AMBARI-9188. Adhere to ambari's 2-space formatting rule.

AMBARI-9285. Add default values for ranger plugin properties.
AMBARI-9286. Stack advisor recommendations.
(Gautam Borad via yusaku)

ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py

@@ -24,21 +24,23 @@ import json
 from resource_management.core.logger import Logger
 import urllib2, base64, httplib
 
+
 class Rangeradmin:
   sInstance = None
-  def __init__(self, url= 'http://localhost:6080'):
-    
-    self.baseUrl      =  url 
-    self.urlLogin     = self.baseUrl + '/login.jsp'
+
+  def __init__(self, url='http://localhost:6080'):
+
+    self.baseUrl = url
+    self.urlLogin = self.baseUrl + '/login.jsp'
     self.urlLoginPost = self.baseUrl + '/j_spring_security_check'
-    self.urlRepos     = self.baseUrl + '/service/assets/assets'
-    self.urlReposPub  = self.baseUrl + '/service/public/api/repository'
-    self.urlPolicies  = self.baseUrl + '/service/public/api/policy'
-    self.urlGroups    = self.baseUrl + '/service/xusers/groups'
-    self.urlUsers     = self.baseUrl + '/service/xusers/users'   
-    self.urlSecUsers  = self.baseUrl + '/service/xusers/secure/users'   
-
-    self.session    = None
+    self.urlRepos = self.baseUrl + '/service/assets/assets'
+    self.urlReposPub = self.baseUrl + '/service/public/api/repository'
+    self.urlPolicies = self.baseUrl + '/service/public/api/policy'
+    self.urlGroups = self.baseUrl + '/service/xusers/groups'
+    self.urlUsers = self.baseUrl + '/service/xusers/users'
+    self.urlSecUsers = self.baseUrl + '/service/xusers/secure/users'
+
+    self.session = None
     self.isLoggedIn = False
 
   def get_repository_by_name_urllib2(self, name, component, status, usernamepassword):
@@ -46,11 +48,11 @@ class Rangeradmin:
       searchRepoURL = self.urlReposPub + "?name=" + name + "&type=" + component + "&status=" + status
       request = urllib2.Request(searchRepoURL)
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
-      request.add_header("Content-Type", "application/json")   
-      request.add_header("Accept", "application/json")  
-      request.add_header("Authorization", "Basic %s" % base64string)   
+      request.add_header("Content-Type", "application/json")
+      request.add_header("Accept", "application/json")
+      request.add_header("Authorization", "Basic %s" % base64string)
       result = urllib2.urlopen(request)
-      response_code =  result.getcode()
+      response_code = result.getcode()
       response = json.loads(result.read())
 
       if response_code == 200 and len(response['vXRepositories']) > 0:
@@ -63,10 +65,10 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-          Logger.error("HTTP Code: %s" % e.code)
-          Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: %s" % e.code)
+        Logger.error("HTTP Data: %s" % e.read())
       else:
-          Logger.error("Error : %s" % (e.reason))
+        Logger.error("Error : %s" % (e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -81,93 +83,96 @@ class Rangeradmin:
         "Content-Type": "application/json"
       }
       request = urllib2.Request(searchRepoURL, data, headers)
-      request.add_header("Authorization", "Basic %s" % base64string)   
+      request.add_header("Authorization", "Basic %s" % base64string)
       result = urllib2.urlopen(request)
-      response_code =  result.getcode()
+      response_code = result.getcode()
       response = json.loads(json.JSONEncoder().encode(result.read()))
-      if response_code == 200 :
+      if response_code == 200:
         Logger.info('Repository created Successfully')
-        #Get Policies 
-        repoData     = json.loads(data)
-        repoName     = repoData['name']
+        # Get Policies
+        repoData = json.loads(data)
+        repoName = repoData['name']
         typeOfPolicy = repoData['repositoryType']
         ##Get Policies by repo name
-        policyList = self.get_policy_by_repo_name(name=repoName, component=typeOfPolicy, status="true", usernamepassword=usernamepassword)
-        if (len(policyList)) > 0 : 
+        policyList = self.get_policy_by_repo_name(name=repoName, component=typeOfPolicy, status="true",
+                                                  usernamepassword=usernamepassword)
+        if (len(policyList)) > 0:
           policiesUpdateCount = 0
           for policy in policyList:
-            updatedPolicyObj = self.get_policy_params(typeOfPolicy,policy)
-            policyResCode, policyResponse = self.update_ranger_policy(updatedPolicyObj['id'], json.dumps(updatedPolicyObj), usernamepassword)
+            updatedPolicyObj = self.get_policy_params(typeOfPolicy, policy)
+            policyResCode, policyResponse = self.update_ranger_policy(updatedPolicyObj['id'],
+                                                                      json.dumps(updatedPolicyObj), usernamepassword)
             if policyResCode == 200:
-              policiesUpdateCount = policiesUpdateCount+1
+              policiesUpdateCount = policiesUpdateCount + 1
             else:
-              Logger.info('Policy Update failed')  
-          ##Check for count of updated policies
+              Logger.info('Policy Update failed')
+              ##Check for count of updated policies
           if len(policyList) == policiesUpdateCount:
-            Logger.info("Ranger Repository created successfully and policies updated successfully providing ambari-qa user all permissions")
+            Logger.info(
+              "Ranger Repository created successfully and policies updated successfully providing ambari-qa user all permissions")
             return response
           else:
             return None
         else:
           Logger.info("Policies not found for the newly created Repository")
-        return  None
+        return None
       else:
         Logger.info('Repository creation failed')
-        return None  
+        return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-          Logger.error("HTTP Code: %s" % e.code)
-          Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: %s" % e.code)
+        Logger.error("HTTP Data: %s" % e.read())
       else:
-          Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: %s" % (e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
       return None
 
-  def check_ranger_login_urllib2(self, url,usernamepassword ):
+  def check_ranger_login_urllib2(self, url, usernamepassword):
     try:
       request = urllib2.Request(url)
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
-      request.add_header("Content-Type", "application/json")   
-      request.add_header("Accept", "application/json")  
-      request.add_header("Authorization", "Basic %s" % base64string)   
+      request.add_header("Content-Type", "application/json")
+      request.add_header("Accept", "application/json")
+      request.add_header("Authorization", "Basic %s" % base64string)
       result = urllib2.urlopen(request)
       response = result.read()
-      response_code =  result.getcode()
+      response_code = result.getcode()
       return response_code, response
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-          Logger.error("HTTP Code: %s" % e.code)
-          Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: %s" % e.code)
+        Logger.error("HTTP Data: %s" % e.read())
       else:
-          Logger.error("Error : %s" % (e.reason))
+        Logger.error("Error : %s" % (e.reason))
       return None, None
     except httplib.BadStatusLine, e:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
-      return None, None      
+      return None, None
 
   def get_policy_by_repo_name(self, name, component, status, usernamepassword):
     try:
       searchPolicyURL = self.urlPolicies + "?repositoryName=" + name + "&repositoryType=" + component + "&isEnabled=" + status
       request = urllib2.Request(searchPolicyURL)
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
-      request.add_header("Content-Type", "application/json")   
-      request.add_header("Accept", "application/json")  
-      request.add_header("Authorization", "Basic %s" % base64string)   
+      request.add_header("Content-Type", "application/json")
+      request.add_header("Accept", "application/json")
+      request.add_header("Authorization", "Basic %s" % base64string)
       result = urllib2.urlopen(request)
-      response_code =  result.getcode()
+      response_code = result.getcode()
       response = json.loads(result.read())
       if response_code == 200 and len(response['vXPolicies']) > 0:
-          return response['vXPolicies']
+        return response['vXPolicies']
       else:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-          Logger.error("HTTP Code: %s" % e.code)
-          Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: %s" % e.code)
+        Logger.error("HTTP Data: %s" % e.read())
       else:
-          Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: %s" % (e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -175,19 +180,19 @@ class Rangeradmin:
 
   def update_ranger_policy(self, policyId, data, usernamepassword):
     try:
-      searchRepoURL = self.urlPolicies +"/"+str(policyId)
+      searchRepoURL = self.urlPolicies + "/" + str(policyId)
       base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
       headers = {
         'Accept': 'application/json',
         "Content-Type": "application/json"
       }
       request = urllib2.Request(searchRepoURL, data, headers)
-      request.add_header("Authorization", "Basic %s" % base64string)   
+      request.add_header("Authorization", "Basic %s" % base64string)
       request.get_method = lambda: 'PUT'
       result = urllib2.urlopen(request)
-      response_code =  result.getcode()
+      response_code = result.getcode()
       response = json.loads(json.JSONEncoder().encode(result.read()))
-      if response_code == 200 :
+      if response_code == 200:
         Logger.info('Policy updated Successfully')
         return response_code, response
       else:
@@ -195,27 +200,101 @@ class Rangeradmin:
         return None, None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-          Logger.error("HTTP Code: %s" % e.code)
-          Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: %s" % e.code)
+        Logger.error("HTTP Data: %s" % e.read())
       else:
-          Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: %s" % (e.reason))
       return None, None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
       return None, None
 
