AMBARI-16668: Create RANGER service versions in common-services (jluniya)

ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml

@@ -70,18 +70,60 @@
         </component>
 
       </components>
-
       <configuration-dependencies>
         <config-type>admin-properties</config-type>
         <config-type>ranger-site</config-type>
         <config-type>usersync-properties</config-type>
       </configuration-dependencies>
-
       <commandScript>
         <script>scripts/service_check.py</script>
         <scriptType>PYTHON</scriptType>
         <timeout>300</timeout>
       </commandScript>
+      <themes>
+        <theme>
+          <fileName>theme_version_1.json</fileName>
+          <default>true</default>
+        </theme>
+      </themes>
+      <osSpecifics>
+        <osSpecific>
+          <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+          <packages>
+            <package>
+              <name>ranger_${stack_version}-admin</name>
+            </package>
+            <package>
+              <name>ranger_${stack_version}-usersync</name>
+            </package>
+            <package>
+              <name>ranger_${stack_version}-tagsync</name>
+              <condition>should_install_ranger_tagsync</condition>
+            </package>
+          </packages>
+        </osSpecific>
+        <osSpecific>
+          <osFamily>debian7,ubuntu12,ubuntu14</osFamily>
+          <packages>
+            <package>
+              <name>ranger-${stack_version}-admin</name>
+            </package>
+            <package>
+              <name>ranger-${stack_version}-usersync</name>
+            </package>
+            <package>
+              <name>ranger-${stack_version}-tagsync</name>
+              <condition>should_install_ranger_tagsync</condition>
+            </package>
+          </packages>
+        </osSpecific>
+      </osSpecifics>
+      <quickLinksConfigurations>
+        <quickLinksConfiguration>
+          <fileName>quicklinks.json</fileName>
+          <default>true</default>
+        </quickLinksConfiguration>
+      </quickLinksConfigurations>
 
