This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch ranger-2.6 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit b21073851d38de74417f581a9a9c0e1886d6ab40 Author: Madhan Neethiraj <[email protected]> AuthorDate: Thu Dec 12 21:09:55 2024 -0800 RANGER-5073: docker setup updated to support Oracle database (cherry picked from commit 8699770b92b466a5313d4d3e8e1acceb8e99b582) (cherry picked from commit db3cb2e2f5b8f27c2412308938d93d969a94c62b) --- dev-support/ranger-docker/.env | 1 + dev-support/ranger-docker/Dockerfile.ranger | 4 + dev-support/ranger-docker/Dockerfile.ranger-hive | 5 +- dev-support/ranger-docker/Dockerfile.ranger-kms | 4 + dev-support/ranger-docker/Dockerfile.ranger-oracle | 26 +++ dev-support/ranger-docker/README.md | 2 +- dev-support/ranger-docker/config/init_oracle.sh | 45 +++++ .../ranger-docker/docker-compose.ranger-oracle.yml | 21 ++ dev-support/ranger-docker/download-archives.sh | 1 + .../ranger-docker/scripts/hive-site-oracle.xml | 52 +++++ .../scripts/ranger-admin-install-oracle.properties | 93 +++++++++ .../scripts/ranger-kms-install-oracle.properties | 225 +++++++++++++++++++++ 12 files changed, 477 insertions(+), 2 deletions(-) diff --git a/dev-support/ranger-docker/.env b/dev-support/ranger-docker/.env index e273422a0..b88e29c43 100644 --- a/dev-support/ranger-docker/.env +++ b/dev-support/ranger-docker/.env @@ -35,6 +35,7 @@ UBI_VERSION=latest # third party image versions MARIADB_VERSION=10.7.3 POSTGRES_VERSION=12 +ORACLE_VERSION=23.6 ENABLE_DB_MOUNT=true ZK_VERSION=3.9.2 SOLR_VERSION=8.11.3 diff --git a/dev-support/ranger-docker/Dockerfile.ranger b/dev-support/ranger-docker/Dockerfile.ranger index ca77da97a..f5081ff57 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger +++ b/dev-support/ranger-docker/Dockerfile.ranger @@ -55,6 +55,10 @@ COPY ./downloads/log4jdbc-1.2.jar /home/ranger/dist/ RUN mv /home/ranger/dist/mysql-connector-java-8.0.28.jar /usr/share/java/mysql-connector.jar \ && mv /home/ranger/dist/log4jdbc-1.2.jar ${RANGER_HOME}/admin/ews/webapp/WEB-INF/lib/log4jdbc-1.2.jar +FROM ranger AS ranger_oracle +COPY ./downloads/ojdbc8.jar /home/ranger/dist/ +RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar + FROM ranger_${RANGER_DB_TYPE} USER ranger diff --git a/dev-support/ranger-docker/Dockerfile.ranger-hive b/dev-support/ranger-docker/Dockerfile.ranger-hive index 403f0a6cb..e4a07dd9e 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-hive +++ b/dev-support/ranger-docker/Dockerfile.ranger-hive @@ -13,6 +13,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +ARG RANGER_DB_TYPE FROM ranger-base:latest @@ -26,7 +27,8 @@ COPY ./dist/version /home/ranger/dist/ COPY ./dist/ranger-${HIVE_PLUGIN_VERSION}-hive-plugin.tar.gz /home/ranger/dist/ COPY ./downloads/apache-hive-${HIVE_VERSION}-bin.tar.gz /home/ranger/dist/ COPY ./downloads/hadoop-${HIVE_HADOOP_VERSION}.tar.gz /home/ranger/dist/ -COPY ./downloads/mysql-connector-java-8.0.28.jar /home/ranger/dist +COPY ./downloads/mysql-connector-java-8.0.28.jar /home/ranger/dist/ +COPY ./downloads/ojdbc8.jar /home/ranger/dist/ COPY ./scripts/ranger-hive-setup.sh /home/ranger/scripts/ COPY ./scripts/ranger-hive.sh /home/ranger/scripts/ @@ -37,6 +39,7 @@ RUN tar xvfz /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz --director ln -s /opt/apache-hive-${HIVE_VERSION}-bin /opt/hive && \ rm -f /home/ranger/dist/apache-hive-${HIVE_VERSION}-bin.tar.gz && \ mv /home/ranger/dist/mysql-connector-java-8.0.28.jar /opt/hive/lib/ && \ + mv /home/ranger/dist/ojdbc8.jar /opt/hive/lib/ && \ tar xvfz /home/ranger/dist/hadoop-${HIVE_HADOOP_VERSION}.tar.gz --directory=/opt/ && \ ln -s /opt/hadoop-${HIVE_HADOOP_VERSION} /opt/hadoop && \ rm -f /home/ranger/dist/hadoop-${HIVE_HADOOP_VERSION}.tar.gz && \ diff --git a/dev-support/ranger-docker/Dockerfile.ranger-kms b/dev-support/ranger-docker/Dockerfile.ranger-kms index c3431c5b1..5e70d0da5 100644 --- a/dev-support/ranger-docker/Dockerfile.ranger-kms +++ b/dev-support/ranger-docker/Dockerfile.ranger-kms @@ -54,6 +54,10 @@ COPY ./downloads/log4jdbc-1.2.jar /home/ranger/dist/ RUN mv /home/ranger/dist/mysql-connector-java-8.0.28.jar /usr/share/java/mysql-connector-java.jar && \ mv /home/ranger/dist/log4jdbc-1.2.jar ${RANGER_HOME}/kms/ews/webapp/WEB-INF/lib/log4jdbc-1.2.jar +FROM ranger-kms AS ranger_oracle +COPY ./downloads/ojdbc8.jar /home/ranger/dist/ +RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar + FROM ranger_${RANGER_DB_TYPE} ENTRYPOINT [ "/home/ranger/scripts/ranger-kms.sh" ] diff --git a/dev-support/ranger-docker/Dockerfile.ranger-oracle b/dev-support/ranger-docker/Dockerfile.ranger-oracle new file mode 100644 index 000000000..5b83334c8 --- /dev/null +++ b/dev-support/ranger-docker/Dockerfile.ranger-oracle @@ -0,0 +1,26 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG ORACLE_VERSION +FROM gvenzl/oracle-free:${ORACLE_VERSION}-slim + +# Copy DB init script +USER 0 +RUN mkdir -p /docker-entrypoint-initdb.d +COPY config/init_oracle.sh /docker-entrypoint-initdb.d/ +RUN chown -R oracle /docker-entrypoint-initdb.d/ +ENV ORACLE_PASSWORD=rangerR0cks! +USER oracle diff --git a/dev-support/ranger-docker/README.md b/dev-support/ranger-docker/README.md index 361656aa5..346ac5e66 100644 --- a/dev-support/ranger-docker/README.md +++ b/dev-support/ranger-docker/README.md @@ -81,7 +81,7 @@ docker-compose -f docker-compose.ranger-base-ubi.yml build --no-cache # To enable file based sync source for usersync do: # export ENABLE_FILE_SYNC_SOURCE=true -# valid values for RANGER_DB_TYPE: mysql/postgres +# valid values for RANGER_DB_TYPE: mysql/postgres/oracle docker-compose -f docker-compose.ranger.yml -f docker-compose.ranger-${RANGER_DB_TYPE}.yml -f docker-compose.ranger-usersync.yml -f docker-compose.ranger-tagsync.yml up -d diff --git a/dev-support/ranger-docker/config/init_oracle.sh b/dev-support/ranger-docker/config/init_oracle.sh new file mode 100644 index 000000000..aae4c0056 --- /dev/null +++ b/dev-support/ranger-docker/config/init_oracle.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +export ORACLE_SID=FREE + +sqlplus / AS SYSDBA <<EOSQL + ALTER SESSION SET container=FREEPDB1; + + CREATE TABLESPACE ranger DATAFILE '/tmp/ranger.dbf' SIZE 50m ONLINE; + CREATE USER rangeradmin IDENTIFIED BY "rangerR0cks!" DEFAULT TABLESPACE ranger QUOTA 50m ON ranger ACCOUNT UNLOCK; + GRANT SELECT_CATALOG_ROLE TO rangeradmin; + GRANT CONNECT, RESOURCE TO rangeradmin; + GRANT CREATE SESSION, CREATE PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE SEQUENCE, CREATE PUBLIC SYNONYM, CREATE ANY SYNONYM, CREATE TRIGGER, UNLIMITED TABLESPACE TO rangeradmin; + + CREATE TABLESPACE rangerkms DATAFILE '/tmp/rangerkms.dbf' SIZE 10m ONLINE; + CREATE USER rangerkms IDENTIFIED BY "rangerR0cks!" DEFAULT