-  def get_policy_params(self, typeOfPolicy,policyObj): 
-    
+  def get_policy_params(self, typeOfPolicy, policyObj):
+
     typeOfPolicy = typeOfPolicy.lower()
     if typeOfPolicy == "hdfs":
-      policyObj['permMapList'] = [{'userList':['ambari-qa'],'permList':  ['Read','Write', 'Execute', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Read', 'Write', 'Execute', 'Admin']}]
     elif typeOfPolicy == "hive":
-      policyObj['permMapList'] = [{'userList':['ambari-qa'], 'permList':[ 'Select','Update', 'Create', 'Drop', 'Alter', 'Index', 'Lock', 'All', 'Admin' ]}]
+      policyObj['permMapList'] = [{'userList': ['ambari-qa'],
+                                   'permList': ['Select', 'Update', 'Create', 'Drop', 'Alter', 'Index', 'Lock', 'All',
+                                                'Admin']}]
     elif typeOfPolicy == "hbase":
-      policyObj['permMapList'] = [{'userList':['ambari-qa'],'permList':[ 'Read', 'Write', 'Create', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Read', 'Write', 'Create', 'Admin']}]
     elif typeOfPolicy == "knox":
-      policyObj['permMapList'] = [{'userList':['ambari-qa'], 'permList': ['Allow','Admin']}]
-    elif typeOfPolicy == "storm" : 
-      policyObj['permMapList'] = [{'userList':['ambari-qa'], 'permList':[ 'Submit Topology', 'File Upload', 'Get Nimbus Conf', 'Get Cluster Info', 'File Download', 'Kill Topology', 'Rebalance', 'Activate','Deactivate', 'Get Topology Conf', 'Get Topology', 'Get User Topology', 'Get Topology Info', 'Upload New Credential', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Allow', 'Admin']}]
+    elif typeOfPolicy == "storm":
+      policyObj['permMapList'] = [{'userList': ['ambari-qa', 'storm'],
+                                   'permList': ['SubmitTopology', 'FileUpload', 'GetNimbusConf', 'GetClusterInfo',
+                                                'FileDownload', 'KillTopology', 'Rebalance', 'Activate', 'Deactivate',
+                                                'GetTopologyConf', 'GetTopology', 'GetUserTopology',
+                                                'GetTopologyInfo', 'UploadNewCredential', 'Admin']}]
     return policyObj
 
+
+  def create_ambari_admin_user(self,ambari_admin_username, ambari_admin_password,usernamepassword):
+    try:
+      url =  self.urlUsers + '?startIndex=0'
+      request = urllib2.Request(url)
+      base64string = base64.encodestring(usernamepassword).replace('\n', '')
+      request.add_header("Content-Type", "application/json")
+      request.add_header("Accept", "application/json")
+      request.add_header("Authorization", "Basic %s" % base64string)
+      result = urllib2.urlopen(request)
+      response_code =  result.getcode()
+      response = json.loads(result.read())
+      if response_code == 200 and len(response['vXUsers']) > 0:
+        ambari_admin_username = ambari_admin_username
+        flag_ambari_admin_present = False
+        for vxuser in response['vXUsers']:
+          rangerlist_username = vxuser['name']
+          if rangerlist_username == ambari_admin_username:
+            flag_ambari_admin_present = True
+            break
+          else:
+            flag_ambari_admin_present = False
+
+        if flag_ambari_admin_present:
+          Logger.info(ambari_admin_username + ' user already exists, using existing user from configurations.')
+          return ambari_admin_username,ambari_admin_password
+        else:
+          Logger.info(ambari_admin_username + ' user is not present, creating user using given configurations')
+          url = self.urlSecUsers
+          admin_user = dict()
+          admin_user['status'] = 1
+          admin_user['userRoleList'] = ['ROLE_SYS_ADMIN']
+          admin_user['name'] = ambari_admin_username
+          admin_user['password'] = ambari_admin_password
+          admin_user['description'] = ambari_admin_username
+          admin_user['firstName'] = ambari_admin_username
+          data =  json.dumps(admin_user)
+          base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+          headers = {
+	          'Accept': 'application/json',
+	          "Content-Type": "application/json"
+          }
+          request = urllib2.Request(url, data, headers)
+          request.add_header("Authorization", "Basic %s" % base64string)
+          result = urllib2.urlopen(request)
+          response_code =  result.getcode()
+          response = json.loads(json.JSONEncoder().encode(result.read()))
+          if response_code == 200 and response is not None:
+            Logger.info('Ambari admin user creation successful.')
+          else:
+            Logger.info('Ambari admin user creation failed,setting username and password as blank')
+            ambari_admin_username = ''
+            ambari_admin_password = ''
+          return ambari_admin_username,ambari_admin_password
+      else:
+        return '',''
+
+    except urllib2.URLError, e:
+      if isinstance(e, urllib2.HTTPError):
+        Logger.error("HTTP Code: %s" % e.code)
+        Logger.error("HTTP Data: %s" % e.read())
+        return '',''
+      else:
+        Logger.error("Error: %s" % (e.reason))
+        return '',''
+    except httplib.BadStatusLine:
+      Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
+      return '',''

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py

@@ -164,6 +164,7 @@ if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
     region_drainer = format("/usr/hdp/current/hbase-{role_root}/bin/draining_servers.rb")
     hbase_cmd = format("/usr/hdp/current/hbase-{role_root}/bin/hbase")
 
+user_input = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled","no")
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # Setting Flag value for ranger hbase plugin
   enable_ranger_hbase = False
@@ -176,3 +177,14 @@ if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
 has_ranger_admin = not len(ranger_admin_hosts) == 0    
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = "mysql-connector-java.jar"
+
+downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py

@@ -22,166 +22,186 @@ import fileinput
 import subprocess
 import json
 import re
+import os
 from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
 def setup_ranger_hbase(env):
-    import params
-    env.set_params(params)
-
-    if params.has_ranger_admin:
-        try:
-            command = 'hdp-select status hbase-client'
-            return_code, hdp_output = shell.call(command, timeout=20)
-        except Exception, e:
-            Logger.error(str(e))
-            raise Fail('Unable to execute hdp-select command to retrieve the version.')
-
-        if return_code != 0:
-            raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
-
-        hdp_version = re.sub('hbase-client - ', '', hdp_output)
-        match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
-
-        if match is None:
-            raise Fail('Failed to get extracted version')
-
-        file_path = '/usr/hdp/'+ hdp_version +'/ranger-hbase-plugin/install.properties'
-
-        ranger_hbase_dict = ranger_hbase_properties(params)
-        hbase_repo_data = hbase_repo_properties(params)
-
-        write_properties_to_file(file_path, ranger_hbase_dict)
-
-        if params.enable_ranger_hbase:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-hbase-plugin/ && sh enable-hbase-plugin.sh')
-            ranger_adm_obj = Rangeradmin(url=ranger_hbase_dict['POLICY_MGR_URL'])
-            response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hbase_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
-
-            if response_code is not None and response_code == 200:
-                repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hbase_dict['REPOSITORY_NAME'], 'hbase', 'true', 'admin:admin')
-
-                if repo and repo['name'] == ranger_hbase_dict['REPOSITORY_NAME']:
-                    Logger.info('Hbase Repository exist')
-                else:
-                    response = ranger_adm_obj.create_repository_urllib2(hbase_repo_data, 'admin:admin')
-                    if response is not None:
-                        Logger.info('Hbase Repository created in Ranger admin')
-                    else:
-                        Logger.info('Hbase Repository creation failed in Ranger admin')
+  import params
+  env.set_params(params)
+  
+  if params.has_ranger_admin:
+
+    environment = {"no_proxy": format("{params.ambari_server_hostname}")}
+
+    Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o',
+            params.downloaded_custom_connector),
+            not_if=format("test -f {params.downloaded_custom_connector}"),
+            path=["/bin", "/usr/bin/"],
+            environment=environment,
+            sudo=True)
+
+    if not os.path.isfile(params.driver_curl_target):
+      Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+              path=["/bin", "/usr/bin/"],
+              sudo=True)
+
+    try:
+      command = 'hdp-select status hbase-client'
+      return_code, hdp_output = shell.call(command, timeout=20)
+    except Exception, e:
+      Logger.error(str(e))
+      raise Fail('Unable to execute hdp-select command to retrieve the version.')
+
+    if return_code != 0:
+      raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+    hdp_version = re.sub('hbase-client - ', '', hdp_output)
+    match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+
+    if match is None:
+      raise Fail('Failed to get extracted version')
+
+    file_path = '/usr/hdp/'+ hdp_version +'/ranger-hbase-plugin/install.properties'
+
+    ranger_hbase_dict = ranger_hbase_properties(params)
+    hbase_repo_data = hbase_repo_properties(params)
+
+    write_properties_to_file(file_path, ranger_hbase_dict)
+
+    if params.enable_ranger_hbase:
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-hbase-plugin/ && sh enable-hbase-plugin.sh')
+      ranger_adm_obj = Rangeradmin(url=ranger_hbase_dict['POLICY_MGR_URL'])
+      response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hbase_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
+
+      if response_code is not None and response_code == 200:
+        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
+        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
+        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
+        if ambari_ranger_admin != '' and ambari_ranger_password != '':
+          repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hbase_dict['REPOSITORY_NAME'], 'hbase', 'true', ambari_username_password_for_ranger)
+          if repo and repo['name'] == ranger_hbase_dict['REPOSITORY_NAME']:
+            Logger.info('Hbase Repository exist')
+          else:
+            response = ranger_adm_obj.create_repository_urllib2(hbase_repo_data, ambari_username_password_for_ranger)
+            if response is not None:
+              Logger.info('Hbase Repository created in Ranger admin')
             else:
-                Logger.info('Ranger service is not started on given host')
+              Logger.info('Hbase Repository creation failed in Ranger admin')
         else:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-hbase-plugin/ && sh disable-hbase-plugin.sh')
-
-        Execute(cmd, environment={'JAVA_HOME': params.java64_home}, logoutput=True)                    
+          Logger.info('Ambari admin username and password are blank ')
+      else:
+          Logger.info('Ranger service is not started on given host')
     else:
-        Logger.info('Ranger admin not installed')
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-hbase-plugin/ && sh disable-hbase-plugin.sh')
+
+    Execute(cmd, environment={'JAVA_HOME': params.java64_home}, logoutput=True)                    
+  else:
+    Logger.info('Ranger admin not installed')
 