     </service>
   </services>

ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml

@@ -0,0 +1,455 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<configuration supports_final="true">
+
+  <property>
+    <name>ranger.usersync.port</name>
+    <value>5151</value>
+    <description>Port for unix authentication service, run within usersync</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ssl</name>
+    <value>true</value>
+    <description>SSL enabled? (ranger admin -&gt; usersync communication)</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.keystore.file</name>
+    <value>/etc/ranger/usersync/conf/unixauthservice.jks</value>
+    <description>Keystore file used for usersync</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.keystore.password</name>
+    <value>UnIx529p</value>
+    <property-type>PASSWORD</property-type>
+    <description>Keystore password</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.truststore.file</name>
+    <value>/etc/ranger/usersync/conf/mytruststore.jks</value>
+    <description>Truststore used for usersync, required if usersync -&gt; ranger admin communication is SSL enabled</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.truststore.password</name>
+    <value>changeit</value>
+    <property-type>PASSWORD</property-type>
+    <description>Truststore password</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.passwordvalidator.path</name>
+    <value>./native/credValidator.uexe</value>
+    <description>Native program for password validation</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.enabled</name>
+    <display-name>Enable User Sync</display-name>
+    <value>true</value>
+    <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.sink.impl.class</name>
+    <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
+    <description>Class to be used as sink (to sync users into ranger admin)</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.policymanager.baseURL</name>
+    <value>{{ranger_external_url}}</value>
+    <description>URL to be used by clients to access ranger admin, use FQDN</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
+    <value>1000</value>
+    <description>How many records to be returned per API call</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.policymanager.mockrun</name>
+    <value>false</value>
+    <description>Is user sync doing mock run?</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.unix.minUserId</name>
+    <display-name>Minimum User ID</display-name>
+    <value>500</value>
+    <description>Only sync users above this user id (applicable for UNIX)</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.unix.group.file</name>
+    <display-name>Group File</display-name>
+    <value>/etc/group</value>
+    <description>Location of the groups file on the linux server</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.unix.password.file</name>
+    <display-name>Password File</display-name>
+    <value>/etc/passwd</value>
+    <description>Location of the password file on the linux server</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
+    <value>60000</value>
+    <description>Sleeptime interval in milliseconds, if &lt; 6000 then default to 1 min</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.source.impl.class</name>
+    <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+    <display-name>Sync Source</display-name>
+    <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
+    <value-attributes>
+      <type>value-list</type>
+      <empty-value-valid>true</empty-value-valid>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+          <label>UNIX</label>
+        </entry>
+        <entry>
+          <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value>
+          <label>FILE</label>
+        </entry>
+        <entry>
+          <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
+          <label>LDAP/AD</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.filesource.file</name>
+    <display-name>File Name</display-name>
+    <value>/tmp/usergroup.txt</value>
+    <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.filesource.text.delimiter</name>
+    <display-name>Delimiter</display-name>
+    <value>,</value>
+    <description>Delimiter used in file, if File based user sync is used</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.url</name>
+    <display-name>LDAP/AD URL</display-name>
+    <value></value>
+    <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.binddn</name>
+    <display-name>​Bind User</display-name>
+    <value></value>
+    <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.ldapbindpassword</name>
+    <display-name>Bind User Password</display-name>
+    <value></value>
+    <property-type>PASSWORD</property-type>
+    <description>Password for the LDAP bind user used for searching users.</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.bindalias</name>
+    <value>testldapalias</value>
+    <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.bindkeystore</name>
+    <value></value>
+    <description>Set same value as ranger.usersync.keystore.file property i.e default value /etc/ranger/usersync/conf/ugsync.jceks</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.searchBase</name>
+    <value>dc=hadoop,dc=apache,dc=org</value>
+    <description>"# search base for users and groups
+# sample value would be dc=hadoop,dc=apache,dc=org"</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.user.searchbase</name>
+    <display-name>User Search Base</display-name>
+    <value></value>
+    <description>"# search base for users
+# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase"</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.user.searchscope</name>
+    <display-name>User Search Scope</display-name>
+    <value>sub</value>
+    <description>"# search scope for the users, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.user.objectclass</name>
+    <display-name>User Object Class​</display-name>
+    <value>person</value>
+    <description>LDAP User Object Class. Example: person or user</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.user.searchfilter</name>
+    <display-name>​User Search Filter</display-name>
+    <value></value>
+    <description>"optional additional filter constraining the users selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.user.nameattribute</name>
+    <display-name>Username Attribute</display-name>
+    <value></value>
+    <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.referral</name>
+    <value>ignore</value>
+    <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.user.groupnameattribute</name>
+    <display-name>User Group Name Attribute</display-name>
+    <value>memberof, ismemberof</value>
+    <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.username.caseconversion</name>
+    <value>none</value>
+    <description>User name case conversion</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.ldap.groupname.caseconversion</name>
+    <value>none</value>
+    <description>Group name case conversion</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.logdir</name>
+    <value>{{usersync_log_dir}}</value>
+    <description>User sync log directory</description>
+    <value-attributes>
+      <visible>false</visible>
+      <overridable>false</overridable>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.searchenabled</name>
+    <display-name>Enable Group Sync</display-name>
+    <value>false</value>
+    <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+# valid values: true, false
+# any value other than true would be treated as false
+# default value: false"</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.usermapsyncenabled</name>
+    <value>true</value>
+    <display-name>Group User Map Sync</display-name>
+    <description>Sync specific groups for users?</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.searchbase</name>
+    <display-name>Group Search Base</display-name>
+    <value></value>
+    <description>"# search base for groups
+# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase,  ranger.usersync.ldap.user.searchbase
+# if a value is not specified, takes the value of  ranger.usersync.ldap.searchBase
+# if  ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.searchscope</name>
+    <value></value>
+    <description>"# search scope for the groups, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.objectclass</name>
+    <display-name>Group Object Class</display-name>
+    <value></value>
+    <description>LDAP Group object class. Example: group</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.searchfilter</name>
+    <value></value>
+    <display-name>Group Search Filter</display-name>
+    <description>"# optional additional filter constraining the groups selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.nameattribute</name>
+    <display-name>Group Name Attribute</display-name>
+    <value></value>
+    <description>LDAP group name attribute. Example: cn</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.group.memberattributename</name>
+    <display-name>Group Member Attribute</display-name>
+    <value></value>
+    <description>LDAP group member attribute name. Example: member</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.pagedresultsenabled</name>
+    <value>true</value>
+    <description>Results can be paged?</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.pagedresultssize</name>
+    <value>500</value>
+    <description>Page size</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.credstore.filename</name>
+    <value>/etc/ranger/usersync/conf/ugsync.jceks</value>
+    <description>Credential store file name for user sync, specify full path</description>
+  </property>                         
+
+</configuration>  