TABLESPACE rangerkms QUOTA 25m ON rangerkms ACCOUNT UNLOCK; + GRANT SELECT_CATALOG_ROLE TO rangerkms; + GRANT CONNECT, RESOURCE TO rangerkms; + GRANT CREATE SESSION, CREATE PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE SEQUENCE, CREATE PUBLIC SYNONYM, CREATE ANY SYNONYM, CREATE TRIGGER, UNLIMITED TABLESPACE TO rangerkms; + + + CREATE TABLESPACE hive DATAFILE '/tmp/hive.dbf' SIZE 25m ONLINE; + CREATE USER hive IDENTIFIED BY "rangerR0cks!" DEFAULT TABLESPACE hive QUOTA 25m ON hive ACCOUNT UNLOCK; + GRANT SELECT_CATALOG_ROLE TO hive; + GRANT CONNECT, RESOURCE TO hive; + GRANT CREATE SESSION, CREATE PROCEDURE, CREATE TABLE, CREATE VIEW, CREATE SEQUENCE, CREATE PUBLIC SYNONYM, CREATE ANY SYNONYM, CREATE TRIGGER, UNLIMITED TABLESPACE TO hive; +EOSQL diff --git a/dev-support/ranger-docker/docker-compose.ranger-oracle.yml b/dev-support/ranger-docker/docker-compose.ranger-oracle.yml new file mode 100644 index 000000000..64113d5e5 --- /dev/null +++ b/dev-support/ranger-docker/docker-compose.ranger-oracle.yml @@ -0,0 +1,21 @@ +services: + ranger-db: + build: + context: . + dockerfile: Dockerfile.ranger-oracle + args: + - ORACLE_VERSION=${ORACLE_VERSION} + image: ranger-oracle + container_name: ranger-oracle + hostname: ranger-db.example.com + networks: + - ranger + healthcheck: + test: ["CMD", "healthcheck.sh"] + interval: 10s + timeout: 2s + retries: 30 + +networks: + ranger: + name: rangernw diff --git a/dev-support/ranger-docker/download-archives.sh b/dev-support/ranger-docker/download-archives.sh index b073f6f47..e7a4bf217 100755 --- a/dev-support/ranger-docker/download-archives.sh +++ b/dev-support/ranger-docker/download-archives.sh @@ -43,6 +43,7 @@ downloadIfNotPresent() { downloadIfNotPresent postgresql-42.2.16.jre7.jar "https://search.maven.org/remotecontent?filepath=org/postgresql/postgresql/42.2.16.jre7"; downloadIfNotPresent mysql-connector-java-8.0.28.jar "https://search.maven.org/remotecontent?filepath=mysql/mysql-connector-java/8.0.28"; +downloadIfNotPresent ojdbc8.jar https://download.oracle.com/otn-pub/otn_software/jdbc/236 downloadIfNotPresent log4jdbc-1.2.jar https://repo1.maven.org/maven2/com/googlecode/log4jdbc/log4jdbc/1.2 if [[ $# -eq 0 ]] diff --git a/dev-support/ranger-docker/scripts/hive-site-oracle.xml b/dev-support/ranger-docker/scripts/hive-site-oracle.xml new file mode 100644 index 000000000..2b8cc5e08 --- /dev/null +++ b/dev-support/ranger-docker/scripts/hive-site-oracle.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!-- +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>javax.jdo.option.ConnectionURL</name> + <value>jdbc:oracle:thin:@//ranger-db:1521/FREEPDB1</value> + </property> + <property> + <name>javax.jdo.option.ConnectionDriverName</name> + <value>oracle.jdbc.OracleDriver</value> + </property> + <property> + <name>javax.jdo.option.ConnectionUserName</name> + <value>hive</value> + </property> + <property> + <name>javax.jdo.option.ConnectionPassword</name> + <value>rangerR0cks!