 
 def write_properties_to_file(file_path, value):
-    for key in value:
-      modify_config(file_path, key, value[key])
+  for key in value:
+    modify_config(file_path, key, value[key])
 
 
 def modify_config(filepath, variable, setting):
-    var_found = False
-    already_set = False
-    V=str(variable)
-    S=str(setting)
-    # use quotes if setting has spaces #
-    if ' ' in S:
-        S = '%s' % S
-
-    for line in fileinput.input(filepath, inplace = 1):
-        # process lines that look like config settings #
-        if not line.lstrip(' ').startswith('#') and '=' in line:
-            _infile_var = str(line.split('=')[0].rstrip(' '))
-            _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-            # only change the first matching occurrence #
-            if var_found == False and _infile_var.rstrip(' ') == V:
-                var_found = True
-                # don't change it if it is already set #
-                if _infile_set.lstrip(' ') == S:
-                    already_set = True
-                else:
-                    line = "%s=%s\n" % (V, S)
-
-        sys.stdout.write(line)
-
-    # Append the variable if it wasn't found #
-    if not var_found:
-        with open(filepath, "a") as f:
-            f.write("%s=%s\n" % (V, S))
-    elif already_set == True:
-        pass
-    else:
-        pass
+  var_found = False
+  already_set = False
+  V=str(variable)
+  S=str(setting)
+  # use quotes if setting has spaces #
+  if ' ' in S:
+    S = '%s' % S
+  for line in fileinput.input(filepath, inplace = 1):
+    # process lines that look like config settings #
+    if not line.lstrip(' ').startswith('#') and '=' in line:
+      _infile_var = str(line.split('=')[0].rstrip(' '))
+      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+      # only change the first matching occurrence #
+      if var_found == False and _infile_var.rstrip(' ') == V:
+        var_found = True
+        # don't change it if it is already set #
+        if _infile_set.lstrip(' ') == S:
+          already_set = True
+        else:
+          line = "%s=%s\n" % (V, S)
+    sys.stdout.write(line)
+
+  # Append the variable if it wasn't found #
+  if not var_found:
+    with open(filepath, "a") as f:
+        f.write("%s=%s\n" % (V, S))
+  elif already_set == True:
+    pass
+  else:
+    pass
 
-    return
+  return
 
 def ranger_hbase_properties(params):
-    ranger_hbase_properties = dict()
-
-    ranger_hbase_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-    ranger_hbase_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-    ranger_hbase_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-    ranger_hbase_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-    ranger_hbase_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-    ranger_hbase_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-    ranger_hbase_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-    ranger_hbase_properties['REPOSITORY_NAME']          = params.config['clusterName'] + '_hbase'
-
-    ranger_hbase_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-    ranger_hbase_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-    ranger_hbase_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-    ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-    ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-    ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-    ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-    ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-    ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-    ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-    ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-    ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-    ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
+  ranger_hbase_properties = dict()
+
+  ranger_hbase_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
+  ranger_hbase_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
+  ranger_hbase_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
+  ranger_hbase_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
+  ranger_hbase_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
+  ranger_hbase_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
+  ranger_hbase_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
+  ranger_hbase_properties['REPOSITORY_NAME']          = str(params.config['clusterName']) + '_hbase'
+
+  ranger_hbase_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
+
+  ranger_hbase_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
     
 
-    ranger_hbase_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-    ranger_hbase_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-    ranger_hbase_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-    ranger_hbase_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
-    
-    ranger_hbase_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hbase-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+  ranger_hbase_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
+  ranger_hbase_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_PASSWORD']
+  ranger_hbase_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
+  ranger_hbase_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+   
+  ranger_hbase_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hbase-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
 
-    return ranger_hbase_properties    
+  return ranger_hbase_properties    
 
 def hbase_repo_properties(params):
 
-    config_dict = dict()
-    config_dict['username'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-    config_dict['password'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-    config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site']['hadoop.security.authentication']
-    config_dict['hbase.security.authentication'] = params.config['configurations']['hbase-site']['hbase.security.authentication']
-    config_dict['hbase.zookeeper.property.clientPort'] = params.config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
-    config_dict['hbase.zookeeper.quorum'] = params.config['configurations']['hbase-site']['hbase.zookeeper.quorum']
-    config_dict['zookeeper.znode.parent'] =  params.config['configurations']['hbase-site']['zookeeper.znode.parent']
-
-    if params.config['configurations']['cluster-env']['security_enabled']:
-        config_dict['hbase.master.kerberos.principal'] = params.config['configurations']['hbase-site']['hbase.master.kerberos.principal']
-    else:
-        config_dict['hbase.master.kerberos.principal'] = ''
-
-    repo= dict()
-    repo['isActive']                = "true"
-    repo['config']                  = json.dumps(config_dict)
-    repo['description']             = "hbase repo"
-    repo['name']                    = params.config['clusterName'] + "_hbase"
-    repo['repositoryType']          = "Hbase"
-    repo['assetType']               = '2'
-
-    data = json.dumps(repo)
-
-    return data
+  config_dict = dict()
+  config_dict['username'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+  config_dict['password'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+  config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site']['hadoop.security.authentication']
+  config_dict['hbase.security.authentication'] = params.config['configurations']['hbase-site']['hbase.security.authentication']
+  config_dict['hbase.zookeeper.property.clientPort'] = params.config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
+  config_dict['hbase.zookeeper.quorum'] = params.config['configurations']['hbase-site']['hbase.zookeeper.quorum']
+  config_dict['zookeeper.znode.parent'] =  params.config['configurations']['hbase-site']['zookeeper.znode.parent']
+
+  if params.config['configurations']['cluster-env']['security_enabled']:
+    config_dict['hbase.master.kerberos.principal'] = params.config['configurations']['hbase-site']['hbase.master.kerberos.principal']
+  else:
+    config_dict['hbase.master.kerberos.principal'] = ''
+
+  repo= dict()
+  repo['isActive']                = "true"
+  repo['config']                  = json.dumps(config_dict)
+  repo['description']             = "hbase repo"
+  repo['name']                    = str(params.config['clusterName']) + "_hbase"
+  repo['repositoryType']          = "Hbase"
+  repo['assetType']               = '2'
+
+  data = json.dumps(repo)
+
+  return data

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py

@@ -306,13 +306,25 @@ mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefi
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+user_input = default("/configurations/ranger-hdfs-plugin-properties/ranger-hdfs-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
-    # setting flag value for ranger hdfs plugin
+  # setting flag value for ranger hdfs plugin
+  enable_ranger_hdfs = False
+  user_input = config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled']
+  if  user_input.lower() == 'yes':
+    enable_ranger_hdfs = True
+  elif user_input.lower() == 'no':
     enable_ranger_hdfs = False
-    user_input = config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled']
-    if  user_input.lower() == 'yes':
-      enable_ranger_hdfs = True
-    elif user_input.lower() == 'no':
-      enable_ranger_hdfs = False
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = "mysql-connector-java.jar"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py

