOSITORY_NAME=dev_kms
+
+# AUDIT configuration with V3 properties
+XAAUDIT.SOLR.IS_ENABLED=true
+XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
+XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
+XAAUDIT.SOLR.SOLR_URL=http://ranger-solr:8983/solr/ranger_audits
+XAAUDIT.SUMMARY.ENABLE=true
+
+# Following properties are needed to get past installation script! Please
don't remove
+XAAUDIT.HDFS.IS_ENABLED=false
+XAAUDIT.HDFS.DESTINATION_DIRECTORY=/ranger/audit
+XAAUDIT.HDFS.DESTINTATION_FILE=hive
+XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
+XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
+XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/hive/audit
+XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/hive/audit/archive
+XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
+XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
+XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
+
+XAAUDIT.SOLR.ENABLE=true
+XAAUDIT.SOLR.URL=http://ranger-solr:8983/solr/ranger_audits
+XAAUDIT.SOLR.USER=NONE
+XAAUDIT.SOLR.PASSWORD=NONE
+XAAUDIT.SOLR.ZOOKEEPER=NONE
+XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool
+
+XAAUDIT.ELASTICSEARCH.ENABLE=false
+XAAUDIT.ELASTICSEARCH.URL=NONE
+XAAUDIT.ELASTICSEARCH.USER=NONE
+XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
+XAAUDIT.ELASTICSEARCH.INDEX=NONE
+XAAUDIT.ELASTICSEARCH.PORT=NONE
+XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
+
+XAAUDIT.HDFS.ENABLE=true
+XAAUDIT.HDFS.HDFS_DIR=hdfs://ranger-hadoop:9000/ranger/audit
+XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool
+
+XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
+XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
+
+XAAUDIT.LOG4J.ENABLE=false
+XAAUDIT.LOG4J.IS_ASYNC=false
+XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
+XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
+XAAUDIT.LOG4J.DESTINATION.LOG4J=false
+XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
+SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit
+
+
+# Custom log directory path
+RANGER_KMS_LOG_DIR=/var/log/ranger/kms
+
+#PID file path
+RANGER_KMS_PID_DIR_PATH=/var/run/ranger_kms
+# ################# DO NOT MODIFY ANY VARIABLES BELOW
#########################
+#
+# --- These deployment variables are not to be modified unless you understand
the full impact of the changes
+#
+################################################################################
+KMS_DIR=$PWD
+app_home=$PWD/ews/webapp
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.8'
+JAVA_ORACLE='Java(TM) SE Runtime Environment'
+
+
+cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks
+
+KMS_BLACKLIST_DECRYPT_EEK=hdfs
diff --git a/pom.xml b/pom.xml
index be162d010..b4ed3fb7f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -790,33 +790,10 @@
</distributionManagement>
<repositories>
<repository>
- <id>apache.snapshots.https</id>
- <name>Apache Development Snapshot Repository</name>
-
<url>https://repository.apache.org/content/repositories/snapshots</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
+ <id>jetbrains-pty4j</id>
+ <name>jetbrains-intellij-dependencies</name>
+
<url>https://packages.jetbrains.team/maven/p/ij/intellij-dependencies</url>
</repository>
- <repository>
- <id>apache.public.https</id>
- <name>Apache Development Snapshot Repository</name>
-
<url>https://repository.apache.org/content/repositories/public</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- <!--
- <repository>
- <id>repo</id>
- <url>file://${basedir}/local-repo</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- -->
</repositories>
<dependencyManagement>
<dependencies>
