def setup_logsearch(): import params Directory([params.logsearch_log_dir, params.logsearch_pid_dir], mode=0755, cd_access='a', owner=params.logsearch_user, group=params.user_group, create_parents=True ) Directory([params.logsearch_dir, params.logsearch_server_conf, params.logsearch_config_set_dir], mode=0755, cd_access='a', owner=params.logsearch_user, group=params.user_group, create_parents=True, recursive_ownership=True ) Directory(params.logsearch_server_keys_folder, cd_access='a', mode=0755, owner=params.logsearch_user, group=params.user_group) File(params.logsearch_log, mode=0644, owner=params.logsearch_user, group=params.user_group, content='' ) params.logsearch_env_config = update_credential_provider_path(params.logsearch_env_config, 'logsearch-env', params.logsearch_env_jceks_file, params.logsearch_user, params.user_group ) params.logsearch_properties[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = 'jceks://file' + params.logsearch_env_jceks_file PropertiesFile(format("{logsearch_server_conf}/logsearch.properties"), properties=params.logsearch_properties ) File(format("{logsearch_server_conf}/HadoopServiceConfig.json"), content=Template("HadoopServiceConfig.json.j2"), owner=params.logsearch_user, group=params.user_group ) File(format("{logsearch_server_conf}/log4j.xml"), content=InlineTemplate(params.logsearch_app_log4j_content), owner=params.logsearch_user, group=params.user_group ) File(format("{logsearch_server_conf}/logsearch-env.sh"), content=InlineTemplate(params.logsearch_env_content), mode=0755, owner=params.logsearch_user, group=params.user_group ) File(format("{logsearch_server_conf}/logsearch-admin.json"), content=InlineTemplate(params.logsearch_admin_content), owner=params.logsearch_user, group=params.user_group ) File(format("{logsearch_config_set_dir}/hadoop_logs/conf/solrconfig.xml"), content=InlineTemplate(params.logsearch_service_logs_solrconfig_content), owner=params.logsearch_user, group=params.user_group ) File(format("{logsearch_config_set_dir}/audit_logs/conf/solrconfig.xml"), content=InlineTemplate(params.logsearch_audit_logs_solrconfig_content), owner=params.logsearch_user, group=params.user_group ) if params.security_enabled: File(format("{logsearch_jaas_file}"), content=Template("logsearch_jaas.conf.j2"), owner=params.logsearch_user ) Execute(("chmod", "-R", "ugo+r", format("{logsearch_server_conf}/solr_configsets")), sudo=True ) check_znode() if params.security_enabled and not params.logsearch_use_external_solr: solr_cloud_util.add_solr_roles(params.config, roles = [params.infra_solr_role_logsearch, params.infra_solr_role_ranger_admin, params.infra_solr_role_dev], new_service_principals = [params.logsearch_kerberos_principal]) solr_cloud_util.add_solr_roles(params.config, roles = [params.infra_solr_role_logfeeder, params.infra_solr_role_dev], new_service_principals = [params.logfeeder_kerberos_principal])
def metadata(type='server'): import params # Needed by both Server and Client Directory(params.conf_dir, mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) if type == "server": Directory([params.pid_dir], mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) Directory(format('{conf_dir}/solr'), mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True, recursive_ownership=True) Directory(params.log_dir, mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) Directory(params.data_dir, mode=0644, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) Directory(params.expanded_war_dir, mode=0644, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) File(format("{expanded_war_dir}/atlas.war"), content=StaticFile( format('{metadata_home}/server/webapp/atlas.war'))) File(format("{conf_dir}/atlas-log4j.xml"), mode=0644, owner=params.metadata_user, group=params.user_group, content=InlineTemplate(params.metadata_log4j_content)) File(format("{conf_dir}/atlas-env.sh"), owner=params.metadata_user, group=params.user_group, mode=0755, content=InlineTemplate(params.metadata_env_content)) if not is_empty(params.atlas_admin_username) and not is_empty( params.atlas_admin_password): psswd_output = hashlib.sha256( params.atlas_admin_password).hexdigest() ModifyPropertiesFile( format("{conf_dir}/users-credentials.properties"), properties={ format('{atlas_admin_username}'): format('ROLE_ADMIN::{psswd_output}') }, owner=params.metadata_user) files_to_chown = [ format("{conf_dir}/policy-store.txt"), format("{conf_dir}/users-credentials.properties") ] for file in files_to_chown: if os.path.exists(file): Execute( ('chown', format('{metadata_user}:{user_group}'), file), sudo=True) Execute(('chmod', '644', file), sudo=True) if params.metadata_solrconfig_content: File(format("{conf_dir}/solr/solrconfig.xml"), mode=0644, owner=params.metadata_user, group=params.user_group, content=InlineTemplate(params.metadata_solrconfig_content)) # Needed by both Server and Client PropertiesFile(format('{conf_dir}/{conf_file}'), properties=params.application_properties, mode=0600, owner=params.metadata_user, group=params.user_group) if params.security_enabled: TemplateConfig(format(params.atlas_jaas_file), owner=params.metadata_user) if type == 'server' and params.search_backend_solr and params.has_infra_solr: solr_cloud_util.setup_solr_client(params.config) check_znode() jaasFile = params.atlas_jaas_file if params.security_enabled else None upload_conf_set('atlas_configs', jaasFile) if params.security_enabled: # update permissions before creating the collections solr_cloud_util.add_solr_roles( params.config, roles=[ params.infra_solr_role_atlas, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev ], new_service_principals=[params.atlas_jaas_principal]) create_collection('vertex_index', 'atlas_configs', jaasFile) create_collection('edge_index', 'atlas_configs', jaasFile) create_collection('fulltext_index', 'atlas_configs', jaasFile) if params.security_enabled: secure_znode(format('{infra_solr_znode}/configs/atlas_configs'), jaasFile) secure_znode(format('{infra_solr_znode}/collections/vertex_index'), jaasFile) secure_znode(format('{infra_solr_znode}/collections/edge_index'), jaasFile) secure_znode( format('{infra_solr_znode}/collections/fulltext_index'), jaasFile) File(params.atlas_hbase_setup, group=params.user_group, owner=params.hbase_user, content=Template("atlas_hbase_setup.rb.j2")) is_atlas_upgrade_support = check_stack_feature( StackFeature.ATLAS_UPGRADE_SUPPORT, get_stack_feature_version(params.config)) if is_atlas_upgrade_support and params.security_enabled: File(params.atlas_kafka_setup, group=params.user_group, owner=params.kafka_user, content=Template("atlas_kafka_acl.sh.j2")) # files required only in case if kafka broker is not present on the host as configured component if not params.host_with_kafka: File(format("{kafka_conf_dir}/kafka-env.sh"), owner=params.kafka_user, content=InlineTemplate(params.kafka_env_sh_template)) File(format("{kafka_conf_dir}/kafka_jaas.conf"), group=params.user_group, owner=params.kafka_user, content=Template("kafka_jaas.conf.j2")) if params.stack_supports_atlas_hdfs_site_on_namenode_ha and len( params.namenode_host) > 1: XmlConfig( "hdfs-site.xml", conf_dir=params.conf_dir, configurations=params.config['configurations']['hdfs-site'], configuration_attributes=params.config['configurationAttributes'] ['hdfs-site'], owner=params.metadata_user, group=params.user_group, mode=0644) else: File(format('{conf_dir}/hdfs-site.xml'), action="delete") ''' Atlas requires hadoop core-site.xml to resolve users/groups synced in HadoopUGI for authentication and authorization process. Earlier the core-site.xml was available in Hbase conf directory which is a part of Atlas class-path, from stack 2.6 onwards, core-site.xml is no more available in Hbase conf directory. Hence need to create core-site.xml in Atlas conf directory. ''' if params.stack_supports_atlas_core_site and params.has_namenode: XmlConfig( "core-site.xml", conf_dir=params.conf_dir, configurations=params.config['configurations']['core-site'], configuration_attributes=params.config['configurationAttributes'] ['core-site'], owner=params.metadata_user, group=params.user_group, mode=0644) Directory( format('{metadata_home}/'), owner=params.metadata_user, group=params.user_group, recursive_ownership=True, )