@@ -22,170 +22,228 @@ import fileinput
 import subprocess
 import json
 import re
+import os
 from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
-def setup_ranger_hdfs(env):
-    import params
-    env.set_params(params)
-
-    if params.has_ranger_admin:
-        try:
-            command = 'hdp-select status hadoop-client'
-            return_code, hdp_output = shell.call(command, timeout=20)
-        except Exception, e:
-            Logger.error(str(e))
-            raise Fail('Unable to execute hdp-select command to retrieve the version.')
-
-        if return_code != 0:
-            raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
-
-        hdp_version = re.sub('hadoop-client - ', '', hdp_output)
-        match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
-
-        if match is None:
-            raise Fail('Failed to get extracted version')
-
-        file_path = '/usr/hdp/'+ hdp_version +'/ranger-hdfs-plugin/install.properties'
 
-        ranger_hdfs_dict = ranger_hdfs_properties(params)
-        hdfs_repo_data = hdfs_repo_properties(params)        
-
-        write_properties_to_file(file_path, ranger_hdfs_dict)
-
-        if params.enable_ranger_hdfs:            
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-hdfs-plugin/ && sh enable-hdfs-plugin.sh')
-            ranger_adm_obj = Rangeradmin(url=ranger_hdfs_dict['POLICY_MGR_URL'])
-            response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hdfs_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
-
-            if response_code is not None and response_code == 200:
-                repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hdfs_dict['REPOSITORY_NAME'], 'hdfs', 'true', 'admin:admin')
-
-                if repo and repo['name'] == ranger_hdfs_dict['REPOSITORY_NAME']:
-                    Logger.info('HDFS Repository exist')
-                else:
-                    response = ranger_adm_obj.create_repository_urllib2(hdfs_repo_data, 'admin:admin')
-                    if response is not None:
-                        Logger.info('HDFS Repository created in Ranger Admin')
-                    else:
-                        Logger.info('HDFS Repository creation failed in Ranger Admin')
+def setup_ranger_hdfs(env):
+  import params
+
+  env.set_params(params)
+
+  if params.has_ranger_admin:
+
+    environment = {"no_proxy": format("{params.ambari_server_hostname}")}
+
+    Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o',
+            params.downloaded_custom_connector),
+            not_if=format("test -f {params.downloaded_custom_connector}"),
+            path=["/bin", "/usr/bin/"],
+            environment=environment,
+            sudo=True)
+
+    if not os.path.isfile(params.driver_curl_target):
+      Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+              path=["/bin", "/usr/bin/"],
+              sudo=True)
+
+    try:
+      command = 'hdp-select status hadoop-client'
+      return_code, hdp_output = shell.call(command, timeout=20)
+    except Exception, e:
+      Logger.error(str(e))
+      raise Fail('Unable to execute hdp-select command to retrieve the version.')
+
+    if return_code != 0:
+      raise Fail(
+        'Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+    hdp_version = re.sub('hadoop-client - ', '', hdp_output)
+    match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+
+    if match is None:
+      raise Fail('Failed to get extracted version')
+
+    file_path = '/usr/hdp/' + hdp_version + '/ranger-hdfs-plugin/install.properties'
+
+    ranger_hdfs_dict = ranger_hdfs_properties(params)
+    hdfs_repo_data = hdfs_repo_properties(params)
+
+    write_properties_to_file(file_path, ranger_hdfs_dict)
+
+    if params.enable_ranger_hdfs:
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-hdfs-plugin/ && sh enable-hdfs-plugin.sh')
+      ranger_adm_obj = Rangeradmin(url=ranger_hdfs_dict['POLICY_MGR_URL'])
+      response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(
+        ranger_hdfs_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
+
+      if response_code is not None and response_code == 200:
+        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
+        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
+        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
+        if ambari_ranger_admin != '' and ambari_ranger_password != '':
+          repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hdfs_dict['REPOSITORY_NAME'], 'hdfs', 'true', ambari_username_password_for_ranger)
+          if repo and repo['name'] == ranger_hdfs_dict['REPOSITORY_NAME']:
+            Logger.info('HDFS Repository exist')
+          else:
+            response = ranger_adm_obj.create_repository_urllib2(hdfs_repo_data, ambari_username_password_for_ranger)
+            if response is not None:
+              Logger.info('HDFS Repository created in Ranger Admin')
             else:
-                Logger.info('Ranger service is not started on given host')
+              Logger.info('HDFS Repository creation failed in Ranger Admin')
         else:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-hdfs-plugin/ && sh disable-hdfs-plugin.sh')
-
-        Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)            
+          Logger.info('Ambari admin username and password are blank ')
+      else:
+        Logger.info('Ranger service is not started on given host')
     else:
-        Logger.info('Ranger admin not installed')
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-hdfs-plugin/ && sh disable-hdfs-plugin.sh')
+
+    Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+  else:
+    Logger.info('Ranger admin not installed')
 
 
 def write_properties_to_file(file_path, value):
-    for key in value:
-      modify_config(file_path, key, value[key])
+  for key in value:
+    modify_config(file_path, key, value[key])
 
 
 def modify_config(filepath, variable, setting):
-    var_found = False
-    already_set = False
-    V=str(variable)
-    S=str(setting)
-    # use quotes if setting has spaces #
-    if ' ' in S:
-        S = '%s' % S
-
-    for line in fileinput.input(filepath, inplace = 1):
-        # process lines that look like config settings #
-        if not line.lstrip(' ').startswith('#') and '=' in line:
-            _infile_var = str(line.split('=')[0].rstrip(' '))
-            _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-            # only change the first matching occurrence #
-            if var_found == False and _infile_var.rstrip(' ') == V:
-                var_found = True
-                # don't change it if it is already set #
-                if _infile_set.lstrip(' ') == S:
-                    already_set = True
-                else:
-                    line = "%s=%s\n" % (V, S)
-
-        sys.stdout.write(line)
-
-    # Append the variable if it wasn't found #
-    if not var_found:
-        with open(filepath, "a") as f:
-            f.write("%s=%s\n" % (V, S))
-    elif already_set == True:
-        pass
-    else:
-        pass
-
-    return
+  var_found = False
+  already_set = False
+  V = str(variable)
+  S = str(setting)
+  # use quotes if setting has spaces #
+  if ' ' in S:
+    S = '%s' % S
+
+  for line in fileinput.input(filepath, inplace=1):
+    # process lines that look like config settings #
+    if not line.lstrip(' ').startswith('#') and '=' in line:
+      _infile_var = str(line.split('=')[0].rstrip(' '))
+      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+      # only change the first matching occurrence #
+      if var_found == False and _infile_var.rstrip(' ') == V:
+        var_found = True
+        # don't change it if it is already set #
+        if _infile_set.lstrip(' ') == S:
+          already_set = True
+        else:
+          line = "%s=%s\n" % (V, S)
 
-def ranger_hdfs_properties(params):
-    ranger_hdfs_properties = dict()
-
-    ranger_hdfs_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-    ranger_hdfs_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-    ranger_hdfs_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-    ranger_hdfs_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-    ranger_hdfs_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-    ranger_hdfs_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-    ranger_hdfs_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-    ranger_hdfs_properties['REPOSITORY_NAME']          = params.config['clusterName'] + '_hadoop'
-
-    ranger_hdfs_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-    ranger_hdfs_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-    ranger_hdfs_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-    ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-    ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-    ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-    ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-    ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-    ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-    ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-    ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-    ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-    ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-    
-
-    ranger_hdfs_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-    ranger_hdfs_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-    ranger_hdfs_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-    ranger_hdfs_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
-
-    return ranger_hdfs_properties
+    sys.stdout.write(line)
 
+  # Append the variable if it wasn't found #
+  if not var_found:
+    with open(filepath, "a") as f:
+      f.write("%s=%s\n" % (V, S))
+  elif already_set == True:
+    pass
+  else:
+    pass
 
-def hdfs_repo_properties(params):
+  return
 
-    config_dict = dict()
-    config_dict['username'] = params.config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-    config_dict['password'] = params.config['configurations']['ranger-hdfs-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-    config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site']['hadoop.security.authentication']
-    config_dict['hadoop.security.authorization'] = params.config['configurations']['core-site']['hadoop.security.authorization']
-    config_dict['fs.default.name'] = params.config['configurations']['core-site']['fs.defaultFS']
-    config_dict['hadoop.security.auth_to_local'] = params.config['configurations']['core-site']['hadoop.security.auth_to_local']
-    config_dict['hadoop.rpc.protection'] = params.config['configurations']['ranger-hdfs-plugin-properties']['hadoop.rpc.protection']
-    config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hdfs-plugin-properties']['common.name.for.certificate']
-
-    if params.config['configurations']['cluster-env']['security_enabled']:
-        config_dict['dfs.datanode.kerberos.principal'] = params.config['configurations']['hdfs-site']['dfs.datanode.kerberos.principal']
-        config_dict['dfs.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site']['dfs.namenode.kerberos.principal']
-        config_dict['dfs.secondary.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site']['dfs.secondary.namenode.kerberos.principal']
-    else:
-        config_dict['dfs.datanode.kerberos.principal'] = ''
-        config_dict['dfs.namenode.kerberos.principal'] = ''
-        config_dict['dfs.secondary.namenode.kerberos.principal'] = ''
 