ambari-server/src/main/resources/common-services/RANGER/0.5.0/metainfo.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+  <schemaVersion>2.0</schemaVersion>
+  <services>
+    <service>
+      <name>RANGER</name>
+      <displayName>Ranger</displayName>
+      <comment>Comprehensive security for Hadoop</comment>
+      <extends>common-services/RANGER/0.4.0</extends>
+      <version>0.5.0</version>
+      <themes>
+        <theme>
+          <fileName>theme_version_2.json</fileName>
+          <default>true</default>
+        </theme>
+      </themes>
+
+      <configuration-dependencies>
+        <config-type>ranger-admin-site</config-type>
+        <config-type>ranger-ugsync-site</config-type>
+      </configuration-dependencies>
+
+      <quickLinksConfigurations>
+        <quickLinksConfiguration>
+          <fileName>quicklinks.json</fileName>
+          <default>true</default>
+        </quickLinksConfiguration>
+      </quickLinksConfigurations>
+    </service>
+  </services>
+</metainfo>

ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml

@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="true">
+
+  <property>
+    <name>ranger.tagsync.logdir</name>
+    <value>/var/log/ranger/tagsync</value>
+    <description>Ranger Log dir</description>
+    <value-attributes>
+      <type>directory</type>
+      <overridable>false</overridable>
+      <editable-only-at-install>true</editable-only-at-install>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.dest.ranger.endpoint</name>
+    <value>{{ranger_external_url}}</value>
+    <description>Ranger TagAdmin REST URL</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.atlas</name>
+    <display-name>Enable Atlas Tag Source</display-name>
+    <value>false</value>
+    <description></description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>application-properties</type>
+        <name>atlas.server.bind.address</name>
+      </property>
+    </depends-on>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.atlasrest</name>
+    <display-name>Enable AtlasRest Tag Source</display-name>
+    <value>false</value>
+    <description></description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.file</name>
+    <display-name>Enable File Tag Source</display-name>
+    <value>false</value>
+    <description></description>
+    <value-attributes>
+      <type>boolean</type>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.file.check.interval.millis</name>
+    <display-name>File Source: File update polling interval</display-name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.atlasrest.download.interval.millis</name>
+    <display-name>AtlasREST Source: Atlas source download interval</display-name>
+    <value></value>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
+    <value>/etc/ranger/tagsync/conf/mytruststore.jks</value>
+    <description>Truststore used for tagsync, required if tagsync -&gt; ranger admin communication is SSL enabled</description>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.file.filename</name>
+    <display-name>File Source: Filename</display-name>
+    <value></value>
+    <description>File Source Filename</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.keystore.filename</name>
+    <value>/etc/ranger/tagsync/conf/rangertagsync.jceks</value>
+    <description>Keystore file</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.atlas.to.ranger.service.mapping</name>
+    <value></value>
+    <description>Service Mapping</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.source.atlasrest.endpoint</name>
+    <display-name>AtlasREST Source: Atlas endpoint</display-name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.atlas.custom.resource.mappers</name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.kerberos.principal</name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.kerberos.keytab</name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.tagsync.dest.ranger.username</name>
+    <value>rangertagsync</value>
+    <description></description>
+  </property>
+
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-ugsync-site.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<configuration>
+
+  <property>
+    <name>ranger.usersync.kerberos.principal</name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.kerberos.keytab</name>
+    <value></value>
+    <description></description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+  </property>
+
+  <property>
+    <name>ranger.usersync.policymgr.username</name>
+    <value>rangerusersync</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.policymgr.alias</name>
+    <value>ranger.usersync.policymgr.password</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.policymgr.keystore</name>
+    <value>/etc/ranger/usersync/conf/ugsync.jceks</value>
+    <description></description>
+  </property>
+
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.6.0/metainfo.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+  <schemaVersion>2.0</schemaVersion>
+  <services>
+    <service>
+      <name>RANGER</name>
+      <extends>common-services/RANGER/0.5.0</extends>
+      <version>0.6.0</version>
+
+      <components>
+        <component>
+          <name>RANGER_TAGSYNC</name>
+          <displayName>Ranger Tagsync</displayName>
+          <category>SLAVE</category>
+          <cardinality>0-1</cardinality>
+          <versionAdvertised>true</versionAdvertised>
+          <commandScript>
+            <script>scripts/ranger_tagsync.py</script>
+            <scriptType>PYTHON</scriptType>
+            <timeout>600</timeout>
+          </commandScript>
+          <configuration-dependencies>
+            <config-type>ranger-tagsync-site</config-type>
+            <config-type>tagsync-application-properties</config-type>
+          </configuration-dependencies>
+        </component>
+      </components>
+
+      <themes>
+        <theme>
+          <fileName>theme_version_3.json</fileName>
+          <default>true</default>
+        </theme>
+      </themes>
+
+    </service>
+  </services>
+</metainfo>

ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/metainfo.xml

@@ -24,50 +24,7 @@
     <service>
       <name>RANGER</name>
       <extends>common-services/RANGER/0.4.0</extends>
-      <themes>
-        <theme>
-          <fileName>theme_version_1.json</fileName>
-          <default>true</default>
-        </theme>
-      </themes>
-      <osSpecifics>
-        <osSpecific>
-          <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
-          <packages>
-            <package>
-              <name>ranger_${stack_version}-admin</name>
-            </package>
-            <package>
-              <name>ranger_${stack_version}-usersync</name>
-            </package>
-            <package>
-              <name>ranger_${stack_version}-tagsync</name>
-              <condition>should_install_ranger_tagsync</condition>
-            </package>
-          </packages>
-        </osSpecific>
-        <osSpecific>
-          <osFamily>debian7,ubuntu12,ubuntu14</osFamily>
-          <packages>
-            <package>
-              <name>ranger-${stack_version}-admin</name>
-            </package>
-            <package>
-              <name>ranger-${stack_version}-usersync</name>
-            </package>
-            <package>
-              <name>ranger-${stack_version}-tagsync</name>
-              <condition>should_install_ranger_tagsync</condition>
-            </package>
-          </packages>
-        </osSpecific>
-      </osSpecifics>
-      <quickLinksConfigurations>
-        <quickLinksConfiguration>
-          <fileName>quicklinks.json</fileName>
-          <default>true</default>
-        </quickLinksConfiguration>
-      </quickLinksConfigurations>
+      <version>0.5.0.2.2</version>
     </service>
   </services>
 </metainfo>

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml

@@ -18,202 +18,18 @@
 
 <configuration supports_final="true">
 
-  <property>
-    <name>ranger.usersync.port</name>
-    <value>5151</value>
-    <description>Port for unix authentication service, run within usersync</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ssl</name>
-    <value>true</value>
-    <description>SSL enabled? (ranger admin -&gt; usersync communication)</description>
-  </property>
-
   <property>
     <name>ranger.usersync.keystore.file</name>
     <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
     <description>Keystore file used for usersync</description>
   </property>
 
-  <property>
-    <name>ranger.usersync.keystore.password</name>
-    <value>UnIx529p</value>
-    <property-type>PASSWORD</property-type>
-    <description>Keystore password</description>
-    <value-attributes>
-      <type>password</type>
-    </value-attributes>
-  </property>
-
   <property>
     <name>ranger.usersync.truststore.file</name>
     <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
     <description>Truststore used for usersync, required if usersync -&gt; ranger admin communication is SSL enabled</description>
   </property>
 