def setup_ranger_audit_solr(): import params if params.security_enabled and params.stack_supports_ranger_kerberos: if params.solr_jaas_file is not None: File(format("{solr_jaas_file}"), content=Template("ranger_solr_jaas_conf.j2"), owner=params.unix_user) try: check_znode() if params.stack_supports_ranger_solr_configs: Logger.info( 'Solr configrations supported,creating solr-configurations.') File(format("{ranger_solr_conf}/solrconfig.xml"), content=InlineTemplate(params.ranger_solr_config_content), owner=params.unix_user, group=params.unix_group, mode=0644) solr_cloud_util.upload_configuration_to_zk( zookeeper_quorum=params.zookeeper_quorum, solr_znode=params.solr_znode, config_set=params.ranger_solr_config_set, config_set_dir=params.ranger_solr_conf, tmp_dir=params.tmp_dir, java64_home=params.java_home, solrconfig_content=InlineTemplate( params.ranger_solr_config_content), jaas_file=params.solr_jaas_file, retry=30, interval=5) else: Logger.info( 'Solr configrations not supported, skipping solr-configurations.' ) solr_cloud_util.upload_configuration_to_zk( zookeeper_quorum=params.zookeeper_quorum, solr_znode=params.solr_znode, config_set=params.ranger_solr_config_set, config_set_dir=params.ranger_solr_conf, tmp_dir=params.tmp_dir, java64_home=params.java_home, jaas_file=params.solr_jaas_file, retry=30, interval=5) if params.security_enabled and params.has_infra_solr \ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos: solr_cloud_util.add_solr_roles( params.config, roles=[ params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev ], new_service_principals=[params.ranger_admin_jaas_principal]) service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'), ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')] service_principals = get_ranger_plugin_principals( service_default_principals_map) solr_cloud_util.add_solr_roles( params.config, roles=[ params.infra_solr_role_ranger_audit, params.infra_solr_role_dev ], new_service_principals=service_principals) solr_cloud_util.create_collection( zookeeper_quorum=params.zookeeper_quorum, solr_znode=params.solr_znode, collection=params.ranger_solr_collection_name, config_set=params.ranger_solr_config_set, java64_home=params.java_home, shards=params.ranger_solr_shards, replication_factor=int(params.replication_factor), jaas_file=params.solr_jaas_file) if params.security_enabled and params.has_infra_solr \ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos: secure_znode( format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file) secure_znode( format( '{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file) except ExecutionFailed as execution_exception: Logger.error( 'Error when configuring Solr for Ranger, Kindly check Solr/Zookeeper services to be up and running:\n {0}' .format(execution_exception))
def metadata(type='server'): import params # Needed by both Server and Client Directory(params.conf_dir, mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) if type == "server": Directory([params.pid_dir], mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) Directory(format('{conf_dir}/solr'), mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True, recursive_ownership=True) Directory(params.log_dir, mode=0755, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) Directory(params.data_dir, mode=0644, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) Directory(params.expanded_war_dir, mode=0644, cd_access='a', owner=params.metadata_user, group=params.user_group, create_parents=True) File(format("{expanded_war_dir}/atlas.war"), content=StaticFile( format('{metadata_home}/server/webapp/atlas.war'))) File(format("{conf_dir}/atlas-log4j.xml"), mode=0644, owner=params.metadata_user, group=params.user_group, content=InlineTemplate(params.metadata_log4j_content)) File(format("{conf_dir}/atlas-env.sh"), owner=params.metadata_user, group=params.user_group, mode=0644, content=InlineTemplate(params.metadata_env_content)) if not is_empty(params.atlas_admin_username) and not