-    repo= dict()
-    repo['isActive']                = "true"
-    repo['config']                  = json.dumps(config_dict)
-    repo['description']             = "hdfs repo"
-    repo['name']                    = params.config['clusterName'] + "_hadoop"
-    repo['repositoryType']          = "Hdfs"
-    repo['assetType']               = '1'
+def ranger_hdfs_properties(params):
+  ranger_hdfs_properties = dict()
+
+  ranger_hdfs_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties'][
+    'policymgr_external_url']
+  ranger_hdfs_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
+  ranger_hdfs_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR']
+  ranger_hdfs_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties'][
+    'audit_db_name']
+  ranger_hdfs_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user']
+  ranger_hdfs_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties'][
+    'audit_db_password']
+  ranger_hdfs_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host']
+  ranger_hdfs_properties['REPOSITORY_NAME'] = str(params.config['clusterName']) + '_hadoop'
+
+  ranger_hdfs_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'XAAUDIT.DB.IS_ENABLED']
+
+  ranger_hdfs_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'XAAUDIT.HDFS.IS_ENABLED']
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = \
+  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
+
+  ranger_hdfs_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'SSL_KEYSTORE_FILE_PATH']
+  ranger_hdfs_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'SSL_KEYSTORE_PASSWORD']
+  ranger_hdfs_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'SSL_TRUSTSTORE_FILE_PATH']
+  ranger_hdfs_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'SSL_TRUSTSTORE_PASSWORD']
+
+  return ranger_hdfs_properties
 
-    data = json.dumps(repo)
 
-    return data
+def hdfs_repo_properties(params):
+  config_dict = dict()
+  config_dict['username'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'REPOSITORY_CONFIG_USERNAME']
+  config_dict['password'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'REPOSITORY_CONFIG_PASSWORD']
+  config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site'][
+    'hadoop.security.authentication']
+  config_dict['hadoop.security.authorization'] = params.config['configurations']['core-site'][
+    'hadoop.security.authorization']
+  config_dict['fs.default.name'] = params.config['configurations']['core-site']['fs.defaultFS']
+  config_dict['hadoop.security.auth_to_local'] = params.config['configurations']['core-site'][
+    'hadoop.security.auth_to_local']
+  config_dict['hadoop.rpc.protection'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'hadoop.rpc.protection']
+  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
+    'common.name.for.certificate']
+
+  if params.config['configurations']['cluster-env']['security_enabled']:
+    config_dict['dfs.datanode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
+      'dfs.datanode.kerberos.principal']
+    config_dict['dfs.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
+      'dfs.namenode.kerberos.principal']
+    config_dict['dfs.secondary.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
+      'dfs.secondary.namenode.kerberos.principal']
+  else:
+    config_dict['dfs.datanode.kerberos.principal'] = ''
+    config_dict['dfs.namenode.kerberos.principal'] = ''
+    config_dict['dfs.secondary.namenode.kerberos.principal'] = ''
+
+  repo = dict()
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "hdfs repo"
+  repo['name'] = str(params.config['clusterName']) + "_hadoop"
+  repo['repositoryType'] = "Hdfs"
+  repo['assetType'] = '1'
+
+  data = json.dumps(repo)
+
+  return data

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py

@@ -329,12 +329,20 @@ HdfsDirectory = functools.partial(
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+user_input = default("/configurations/ranger-hive-plugin-properties/ranger-hive-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >=0:
-    # setting flag value for ranger hive plugin
+  # setting flag value for ranger hive plugin
+  enable_ranger_hive = False
+  user_input = config['configurations']['ranger-hive-plugin-properties']['ranger-hive-plugin-enabled']
+  if  user_input.lower() == 'yes':
+    enable_ranger_hive = True
+  elif user_input.lower() == 'no':
     enable_ranger_hive = False
-    user_input = config['configurations']['ranger-hive-plugin-properties']['ranger-hive-plugin-enabled']
-    if  user_input.lower() == 'yes':
-      enable_ranger_hive = True
-    elif user_input.lower() == 'no':
-      enable_ranger_hive = False
+
+ranger_jdbc_jar_name = "mysql-connector-java.jar"
+
+ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}")
+
+ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}")
+ranger_driver_curl_target = format("{java_share_dir}/{ranger_jdbc_jar_name}")

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py

@@ -22,161 +22,184 @@ import fileinput
 import subprocess
 import json
 import re
+import os
 from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
 def setup_ranger_hive(env):
-    import params
-    env.set_params(params)
-
-    if params.has_ranger_admin:
-        try:
-            command = 'hdp-select status hive-server2'
-            return_code, hdp_output = shell.call(command, timeout=20)
-        except Exception, e:
-            Logger.error(str(e))
-            raise Fail('Unable to execute hdp-select command to retrieve the version.')
-
-        if return_code != 0:
-            raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
-
-        hdp_version = re.sub('hive-server2 - ', '', hdp_output)
-        match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
-
-        if match is None:
-            raise Fail('Failed to get extracted version')
-
-        file_path = '/usr/hdp/'+ hdp_version +'/ranger-hive-plugin/install.properties'
-
-        ranger_hive_dict = ranger_hive_properties(params)
-        hive_repo_data = hive_repo_properties(params)
-
-        write_properties_to_file(file_path, ranger_hive_dict)
-    
-        if params.enable_ranger_hive:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-hive-plugin/ && sh enable-hive-plugin.sh')
-            ranger_adm_obj = Rangeradmin(url=ranger_hive_dict['POLICY_MGR_URL'])
-            response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hive_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
-
-            if response_code is not None and response_code == 200:
-                repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hive_dict['REPOSITORY_NAME'], 'hive', 'true', 'admin:admin')
-
-                if repo and repo['name'] ==  ranger_hive_dict['REPOSITORY_NAME']:
-                    Logger.info('Hive Repository exist')
-                else:
-                    response = ranger_adm_obj.create_repository_urllib2(hive_repo_data, 'admin:admin')
-                    if response is not None:
-                        Logger.info('Hive Repository created in Ranger Admin')
-                    else:
-                        Logger.info('Hive Repository creation failed in Ranger Admin')
-            else:                        
-                Logger.info('Ranger service is not started on given host')
+  import params
+  env.set_params(params)
+
+  if params.has_ranger_admin:
+
+    environment = {"no_proxy": format("{params.ambari_server_hostname}")}
+
+    Execute(('curl', '-kf', '-x', "", '--retry', '10', params.ranger_driver_curl_source, '-o',
+            params.ranger_downloaded_custom_connector),
+            not_if=format("test -f {params.ranger_downloaded_custom_connector}"),
+            path=["/bin", "/usr/bin/"],
+            environment=environment,
+            sudo=True)
+
+    if not os.path.isfile(params.ranger_driver_curl_target):
+      Execute(('cp', '--remove-destination', params.ranger_downloaded_custom_connector, params.ranger_driver_curl_target),
+              path=["/bin", "/usr/bin/"],
+              sudo=True)
+
+    try:
+      command = 'hdp-select status hive-server2'
+      return_code, hdp_output = shell.call(command, timeout=20)
+    except Exception, e:
+      Logger.error(str(e))
+      raise Fail('Unable to execute hdp-select command to retrieve the version.')
+
+    if return_code != 0:
+      raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+    hdp_version = re.sub('hive-server2 - ', '', hdp_output)
+    match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+
+    if match is None:
+      raise Fail('Failed to get extracted version')
+
+    file_path = '/usr/hdp/'+ hdp_version +'/ranger-hive-plugin/install.properties'
+
+    ranger_hive_dict = ranger_hive_properties(params)
+    hive_repo_data = hive_repo_properties(params)
+
+    write_properties_to_file(file_path, ranger_hive_dict)
+  
+    if params.enable_ranger_hive:
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-hive-plugin/ && sh enable-hive-plugin.sh')
+      ranger_adm_obj = Rangeradmin(url=ranger_hive_dict['POLICY_MGR_URL'])
+      response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hive_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
+
+      if response_code is not None and response_code == 200:
+        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
+        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
+        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
+        if ambari_ranger_admin != '' and ambari_ranger_password != '':
+          repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hive_dict['REPOSITORY_NAME'], 'hive', 'true', ambari_username_password_for_ranger)
+
+          if repo and repo['name'] ==  ranger_hive_dict['REPOSITORY_NAME']:
+            Logger.info('Hive Repository exist')
+          else:
+            response = ranger_adm_obj.create_repository_urllib2(hive_repo_data,ambari_username_password_for_ranger)
+            if response is not None:
+              Logger.info('Hive Repository created in Ranger Admin')
+            else:
+              Logger.info('Hive Repository creation failed in Ranger Admin')
         else:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-hive-plugin/ && sh disable-hive-plugin.sh')
-        
-        Execute(cmd, environment={'JAVA_HOME': params.java64_home}, logoutput=True)
+          Logger.info('Ambari admin username and password are blank ')
+      else:
+        Logger.info('Ranger service is not started on given host')
     else:
-        Logger.info('Ranger admin not installed')
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-hive-plugin/ && sh disable-hive-plugin.sh')
+    
+    Execute(cmd, environment={'JAVA_HOME': params.java64_home}, logoutput=True)
+  else:
+    Logger.info('Ranger admin not installed')
 
