AMBARI-11279. Ranger installation fails on HDP 2.2 (Gautam Borad via ncole)

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py

@@ -267,13 +267,10 @@ if has_ranger_admin:
     'assetType': '2'
   }
 
-  if xml_configurations_supported:
-    xa_audit_db_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.db.is.enabled']
-    ssl_keystore_file_path = config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore']
-    ssl_truststore_file_path = config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore']
-    ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-    ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-    credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+  xa_audit_db_is_enabled = config['configurations']['ranger-hbase-audit']['xasecure.audit.db.is.enabled'] if xml_configurations_supported else None
+  ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
+  ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
+  credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
 
 # Used to dynamically set the hbase-site props that are referenced during Kerbenization
 if security_enabled:

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py

@@ -430,10 +430,7 @@ if has_ranger_admin:
     'assetType': '1'
   }
   
-  if xml_configurations_supported:
-    xa_audit_db_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.db.is.enabled']
-    ssl_keystore_file_path = config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.keystore']
-    ssl_truststore_file_path = config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.truststore']
-    ssl_keystore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-    ssl_truststore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-    credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+  xa_audit_db_is_enabled = config['configurations']['ranger-hdfs-audit']['xasecure.audit.db.is.enabled'] if xml_configurations_supported else None
+  ssl_keystore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
+  ssl_truststore_password = unicode(config['configurations']['ranger-hdfs-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
+  credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py

@@ -457,11 +457,9 @@ if has_ranger_admin:
   }
 
   xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
+  
+  xa_audit_db_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.db.is.enabled'] if xml_configurations_supported else None
+  ssl_keystore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
+  ssl_truststore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
+  credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None
 
-  if xml_configurations_supported:
-    xa_audit_db_is_enabled = config['configurations']['ranger-hive-audit']['xasecure.audit.db.is.enabled']
-    ssl_keystore_file_path = config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.keystore']
-    ssl_truststore_file_path = config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.truststore']
-    ssl_keystore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-    ssl_truststore_password = unicode(config['configurations']['ranger-hive-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-    credential_file = format('/etc/ranger/{repo_name}/cred.jceks')

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py

@@ -226,11 +226,8 @@ if has_ranger_admin:
     'repositoryType': 'knox',
     'assetType': '5',
     }
-
-  if xml_configurations_supported:
-    xa_audit_db_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.db.is.enabled']
-    ssl_keystore_file_path = config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.keystore']
-    ssl_truststore_file_path = config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.truststore']
-    ssl_keystore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-    ssl_truststore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-    credential_file = format('/etc/ranger/{repo_name}/cred.jceks') 
+  
+  xa_audit_db_is_enabled = config['configurations']['ranger-knox-audit']['xasecure.audit.db.is.enabled'] if xml_configurations_supported else None
+  ssl_keystore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
+  ssl_truststore_password = unicode(config['configurations']['ranger-knox-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
+  credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py

@@ -51,14 +51,17 @@ stack_is_hdp23_or_further = Script.is_hdp_stack_greater_or_equal("2.3")
 
 if stack_is_hdp22_or_further:
   ranger_home    = '/usr/hdp/current/ranger-admin'
-  ranger_conf    = '/usr/hdp/current/ranger-admin/conf'
+  ranger_conf    = '/etc/ranger/admin/conf'
   ranger_stop    = '/usr/bin/ranger-admin-stop'
   ranger_start   = '/usr/bin/ranger-admin-start'
   usersync_home  = '/usr/hdp/current/ranger-usersync'
   usersync_start = '/usr/bin/ranger-usersync-start'
   usersync_stop  = '/usr/bin/ranger-usersync-stop'
   ranger_ugsync_conf = '/etc/ranger/usersync/conf'
-  
+
+if stack_is_hdp23_or_further:
+  ranger_conf    = '/usr/hdp/current/ranger-admin/conf'
+
 usersync_services_file = "/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh"
 
 java_home = config['hostLevelParams']['java_home']

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py

@@ -211,11 +211,8 @@ if has_ranger_admin:
     'repositoryType': 'storm',
     'assetType': '6'
   }
-  
-  if xml_configurations_supported:
-    xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.db.is.enabled']
-    ssl_keystore_file_path = config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore']
-    ssl_truststore_file_path = config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore']
-    ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-    ssl_truststore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-    credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+    
+  xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.db.is.enabled'] if xml_configurations_supported else None
+  ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
+  ssl_truststore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
+  credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None

ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py

@@ -271,7 +271,7 @@ ranger_admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir"
 is_supported_yarn_ranger = config['configurations']['yarn-env']['is_supported_yarn_ranger']
 
 #ranger yarn properties
-if has_ranger_admin:
+if has_ranger_admin and is_supported_yarn_ranger:
 
   enable_ranger_yarn = (config['configurations']['ranger-yarn-plugin-properties']['ranger-yarn-plugin-enabled'].lower() == 'yes')
   policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
@@ -332,10 +332,8 @@ if has_ranger_admin:
   driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
   driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
 
-  if xml_configurations_supported:
-    xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.db.is.enabled']
-    ssl_keystore_file_path = config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.keystore']
-    ssl_truststore_file_path = config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.truststore']
-    ssl_keystore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-    ssl_truststore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-    credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+  xa_audit_db_is_enabled = config['configurations']['ranger-yarn-audit']['xasecure.audit.db.is.enabled'] if xml_configurations_supported else None
+  ssl_keystore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
+  ssl_truststore_password = unicode(config['configurations']['ranger-yarn-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) if xml_configurations_supported else None
+  credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported else None

ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py

@@ -124,10 +124,10 @@ class TestRangerAdmin(RMFTestCase):
         logoutput = True,
         environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
     )
-    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/conf/xa_system.properties',
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties',
         properties = self.getConfig()['configurations']['ranger-site'],
     )
-    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/conf/ranger_webserver.properties',
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties',
         mode = 0744,
         properties = self.getConfig()['configurations']['ranger-site']
     )
@@ -153,10 +153,10 @@ class TestRangerAdmin(RMFTestCase):
         logoutput = True,
         environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
     )
-    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/conf/xa_system.properties',
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties',
         properties = self.getConfig()['configurations']['ranger-site'],
     )
-    self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/conf/ranger_webserver.properties',
+    self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties',
         mode = 0744,
         properties = self.getConfig()['configurations']['ranger-site']
     )