is_empty( params.atlas_admin_password): psswd_output = hashlib.sha256( params.atlas_admin_password).hexdigest() ModifyPropertiesFile( format("{conf_dir}/users-credentials.properties"), properties={ format('{atlas_admin_username}'): format('ROLE_ADMIN::{psswd_output}') }, owner=params.metadata_user) files_to_chown = [ format("{conf_dir}/atlas-simple-authz-policy.json"), format("{conf_dir}/users-credentials.properties") ] for file in files_to_chown: if os.path.exists(file): Execute( ('chown', format('{metadata_user}:{user_group}'), file), sudo=True) Execute(('chmod', '640', file), sudo=True) if params.metadata_solrconfig_content: File(format("{conf_dir}/solr/solrconfig.xml"), mode=0644, owner=params.metadata_user, group=params.user_group, content=InlineTemplate(params.metadata_solrconfig_content)) generate_logfeeder_input_config( 'atlas', Template("input.config-atlas.json.j2", extra_imports=[default])) # Needed by both Server and Client PropertiesFile(format('{conf_dir}/{conf_file}'), properties=params.application_properties, mode=0600, owner=params.metadata_user, group=params.user_group) if params.security_enabled: TemplateConfig(format(params.atlas_jaas_file), owner=params.metadata_user) if type == 'server' and params.search_backend_solr and params.has_infra_solr: solr_cloud_util.setup_solr_client(params.config) check_znode() jaasFile = params.atlas_jaas_file if params.security_enabled else None upload_conf_set('atlas_configs', jaasFile) if params.security_enabled: # update permissions before creating the collections solr_cloud_util.add_solr_roles( params.config, roles=[ params.infra_solr_role_atlas, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev ], new_service_principals=[params.atlas_jaas_principal]) create_collection('vertex_index', 'atlas_configs', jaasFile) create_collection('edge_index', 'atlas_configs', jaasFile) create_collection('fulltext_index', 'atlas_configs', jaasFile) if params.security_enabled: secure_znode(format('{infra_solr_znode}/configs/atlas_configs'), jaasFile) secure_znode(format('{infra_solr_znode}/collections/vertex_index'), jaasFile) secure_znode(format('{infra_solr_znode}/collections/edge_index'), jaasFile) secure_znode( format('{infra_solr_znode}/collections/fulltext_index'), jaasFile) File(params.atlas_hbase_setup, group=params.user_group, owner=params.hbase_user, content=Template("atlas_hbase_setup.rb.j2")) is_atlas_upgrade_support = True if is_atlas_upgrade_support and params.security_enabled: File(params.atlas_kafka_setup, group=params.user_group, owner=params.kafka_user, content=Template("atlas_kafka_acl.sh.j2")) # files required only in case if kafka broker is not present on the host as configured component if not params.host_with_kafka: File(format("{kafka_conf_dir}/kafka-env.sh"), owner=params.kafka_user, content=InlineTemplate(params.kafka_env_sh_template)) File(format("{kafka_conf_dir}/kafka_jaas.conf"), group=params.user_group, owner=params.kafka_user, content=Template("kafka_jaas.conf.j2")) if params.stack_supports_atlas_hdfs_site_on_namenode_ha and len( params.namenode_host) > 1: XmlConfig( "hdfs-site.xml", conf_dir=params.conf_dir, configurations=params.config['configurations']['hdfs-site'], configuration_attributes=params.config['configurationAttributes'] ['hdfs-site'], owner=params.metadata_user, group=params.user_group, mode=0644) else: File(format('{conf_dir}/hdfs-site.xml'), action="delete") if params.stack_supports_atlas_core_site and params.has_namenode: XmlConfig( "core-site.xml", conf_dir=params.conf_dir, configurations=params.config['configurations']['core-site'], configuration_attributes=params.config['configurationAttributes'] ['core-site'], owner=params.metadata_user, group=params.user_group, mode=0644, xml_include_file=params.mount_table_xml_inclusion_file_full_path) if params.mount_table_content: File(params.mount_table_xml_inclusion_file_full_path, owner=params.metadata_user, group=params.user_group, content=params.mount_table_content, mode=0644) Directory( format('{metadata_home}/'), owner=params.metadata_user, group=params.user_group, recursive_ownership=True, )