 
 def write_properties_to_file(file_path, value):
-    for key in value:
-      modify_config(file_path, key, value[key])
+  for key in value:
+    modify_config(file_path, key, value[key])
 
 
 def modify_config(filepath, variable, setting):
-    var_found = False
-    already_set = False
-    V=str(variable)
-    S=str(setting)
-    # use quotes if setting has spaces #
-    if ' ' in S:
-        S = '%s' % S
-
-    for line in fileinput.input(filepath, inplace = 1):
-        # process lines that look like config settings #
-        if not line.lstrip(' ').startswith('#') and '=' in line:
-            _infile_var = str(line.split('=')[0].rstrip(' '))
-            _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-            # only change the first matching occurrence #
-            if var_found == False and _infile_var.rstrip(' ') == V:
-                var_found = True
-                # don't change it if it is already set #
-                if _infile_set.lstrip(' ') == S:
-                    already_set = True
-                else:
-                    line = "%s=%s\n" % (V, S)
-
-        sys.stdout.write(line)
-
-    # Append the variable if it wasn't found #
-    if not var_found:
-        with open(filepath, "a") as f:
-            f.write("%s=%s\n" % (V, S))
-    elif already_set == True:
-        pass
-    else:
-        pass
+  var_found = False
+  already_set = False
+  V=str(variable)
+  S=str(setting)
+  # use quotes if setting has spaces #
+  if ' ' in S:
+    S = '%s' % S
+
+  for line in fileinput.input(filepath, inplace = 1):
+    # process lines that look like config settings #
+    if not line.lstrip(' ').startswith('#') and '=' in line:
+      _infile_var = str(line.split('=')[0].rstrip(' '))
+      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+      # only change the first matching occurrence #
+      if var_found == False and _infile_var.rstrip(' ') == V:
+        var_found = True
+        # don't change it if it is already set #
+        if _infile_set.lstrip(' ') == S:
+          already_set = True
+        else:
+          line = "%s=%s\n" % (V, S)
 
-    return
+    sys.stdout.write(line)
 
-def ranger_hive_properties(params):
-    ranger_hive_properties = dict()
-
-    ranger_hive_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-    ranger_hive_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-    ranger_hive_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-    ranger_hive_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-    ranger_hive_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-    ranger_hive_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-    ranger_hive_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-    ranger_hive_properties['REPOSITORY_NAME']          = params.config['clusterName'] + '_hive'
-
-    ranger_hive_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-    ranger_hive_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-    ranger_hive_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-    ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-    ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-    ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-    ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-    ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-    ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-    ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-    ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-    ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-    ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-    
-
-    ranger_hive_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-    ranger_hive_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-    ranger_hive_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-    ranger_hive_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  # Append the variable if it wasn't found #
+  if not var_found:
+    with open(filepath, "a") as f:
+      f.write("%s=%s\n" % (V, S))
+  elif already_set == True:
+    pass
+  else:
+    pass
 
-    ranger_hive_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hive-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+  return
 
-    return ranger_hive_properties
+def ranger_hive_properties(params):
+  ranger_hive_properties = dict()
+
+  ranger_hive_properties['POLICY_MGR_URL']       = params.config['configurations']['admin-properties']['policymgr_external_url']
+  ranger_hive_properties['SQL_CONNECTOR_JAR']    = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
+  ranger_hive_properties['XAAUDIT.DB.FLAVOUR']     = params.config['configurations']['admin-properties']['DB_FLAVOR']
+  ranger_hive_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
+  ranger_hive_properties['XAAUDIT.DB.USER_NAME']   = params.config['configurations']['admin-properties']['audit_db_user']
+  ranger_hive_properties['XAAUDIT.DB.PASSWORD']    = params.config['configurations']['admin-properties']['audit_db_password']
+  ranger_hive_properties['XAAUDIT.DB.HOSTNAME']    = params.config['configurations']['admin-properties']['db_host']
+  ranger_hive_properties['REPOSITORY_NAME']      = str(params.config['clusterName']) + '_hive'
+
+  ranger_hive_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
+
+  ranger_hive_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
+  
+
+  ranger_hive_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
+  ranger_hive_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_PASSWORD']
+  ranger_hive_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
+  ranger_hive_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+
+  ranger_hive_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hive-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+
+  return ranger_hive_properties
 
 def hive_repo_properties(params):
 
-    hive_host = params.config['clusterHostInfo']['hive_server_host'][0]
+  hive_host = params.config['clusterHostInfo']['hive_server_host'][0]
 
-    config_dict = dict()
-    config_dict['username'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-    config_dict['password'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-    config_dict['jdbc.driverClassName'] = params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName']
-    config_dict['jdbc.url'] = 'jdbc:hive2://' + hive_host + ':10000'
-    config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate']
+  config_dict = dict()
+  config_dict['username'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+  config_dict['password'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+  config_dict['jdbc.driverClassName'] = params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName']
+  config_dict['jdbc.url'] = 'jdbc:hive2://' + hive_host + ':10000'
+  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate']
 
-    repo= dict()
-    repo['isActive']                = "true"
-    repo['config']                  = json.dumps(config_dict)
-    repo['description']             = "hive repo"
-    repo['name']                    = params.config['clusterName'] + '_hive'
-    repo['repositoryType']          = "Hive"
-    repo['assetType']               = '3'
+  repo= dict()
+  repo['isActive']        = "true"
+  repo['config']          = json.dumps(config_dict)
+  repo['description']       = "hive repo"
+  repo['name']          = str(params.config['clusterName']) + '_hive'
+  repo['repositoryType']      = "Hive"
+  repo['assetType']         = '3'
 
-    data = json.dumps(repo)
+  data = json.dumps(repo)
 
-    return data
+  return data

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py

@@ -148,14 +148,26 @@ if security_enabled:
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+user_input = default("/configurations/ranger-knox-plugin-properties/ranger-knox-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
-    # Setting Flag value for ranger hbase plugin
+  # Setting Flag value for ranger hbase plugin
+  enable_ranger_knox = False
+  user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled']
+  if user_input.lower() == 'yes':
+    enable_ranger_knox = True
+  elif user_input.lower() == 'no':
     enable_ranger_knox = False
-    user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled']
-    if user_input.lower() == 'yes':
-      enable_ranger_knox = True
-    elif user_input.lower() == 'no':
-      enable_ranger_knox = False
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = "mysql-connector-java.jar"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    
       