-  <property>
-    <name>ranger.usersync.truststore.password</name>
-    <value>changeit</value>
-    <property-type>PASSWORD</property-type>
-    <description>Truststore password</description>
-    <value-attributes>
-      <type>password</type>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.passwordvalidator.path</name>
-    <value>./native/credValidator.uexe</value>
-    <description>Native program for password validation</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.enabled</name>
-    <display-name>Enable User Sync</display-name>
-    <value>true</value>
-    <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-      <type>value-list</type>
-      <overridable>false</overridable>
-      <entries>
-        <entry>
-          <value>true</value>
-          <label>Yes</label>
-        </entry>
-        <entry>
-          <value>false</value>
-          <label>No</label>
-        </entry>
-      </entries>
-      <selection-cardinality>1</selection-cardinality>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.sink.impl.class</name>
-    <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
-    <description>Class to be used as sink (to sync users into ranger admin)</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.policymanager.baseURL</name>
-    <value>{{ranger_external_url}}</value>
-    <description>URL to be used by clients to access ranger admin, use FQDN</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
-    <value>1000</value>
-    <description>How many records to be returned per API call</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.policymanager.mockrun</name>
-    <value>false</value>
-    <description>Is user sync doing mock run?</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.unix.minUserId</name>
-    <display-name>Minimum User ID</display-name>
-    <value>500</value>
-    <description>Only sync users above this user id (applicable for UNIX)</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.unix.group.file</name>
-    <display-name>Group File</display-name>
-    <value>/etc/group</value>
-    <description>Location of the groups file on the linux server</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.unix.password.file</name>
-    <display-name>Password File</display-name>
-    <value>/etc/passwd</value>
-    <description>Location of the password file on the linux server</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
-    <value>60000</value>
-    <description>Sleeptime interval in milliseconds, if &lt; 6000 then default to 1 min</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.source.impl.class</name>
-    <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
-    <display-name>Sync Source</display-name>
-    <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
-    <value-attributes>
-      <type>value-list</type>
-      <empty-value-valid>true</empty-value-valid>
-      <overridable>false</overridable>
-      <entries>
-        <entry>
-          <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
-          <label>UNIX</label>
-        </entry>
-        <entry>
-          <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value>
-          <label>FILE</label>
-        </entry>
-        <entry>
-          <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
-          <label>LDAP/AD</label>
-        </entry>
-      </entries>
-      <selection-cardinality>1</selection-cardinality>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.filesource.file</name>
-    <display-name>File Name</display-name>
-    <value>/tmp/usergroup.txt</value>
-    <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.filesource.text.delimiter</name>
-    <display-name>Delimiter</display-name>
-    <value>,</value>
-    <description>Delimiter used in file, if File based user sync is used</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.url</name>
-    <display-name>LDAP/AD URL</display-name>
-    <value></value>
-    <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.binddn</name>
-    <display-name>​Bind User</display-name>
-    <value></value>
-    <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.ldapbindpassword</name>
-    <display-name>Bind User Password</display-name>
-    <value></value>
-    <property-type>PASSWORD</property-type>
-    <description>Password for the LDAP bind user used for searching users.</description>
-    <value-attributes>
-      <type>password</type>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.bindalias</name>
-    <value>testldapalias</value>
-    <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
-  </property>
-
   <property>
     <name>ranger.usersync.ldap.bindkeystore</name>
     <value></value>
@@ -223,233 +39,10 @@
     </value-attributes>
   </property>
 