</value> + </property> + + <property> + <name>hive.server2.enable.doAs</name> + <value>false</value> + </property> + + <property> + <name>hive.zookeeper.quorum</name> + <value>ranger-zk.example.com</value> + </property> + <property> + <name>hive.zookeeper.client.port</name> + <value>2181</value> + </property> +</configuration> diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties b/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties new file mode 100644 index 000000000..dfc3c5504 --- /dev/null +++ b/dev-support/ranger-docker/scripts/ranger-admin-install-oracle.properties @@ -0,0 +1,93 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# This file provides a list of the deployment variables for the Policy Manager Web Application +# + +PYTHON_COMMAND_INVOKER=python3 +RANGER_ADMIN_LOG_DIR=/var/log/ranger +RANGER_PID_DIR_PATH=/var/run/ranger +DB_FLAVOR=ORACLE +SQL_CONNECTOR_JAR=/usr/share/java/oracle.jar +RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml + +db_root_user=system +db_root_password=rangerR0cks! +db_host=ranger-db:1521/FREEPDB1 + +db_name=ranger +db_user=rangeradmin +db_password=rangerR0cks! + +postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql +postgres_audit_file=db/postgres/xa_audit_db_postgres.sql +mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql +mysql_audit_file=db/mysql/xa_audit_db.sql +oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql +oracle_audit_file=db/oracle/xa_audit_db_oracle.sql + +rangerAdmin_password=rangerR0cks! +rangerTagsync_password=rangerR0cks! +rangerUsersync_password=rangerR0cks! +keyadmin_password=rangerR0cks! + + +audit_store=solr +audit_solr_urls=http://ranger-solr:8983/solr/ranger_audits +audit_solr_collection_name=ranger_audits + +# audit_store=elasticsearch +audit_elasticsearch_urls= +audit_elasticsearch_port=9200 +audit_elasticsearch_protocol=http +audit_elasticsearch_user=elastic +audit_elasticsearch_password=elasticsearch +audit_elasticsearch_index=ranger_audits +audit_elasticsearch_bootstrap_enabled=true + +policymgr_external_url=http://ranger-admin:6080 +policymgr_http_enabled=true + +unix_user=ranger +unix_user_pwd=ranger +unix_group=ranger + +# Following variables are referenced in db_setup.py. Do not remove these +sqlserver_core_file= +sqlanywhere_core_file= +cred_keystore_filename= + +# ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### +# +# --- These deployment variables are not to be modified unless you understand the full impact of the changes +# +################################################################################ +XAPOLICYMGR_DIR=$PWD +app_home=$PWD/ews/webapp +TMPFILE=$PWD/.fi_tmp +LOGFILE=$PWD/logfile +LOGFILES="$LOGFILE" + +JAVA_BIN='java' +JAVA_VERSION_REQUIRED='1.8' + +ranger_admin_max_heap_size=1g +#retry DB and Java patches after the given time in seconds. +PATCH_RETRY_INTERVAL=120 +STALE_PATCH_ENTRY_HOLD_TIME=10 + +hadoop_conf= +authentication_method=UNIX diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties new file mode 100755 index 000000000..33097eb40 --- /dev/null +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties @@ -0,0 +1,225 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# This file provides a list of the deployment variables for the Ranger KMS Web Application +# + +PYTHON_COMMAND_INVOKER=python3 +DB_FLAVOR=ORACLE +SQL_CONNECTOR_JAR=/usr/share/java/oracle.jar + +db_root_user=system +db_root_password=rangerR0cks! +db_host=ranger-db:1521/FREEPDB1 + +db_name=rangerkms +db_user=rangerkms +db_password=rangerR0cks! + +mysql_core_file=db/mysql/kms_core_db.sql +postgres_core_file=db/postgres/kms_core_db_postgres.sql +oracle_core_file=db/oracle/kms_core_db_oracle.sql + +#SSL config +db_ssl_enabled=false +db_ssl_required=false +db_ssl_verifyServerCertificate=false +#db_ssl_auth_type=1-way|2-way, where 1-way represents standard one way ssl authentication and 2-way represents mutual ssl authentication +db_ssl_auth_type=2-way +javax_net_ssl_keyStore= +javax_net_ssl_keyStorePassword= +javax_net_ssl_trustStore= +javax_net_ssl_trustStorePassword= +javax_net_ssl_trustStore_type=jks +javax_net_ssl_keyStore_type=jks + +# For postgresql db +db_ssl_certificate_file= + +#For over-riding the jdbc url. +is_override_db_connection_string=false +db_override_connection_string= + + +#------------------------- DB CONFIG - END ---------------------------------- +#KMS Server config +ranger_kms_http_enabled=true +ranger_kms_https_keystore_file= +ranger_kms_https_keystore_keyalias=rangerkms +ranger_kms_https_keystore_password= + +#------------------------- RANGER KMS Install Dir ------------------ +COMPONENT_INSTALL_DIR_NAME=/opt/ranger/kms + +#------------------------- RANGER KMS Master Key Crypt Key ------------------ +KMS_MASTER_KEY_PASSWD=Str0ngPassw0rd + +#------------------------- Ranger KMS Kerberos Configuration --------------------------- +kms_principal= +kms_keytab= +hadoop_conf= + +#------------------------- Ranger KMS HSM CONFIG ------------------------------ +HSM_TYPE=LunaProvider +HSM_ENABLED=false +HSM_PARTITION_NAME=par19 +HSM_PARTITION_PASSWORD=S@fenet123 + +#------------------------- Ranger SAFENET KEYSECURE CONFIG ------------------------------ +KEYSECURE_ENABLED=false +KEYSECURE_USER_PASSWORD_AUTHENTICATION=true +KEYSECURE_MASTERKEY_NAME=safenetkeysecure +KEYSECURE_USERNAME=user1 +KEYSECURE_PASSWORD=t1e2s3t4 +KEYSECURE_HOSTNAME=SunPKCS11-keysecurehn +KEYSECURE_MASTER_KEY_SIZE=256 +KEYSECURE_LIB_CONFIG_PATH=/opt/safenetConf/64/8.3.1/sunpkcs11.cfg + +#------------------------- Ranger Azure Key Vault ------------------------------ +AZURE_KEYVAULT_ENABLED=false +AZURE_KEYVAULT_SSL_ENABLED=false +AZURE_CLIENT_ID=50fd7ca6-fd4f-4785-a13f-1a6cc4e95e42 +AZURE_CLIENT_SECRET=<AzureKeyVaultPassword> +AZURE_AUTH_KEYVAULT_CERTIFICATE_PATH=/home/machine/Desktop/azureAuthCertificate/keyvault-MyCert.pfx +# Initialize below prop if your certificate file has any password +#AZURE_AUTH_KEYVAULT_CERTIFICATE_PASSWORD=certPass +AZURE_MASTERKEY_NAME=RangerMasterKey +# E.G. RSA, RSA_HSM, EC, EC_HSM, OCT +AZURE_MASTER_KEY_TYPE=RSA +# E.G. RSA_OAEP, RSA_OAEP_256, RSA1_5, RSA_OAEP +ZONE_KEY_ENCRYPTION_ALGO=RSA_OAEP +AZURE_KEYVAULT_URL=https://shahkeyvault.vault.azure.net/ + +#------------------------- Ranger Google Cloud HSM ------------------------------ +IS_GCP_ENABLED=false +GCP_KEYRING_ID= +GCP_CRED_JSON_FILE=/full/path/to/credfile.json +GCP_PROJECT_ID= +GCP_LOCATION_ID= +GCP_MASTER_KEY_NAME=MyMasterKeyNameChangeIt + +#------------------------- Ranger Tencent KMS ------------------------------ +TENCENT_KMS_ENABLED=false +TENCENT_MASTERKEY_ID=b756b016-6e11-11ec-a735-525400fe0300 +TENCENT_CLIENT_ID=AKIDrXx6ybx2qNdiaBWaNs76pGQJvFJ6crpW +TENCENT_CLIENT_SECRET=<TencentSecretKey> +TENCENT_CLIENT_REGION=ap-beijing + +# ------- UNIX User CONFIG ---------------- +# +unix_user=rangerkms +unix_user_pwd=kms +unix_group=ranger + +# Following variables are referenced in db_setup.py. Do not remove these +sqlserver_core_file= +sqlanywhere_core_file= +cred_keystore_filename= + +# +# ------- UNIX User CONFIG - END ---------------- +# + +POLICY_MGR_URL=http://ranger:6080 +REPOSITORY_NAME=dev_kms + +# AUDIT configuration with V3 properties +XAAUDIT.SOLR.IS_ENABLED=true +XAAUDIT.SOLR.MAX_QUEUE_SIZE=1 +XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000 +XAAUDIT.SOLR.SOLR_URL=http://ranger-solr:8983/solr/ranger_audits +XAAUDIT.SUMMARY.ENABLE=true + +# Following properties are needed to get past installation script! Please don't remove +XAAUDIT.HDFS.IS_ENABLED=false +XAAUDIT.HDFS.DESTINATION_DIRECTORY=/ranger/audit +XAAUDIT.HDFS.DESTINTATION_FILE=hive +XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900 +XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400 +XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60 +XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/hive/audit +XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/hive/audit/archive +XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log +XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60 +XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600 +XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10 + +XAAUDIT.SOLR.ENABLE=true +XAAUDIT.SOLR.URL=http://ranger-solr:8983/solr/ranger_audits +XAAUDIT.SOLR.USER=NONE +XAAUDIT.SOLR.PASSWORD=NONE +XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool + +XAAUDIT.ELASTICSEARCH.ENABLE=false +XAAUDIT.ELASTICSEARCH.URL=NONE +XAAUDIT.ELASTICSEARCH.USER=NONE +XAAUDIT.ELASTICSEARCH.PASSWORD=NONE +XAAUDIT.ELASTICSEARCH.INDEX=NONE +XAAUDIT.ELASTICSEARCH.PORT=NONE +XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE + +XAAUDIT.HDFS.ENABLE=true +XAAUDIT.HDFS.HDFS_DIR=hdfs://ranger-hadoop:9000/ranger/audit +XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/hive/audit/hdfs/spool + +XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME +XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY +XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER +XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER + +XAAUDIT.LOG4J.ENABLE=false +XAAUDIT.LOG4J.IS_ASYNC=false +XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240 +XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000 +XAAUDIT.LOG4J.DESTINATION.LOG4J=false +XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit + +XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false +XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE +XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE +XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE +XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE + +SSL_KEYSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-keystore.jks +SSL_KEYSTORE_PASSWORD=myKeyFilePassword +SSL_TRUSTSTORE_FILE_PATH=/etc/hive/conf/ranger-plugin-truststore.jks +SSL_TRUSTSTORE_PASSWORD=changeit + + +# Custom log directory path +RANGER_KMS_LOG_DIR=/var/log/ranger/kms + +#PID file path +RANGER_KMS_PID_DIR_PATH=/var/run/ranger_kms +# ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### +# +# --- These deployment variables are not to be modified unless you understand the full impact of the changes +# +################################################################################ +KMS_DIR=$PWD +app_home=$PWD/ews/webapp +TMPFILE=$PWD/.fi_tmp +LOGFILE=$PWD/logfile + +JAVA_BIN='java' +JAVA_VERSION_REQUIRED='1.8' +JAVA_ORACLE='Java(TM) SE Runtime Environment' + + +cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangerkms.jceks + +KMS_BLACKLIST_DECRYPT_EEK=hdfs