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py

@@ -8,7 +8,7 @@ to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+  http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,162 +22,184 @@ import fileinput
 import subprocess
 import json
 import re
+import os
 from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
 def setup_ranger_knox(env):
-    import params
-    env.set_params(params)
-
-    if params.has_ranger_admin:
-        try:
-            command = 'hdp-select status knox-server'
-            return_code, hdp_output = shell.call(command, timeout=20)
-        except Exception, e:
-            Logger.error(str(e))
-            raise Fail('Unable to execute hdp-select command to retrieve the version.')
-
-        if return_code != 0:
-            raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
-
-        hdp_version = re.sub('knox-server - ', '', hdp_output)
-        match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
-
-        if match is None:
-            raise Fail('Failed to get extracted version')
-
-        file_path = '/usr/hdp/'+ hdp_version +'/ranger-knox-plugin/install.properties'
-
-        ranger_knox_dict = ranger_knox_properties(params)
-        knox_repo_data = knox_repo_properties(params)       
-
-        write_properties_to_file(file_path, ranger_knox_dict)
-
-        if params.enable_ranger_knox:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh enable-knox-plugin.sh')
-            ranger_adm_obj = Rangeradmin(url=ranger_knox_dict['POLICY_MGR_URL'])
-            response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_knox_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
-
-            if response_code is not None and response_code == 200:
-                repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_knox_dict['REPOSITORY_NAME'], 'knox', 'true', 'admin:admin')
-
-                if repo and repo['name'] == ranger_knox_dict['REPOSITORY_NAME']:
-                    Logger.info('Knox Repository exist')
-                else:
-                    response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, 'admin:admin')
-                    if response is not None:
-                        Logger.info('Knox Repository created in Ranger Admin')
-                    else:
-                        Logger.info('Knox Repository creation failed in Ranger Admin')
+  import params
+  env.set_params(params)
+
+  if params.has_ranger_admin:
+
+    environment = {"no_proxy": format("{params.ambari_server_hostname}")}
+
+    Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o',
+            params.downloaded_custom_connector),
+            not_if=format("test -f {params.downloaded_custom_connector}"),
+            path=["/bin", "/usr/bin/"],
+            environment=environment,
+            sudo=True)
+
+    if not os.path.isfile(params.driver_curl_target):
+      Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+              path=["/bin", "/usr/bin/"],
+              sudo=True)
+
+    try:
+      command = 'hdp-select status knox-server'
+      return_code, hdp_output = shell.call(command, timeout=20)
+    except Exception, e:
+      Logger.error(str(e))
+      raise Fail('Unable to execute hdp-select command to retrieve the version.')
+
+    if return_code != 0:
+      raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+    hdp_version = re.sub('knox-server - ', '', hdp_output)
+    match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+
+    if match is None:
+      raise Fail('Failed to get extracted version')
+
+    file_path = '/usr/hdp/'+ hdp_version +'/ranger-knox-plugin/install.properties'
+
+    ranger_knox_dict = ranger_knox_properties(params)
+    knox_repo_data = knox_repo_properties(params)     
+
+    write_properties_to_file(file_path, ranger_knox_dict)
+
+    if params.enable_ranger_knox:
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh enable-knox-plugin.sh')
+      ranger_adm_obj = Rangeradmin(url=ranger_knox_dict['POLICY_MGR_URL'])
+      response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_knox_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
+
+      if response_code is not None and response_code == 200:
+        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
+        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
+        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
+        if ambari_ranger_admin != '' and ambari_ranger_password != '':
+          repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_knox_dict['REPOSITORY_NAME'], 'knox', 'true', ambari_username_password_for_ranger)
+          if repo and repo['name'] == ranger_knox_dict['REPOSITORY_NAME']:
+            Logger.info('Knox Repository exist')
+          else:
+            response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, ambari_username_password_for_ranger)
+            if response is not None:
+              Logger.info('Knox Repository created in Ranger Admin')
             else:
-                Logger.info('Ranger service is not started on given host')
+              Logger.info('Knox Repository creation failed in Ranger Admin')
         else:
-            cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh disable-knox-plugin.sh')
-
-        Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+          Logger.info('Ambari admin username and password are blank ')
+      else:
+        Logger.info('Ranger service is not started on given host')
     else:
-        Logger.info('Ranger admin not installed') 
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh disable-knox-plugin.sh')
+
+    Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+  else:
+    Logger.info('Ranger admin not installed') 
 
 
 def write_properties_to_file(file_path, value):
-    for key in value:
-      modify_config(file_path, key, value[key])
+  for key in value:
+    modify_config(file_path, key, value[key])
 
 
 def modify_config(filepath, variable, setting):
-    var_found = False
-    already_set = False
-    V=str(variable)
-    S=str(setting)
-    # use quotes if setting has spaces #
-    if ' ' in S:
-        S = '%s' % S
-
-    for line in fileinput.input(filepath, inplace = 1):
-        # process lines that look like config settings #
-        if not line.lstrip(' ').startswith('#') and '=' in line:
-            _infile_var = str(line.split('=')[0].rstrip(' '))
-            _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-            # only change the first matching occurrence #
-            if var_found == False and _infile_var.rstrip(' ') == V:
-                var_found = True
-                # don't change it if it is already set #
-                if _infile_set.lstrip(' ') == S:
-                    already_set = True
-                else:
-                    line = "%s=%s\n" % (V, S)
-
-        sys.stdout.write(line)
-
-    # Append the variable if it wasn't found #
-    if not var_found:
-        with open(filepath, "a") as f:
-            f.write("%s=%s\n" % (V, S))
-    elif already_set == True:
-        pass
-    else:
-        pass
+  var_found = False
+  already_set = False
+  V=str(variable)
+  S=str(setting)
+  # use quotes if setting has spaces #
+  if ' ' in S:
+    S = '%s' % S
+
+  for line in fileinput.input(filepath, inplace = 1):
+    # process lines that look like config settings #
+    if not line.lstrip(' ').startswith('#') and '=' in line:
+      _infile_var = str(line.split('=')[0].rstrip(' '))
+      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+      # only change the first matching occurrence #
+      if var_found == False and _infile_var.rstrip(' ') == V:
+        var_found = True
+        # don't change it if it is already set #
+        if _infile_set.lstrip(' ') == S:
+          already_set = True
+        else:
+          line = "%s=%s\n" % (V, S)
+
+    sys.stdout.write(line)
+
+  # Append the variable if it wasn't found #
+  if not var_found:
+    with open(filepath, "a") as f:
+      f.write("%s=%s\n" % (V, S))
+  elif already_set == True:
+    pass
+  else:
+    pass
 
-    return
+  return
 
 def ranger_knox_properties(params):
-    ranger_knox_properties = dict()
-
-    ranger_knox_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-    ranger_knox_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-    ranger_knox_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-    ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-    ranger_knox_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-    ranger_knox_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-    ranger_knox_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-    ranger_knox_properties['REPOSITORY_NAME']          = params.config['clusterName'] + '_knox'
-
-    ranger_knox_properties['KNOX_HOME'] = params.config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME']
-
-    ranger_knox_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-    ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-    ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-    ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-    ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-    ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-    ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-    ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-    ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-    ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-    ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-    ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-    ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-    
-
-    ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-    ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-    ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-    ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
-    
-
-    return ranger_knox_properties    
+  ranger_knox_properties = dict()
+
+  ranger_knox_properties['POLICY_MGR_URL']       = params.config['configurations']['admin-properties']['policymgr_external_url']
+  ranger_knox_properties['SQL_CONNECTOR_JAR']    = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
+  ranger_knox_properties['XAAUDIT.DB.FLAVOUR']     = params.config['configurations']['admin-properties']['DB_FLAVOR']
+  ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
+  ranger_knox_properties['XAAUDIT.DB.USER_NAME']   = params.config['configurations']['admin-properties']['audit_db_user']
+  ranger_knox_properties['XAAUDIT.DB.PASSWORD']    = params.config['configurations']['admin-properties']['audit_db_password']
+  ranger_knox_properties['XAAUDIT.DB.HOSTNAME']    = params.config['configurations']['admin-properties']['db_host']
+  ranger_knox_properties['REPOSITORY_NAME']      = str(params.config['clusterName']) + '_knox'
+
+  ranger_knox_properties['KNOX_HOME'] = params.config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME']
+
+  ranger_knox_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
+
+  ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
+  
+
+  ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
+  ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_PASSWORD']
+  ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
+  ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  
+
+  return ranger_knox_properties  
 
 def knox_repo_properties(params):
 
-    knoxHost = params.config['clusterHostInfo']['knox_gateway_hosts'][0]
-    knoxPort = params.config['configurations']['gateway-site']['gateway.port']
+  knoxHost = params.config['clusterHostInfo']['knox_gateway_hosts'][0]
+  knoxPort = params.config['configurations']['gateway-site']['gateway.port']
 
-    config_dict = dict()
-    config_dict['username'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-    config_dict['password'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-    config_dict['knox.url'] = 'https://' + knoxHost + ':' + str(knoxPort) +'/gateway/admin/api/v1/topologies'
-    config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate']
+  config_dict = dict()
+  config_dict['username'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+  config_dict['password'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+  config_dict['knox.url'] = 'https://' + knoxHost + ':' + str(knoxPort) +'/gateway/admin/api/v1/topologies'
+  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate']
 
-    repo= dict()
-    repo['isActive']                = "true"
-    repo['config']                  = json.dumps(config_dict)
-    repo['description']             = "knox repo"
-    repo['name']                    = params.config['clusterName'] + "_knox"
-    repo['repositoryType']          = "Knox"
-    repo['assetType']               = '5'
+  repo= dict()
+  repo['isActive']        = "true"
+  repo['config']          = json.dumps(config_dict)
+  repo['description']       = "knox repo"
+  repo['name']          = str(params.config['clusterName']) + "_knox"
+  repo['repositoryType']      = "Knox"
+  repo['assetType']         = '5'
 
-    data = json.dumps(repo)
+  data = json.dumps(repo)
 