-  <property>
-    <name>ranger.usersync.ldap.searchBase</name>
-    <value>dc=hadoop,dc=apache,dc=org</value>
-    <description>"# search base for users and groups
-# sample value would be dc=hadoop,dc=apache,dc=org"</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.user.searchbase</name>
-    <display-name>User Search Base</display-name>
-    <value></value>
-    <description>"# search base for users
-# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
-# overrides value specified in ranger.usersync.ldap.searchBase"</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.user.searchscope</name>
-    <display-name>User Search Scope</display-name>
-    <value>sub</value>
-    <description>"# search scope for the users, only base, one and sub are supported values
-# please customize the value to suit your deployment
-# default value: sub"</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.user.objectclass</name>
-    <display-name>User Object Class​</display-name>
-    <value>person</value>
-    <description>LDAP User Object Class. Example: person or user</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.user.searchfilter</name>
-    <display-name>​User Search Filter</display-name>
-    <value></value>
-    <description>"optional additional filter constraining the users selected for syncing
-# a sample value would be (dept=eng)
-# please customize the value to suit your deployment
-# default value is empty"</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.user.nameattribute</name>
-    <display-name>Username Attribute</display-name>
-    <value></value>
-    <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.referral</name>
-    <value>ignore</value>
-    <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.user.groupnameattribute</name>
-    <display-name>User Group Name Attribute</display-name>
-    <value>memberof, ismemberof</value>
-    <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.username.caseconversion</name>
-    <value>none</value>
-    <description>User name case conversion</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.ldap.groupname.caseconversion</name>
-    <value>none</value>
-    <description>Group name case conversion</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.logdir</name>
-    <value>{{usersync_log_dir}}</value>
-    <description>User sync log directory</description>
-    <value-attributes>
-      <visible>false</visible>
-      <overridable>false</overridable>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.searchenabled</name>
-    <display-name>Enable Group Sync</display-name>
-    <value>false</value>
-    <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
-# valid values: true, false
-# any value other than true would be treated as false
-# default value: false"</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-      <type>value-list</type>
-      <overridable>false</overridable>
-      <entries>
-        <entry>
-          <value>true</value>
-          <label>Yes</label>
-        </entry>
-        <entry>
-          <value>false</value>
-          <label>No</label>
-        </entry>
-      </entries>
-      <selection-cardinality>1</selection-cardinality>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.usermapsyncenabled</name>
-    <value>true</value>
-    <display-name>Group User Map Sync</display-name>
-    <description>Sync specific groups for users?</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-      <type>value-list</type>
-      <overridable>false</overridable>
-      <entries>
-        <entry>
-          <value>true</value>
-          <label>Yes</label>
-        </entry>
-        <entry>
-          <value>false</value>
-          <label>No</label>
-        </entry>
-      </entries>
-      <selection-cardinality>1</selection-cardinality>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.searchbase</name>
-    <display-name>Group Search Base</display-name>
-    <value></value>
-    <description>"# search base for groups
-# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
-# overrides value specified in ranger.usersync.ldap.searchBase,  ranger.usersync.ldap.user.searchbase
-# if a value is not specified, takes the value of  ranger.usersync.ldap.searchBase
-# if  ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.searchscope</name>
-    <value></value>
-    <description>"# search scope for the groups, only base, one and sub are supported values
-# please customize the value to suit your deployment
-# default value: sub"</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.objectclass</name>
-    <display-name>Group Object Class</display-name>
-    <value></value>
-    <description>LDAP Group object class. Example: group</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.searchfilter</name>
-    <value></value>
-    <display-name>Group Search Filter</display-name>
-    <description>"# optional additional filter constraining the groups selected for syncing
-# a sample value would be (dept=eng)
-# please customize the value to suit your deployment
-# default value is empty"</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.nameattribute</name>
-    <display-name>Group Name Attribute</display-name>
-    <value></value>
-    <description>LDAP group name attribute. Example: cn</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.group.memberattributename</name>
-    <display-name>Group Member Attribute</display-name>
-    <value></value>
-    <description>LDAP group member attribute name. Example: member</description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.pagedresultsenabled</name>
-    <value>true</value>
-    <description>Results can be paged?</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-      <type>value-list</type>
-      <overridable>false</overridable>
-      <entries>
-        <entry>
-          <value>true</value>
-          <label>Yes</label>
-        </entry>
-        <entry>
-          <value>false</value>
-          <label>No</label>
-        </entry>
-      </entries>
-      <selection-cardinality>1</selection-cardinality>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.usersync.pagedresultssize</name>
-    <value>500</value>
-    <description>Page size</description>
-  </property>
-
   <property>
     <name>ranger.usersync.credstore.filename</name>
     <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
     <description>Credential store file name for user sync, specify full path</description>
-  </property>                         
+  </property>
 
 </configuration>  

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/metainfo.xml

@@ -25,26 +25,8 @@
       <name>RANGER</name>
       <displayName>Ranger</displayName>
       <comment>Comprehensive security for Hadoop</comment>
+      <extends>common-services/RANGER/0.5.0</extends>
       <version>0.5.0.2.3</version>
-
-      <themes>
-        <theme>
-          <fileName>theme_version_2.json</fileName>
-          <default>true</default>
-        </theme>
-      </themes>
-
-      <configuration-dependencies>
-        <config-type>ranger-admin-site</config-type>
-        <config-type>ranger-ugsync-site</config-type>
-      </configuration-dependencies>
-
-      <quickLinksConfigurations>
-        <quickLinksConfiguration>
-          <fileName>quicklinks.json</fileName>
-          <default>true</default>
-        </quickLinksConfiguration>
-      </quickLinksConfigurations>
     </service>
   </services>
 </metainfo>

ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-tagsync-site.xml

@@ -21,97 +21,12 @@
 
 <configuration supports_final="true">
 
-  <property>
-    <name>ranger.tagsync.logdir</name>
-    <value>/var/log/ranger/tagsync</value>
-    <description>Ranger Log dir</description>
-    <value-attributes>
-      <type>directory</type>
-      <overridable>false</overridable>
-      <editable-only-at-install>true</editable-only-at-install>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.dest.ranger.endpoint</name>
-    <value>{{ranger_external_url}}</value>
-    <description>Ranger TagAdmin REST URL</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.source.atlas</name>
-    <display-name>Enable Atlas Tag Source</display-name>
-    <value>false</value>
-    <description></description>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-    <depends-on>
-      <property>
-        <type>application-properties</type>
-        <name>atlas.server.bind.address</name>
-      </property>
-    </depends-on>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.source.atlasrest</name>
-    <display-name>Enable AtlasRest Tag Source</display-name>
-    <value>false</value>
-    <description></description>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.source.file</name>
-    <display-name>Enable File Tag Source</display-name>
-    <value>false</value>
-    <description></description>
-    <value-attributes>
-      <type>boolean</type>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.source.file.check.interval.millis</name>
-    <display-name>File Source: File update polling interval</display-name>
-    <value></value>
-    <description></description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.source.atlasrest.download.interval.millis</name>
-    <display-name>AtlasREST Source: Atlas source download interval</display-name>
-    <value></value>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
   <property>
     <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
     <value>/usr/hdp/current/ranger-tagsync/conf/mytruststore.jks</value>
     <description>Truststore used for tagsync, required if tagsync -&gt; ranger admin communication is SSL enabled</description>
   </property>
 
-  <property>
-    <name>ranger.tagsync.source.file.filename</name>
-    <display-name>File Source: Filename</display-name>
-    <value></value>
-    <description>File Source Filename</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
   <property>
     <name>ranger.tagsync.keystore.filename</name>
     <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value>
@@ -121,56 +36,4 @@
     </value-attributes>
   </property>
 
-  <property>
-    <name>ranger.tagsync.atlas.to.ranger.service.mapping</name>
-    <value></value>
-    <description>Service Mapping</description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.source.atlasrest.endpoint</name>
-    <display-name>AtlasREST Source: Atlas endpoint</display-name>
-    <value></value>
-    <description></description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.atlas.custom.resource.mappers</name>
-    <value></value>
-    <description></description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.kerberos.principal</name>
-    <value></value>
-    <description></description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.kerberos.keytab</name>
-    <value></value>
-    <description></description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
-  </property>
-
-  <property>
-    <name>ranger.tagsync.dest.ranger.username</name>
-    <value>rangertagsync</value>
-    <description></description>
-  </property>
-
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/configuration/ranger-ugsync-site.xml

@@ -19,33 +19,30 @@
 <configuration>
 
   <property>
-    <name>ranger.usersync.kerberos.principal</name>
-    <value></value>
-    <description></description>
-    <value-attributes>
-      <empty-value-valid>true</empty-value-valid>
-    </value-attributes>
+    <name>ranger.usersync.keystore.file</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
+    <description>Keystore file used for usersync</description>
+  </property>
+
+  <property>
+    <name>ranger.usersync.truststore.file</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
+    <description>Truststore used for usersync, required if usersync -&gt; ranger admin communication is SSL enabled</description>
   </property>
 
   <property>
-    <name>ranger.usersync.kerberos.keytab</name>
+    <name>ranger.usersync.ldap.bindkeystore</name>
     <value></value>
-    <description></description>
+    <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
   </property>
 
   <property>
-    <name>ranger.usersync.policymgr.username</name>
-    <value>rangerusersync</value>
-    <description></description>
-  </property>
-
-  <property>
-    <name>ranger.usersync.policymgr.alias</name>
-    <value>ranger.usersync.policymgr.password</value>
-    <description></description>
+    <name>ranger.usersync.credstore.filename</name>
+    <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+    <description>Credential store file name for user sync, specify full path</description>
   </property>
 
   <property>

ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER/metainfo.xml

@@ -23,34 +23,8 @@
   <services>
     <service>
       <name>RANGER</name>
+      <extends>common-services/RANGER/0.6.0</extends>
       <version>0.6.0.2.5</version>
-
-      <components>
-        <component>
-          <name>RANGER_TAGSYNC</name>
-          <displayName>Ranger Tagsync</displayName>
-          <category>SLAVE</category>
-          <cardinality>0-1</cardinality>
-          <versionAdvertised>true</versionAdvertised>
-          <commandScript>
-            <script>scripts/ranger_tagsync.py</script>
-            <scriptType>PYTHON</scriptType>
-            <timeout>600</timeout>
-          </commandScript>
-          <configuration-dependencies>
-            <config-type>ranger-tagsync-site</config-type>
-            <config-type>tagsync-application-properties</config-type>
-          </configuration-dependencies>
-        </component>
-      </components>
-
-      <themes>
-        <theme>
-          <fileName>theme_version_3.json</fileName>
-          <default>true</default>
-        </theme>
-      </themes>
-
     </service>
   </services>
 </metainfo>