-    return data
+  return data

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml

@@ -44,6 +44,20 @@
         <name>ranger_usersync_log_dir</name>
         <value>/var/log/ranger/usersync</value>
         <description></description>
-    </property>    
+    </property>
+
+        <property>
+        <name>ranger_admin_username</name>
+        <value>amb_ranger_admin</value>
+        <property-type>TEXT</property-type>
+        <description></description>
+    </property>
+
+    <property>
+        <name>ranger_admin_password</name>
+        <value>ambari123</value>
+        <property-type>PASSWORD</property-type>
+        <description></description>
+    </property>
 
 </configuration>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false">
+
+	<property>
+		<name>HTTP_SERVICE_PORT</name>
+		<value>6080</value>
+		<description>The http port to be used</description>
+	</property>
+
+	<property>
+		<name>HTTPS_SERVICE_PORT</name>
+		<value>6182</value>
+		<description>The secured https port to be used</description>
+	</property>
+
+    <property>
+		<name>HTTPS_KEYSTORE_FILE</name>
+		<value>/etc/ranger/admin/keys/server.jks</value>
+		<description>The keystore file location</description>
+	</property>
+
+    <property>
+		<name>HTTPS_KEYSTORE_PASS</name>
+		<value>ranger</value>
+		<description>The keystore pass to be used </description>
+	</property>
+
+    <property>
+		<name>HTTPS_KEY_ALIAS</name>
+		<value>myKey</value>
+		<description>The key alias to be used </description>
+	</property>
+
+    <property>
+		<name>HTTPS_CLIENT_AUTH</name>
+		<value>want</value>
+		<description>The client auth to be used </description>
+	</property>
+
+    <property>
+		<name>HTTP_ENABLED</name>
+		<value>true</value>
+		<description>http enabled or https enabled </description>
+	</property>
+
+
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml

@@ -70,6 +70,7 @@
 
             <configuration-dependencies>
                 <config-type>admin-properties</config-type>
+                <config-type>ranger-site</config-type>
                 <config-type>usersync-properties</config-type>
             </configuration-dependencies>
 

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py

@@ -30,6 +30,7 @@ stack_is_hdp22_or_further = hdp_stack_version != "" and compare_versions(hdp_sta
 
 if stack_is_hdp22_or_further:
 	ranger_home    = '/usr/hdp/current/ranger-admin'
+	ranger_conf    = '/etc/ranger/admin/conf'
 	ranger_stop    = '/usr/bin/ranger-admin-stop'
 	ranger_start   = '/usr/bin/ranger-admin-start'
 	usersync_home  = '/usr/hdp/current/ranger-usersync'
@@ -41,3 +42,14 @@ else:
 java_home = config['hostLevelParams']['java_home']
 unix_user  = default("/configurations/ranger-env/ranger_user", "ranger")
 unix_group = default("/configurations/ranger-env/ranger_group", "ranger")
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = "mysql-connector-java.jar"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py

@@ -25,33 +25,37 @@ from resource_management.core.logger import Logger
 from resource_management.core import shell
 from setup_ranger import setup_ranger
 
+
 class RangerAdmin(Script):
-    def install(self, env):
-        self.install_packages(env)
-        setup_ranger(env)
-
-    def stop(self, env):
-        import params
-        env.set_params(params)
-        Execute(format('{params.ranger_stop}'))
-
-    def start(self, env):
-        import params
-        setup_ranger(env)
-        Execute(format('{params.ranger_start}'))
-     
-    def status(self, env):
-        cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
-        code, output = shell.call(cmd, timeout=20)
-
-        if code != 0:
-            Logger.debug('Ranger admin process not running')
-            raise ComponentIsNotRunning()
-        pass 
-
-    def configure(self, env):
-        import params
-        env.set_params(params)
+  def install(self, env):
+    self.install_packages(env)
+    setup_ranger(env)
+
+  def stop(self, env):
+    import params
+
+    env.set_params(params)
+    Execute(format('{params.ranger_stop}'))
+
+  def start(self, env):
+    import params
+
+    setup_ranger(env)
+    Execute(format('{params.ranger_start}'))
+
+  def status(self, env):
+    cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
+    code, output = shell.call(cmd, timeout=20)
+
+    if code != 0:
+      Logger.debug('Ranger admin process not running')
+      raise ComponentIsNotRunning()
+    pass
+
+  def configure(self, env):
+    import params
+
+    env.set_params(params)
 
 
 if __name__ == "__main__":

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py

@@ -24,32 +24,36 @@ from resource_management.core.logger import Logger
 from resource_management.core import shell
 from setup_ranger import setup_usersync
 
+
 class RangerUsersync(Script):
-    def install(self, env):
-        self.install_packages(env)
-        setup_usersync(env)        
-
-    def stop(self, env):
-        import params
-        Execute(format('{params.usersync_stop}'))
-
-    def start(self, env):
-        import params
-        setup_usersync(env)
-        Execute(format('{params.usersync_start}'))
-     
-    def status(self, env):
-        cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
-        code, output = shell.call(cmd, timeout=20)        
-
-        if code != 0:
-            Logger.debug('Ranger usersync process not running')
-            raise ComponentIsNotRunning()
-        pass
-
-    def configure(self, env):
-        import params
-        env.set_params(params)
+  def install(self, env):
+    self.install_packages(env)
+    setup_usersync(env)
+
+  def stop(self, env):
+    import params
+
+    Execute(format('{params.usersync_stop}'))
+
+  def start(self, env):
+    import params
+
+    setup_usersync(env)
+    Execute(format('{params.usersync_start}'))
+
+  def status(self, env):
+    cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
+    code, output = shell.call(cmd, timeout=20)
+
+    if code != 0:
+      Logger.debug('Ranger usersync process not running')
+      raise ComponentIsNotRunning()
+    pass
+
+  def configure(self, env):
+    import params
+
+    env.set_params(params)
 
 
 if __name__ == "__main__":

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py

@@ -23,10 +23,11 @@ from resource_management import *
 class RangerServiceCheck(Script):
   def service_check(self, env):
     import params
+
     env.set_params(params)
     self.check_ranger_admin_service()
     self.check_ranger_usersync_service()
-    
+
   def check_ranger_admin_service(self):
     cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
     code, output = shell.call(cmd, timeout=20)
@@ -35,6 +36,7 @@ class RangerServiceCheck(Script):
     else:
       Logger.debug('Ranger admin process not running')
       raise ComponentIsNotRunning()
+
   pass
 
 
@@ -46,6 +48,7 @@ class RangerServiceCheck(Script):
     else:
       Logger.debug('Ranger usersync process not running')
       raise ComponentIsNotRunning()
+
   pass
 
 

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py

@@ -25,129 +25,188 @@ import os
 from resource_management import *
 from resource_management.core.logger import Logger
 
+
 def setup_ranger(env):
-    import params
-    env.set_params(params)
+  import params
+
+  env.set_params(params)
+
+  if check_db_connnection(env):
+
+    environment = {"no_proxy": format("{params.ambari_server_hostname}")}
+
+    Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o',
+            params.downloaded_custom_connector),
+            not_if=format("test -f {params.downloaded_custom_connector}"),
+            path=["/bin", "/usr/bin/"],
+            environment=environment,
+            sudo=True)
+
+    if not os.path.isfile(params.driver_curl_target):
+      Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+              path=["/bin", "/usr/bin/"],
+              sudo=True)
+
+    file_path = params.ranger_home + '/install.properties'
+
+    if os.path.isfile(file_path):
+      shutil.copyfile(file_path, params.ranger_home + '/install-bk.properties')
+    else:
+      raise Fail('Ranger admin install.properties file doesnot exist')
+
+    write_properties_to_file(file_path, params.config['configurations']['admin-properties'])
+
+    cmd = format('cd {ranger_home} && {ranger_home}/setup.sh')
+
+    try:
+      opt = Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+    except Exception, e:
+      if os.path.isfile(params.ranger_home + '/install-bk.properties'):
+        os.remove(file_path)
+        os.rename(params.ranger_home + '/install-bk.properties', file_path)
+      raise Fail('Ranger installation Failed, {0}'.format(str(e)))
+
+    do_post_installation(env)
+
+    if os.path.isfile(params.ranger_home + '/install-bk.properties'):
+      os.remove(file_path)
+      os.rename(params.ranger_home + '/install-bk.properties', file_path)
+    else:
+      raise Fail('Ranger admin install.properties backup file doesnot exist')
+
+
+def do_post_installation(env):
+  import params
+
+  env.set_params(params)
+  Logger.info('Performing Ranger post installation..')
+
+  file_path = params.ranger_conf + '/ranger_webserver.properties'
+  d = dict()
+  d['http.service.port'] = params.config['configurations']['ranger-site']['HTTP_SERVICE_PORT']
+  d['https.service.port'] = params.config['configurations']['ranger-site']['HTTPS_SERVICE_PORT']
+  d['https.attrib.keystoreFile'] = params.config['configurations']['ranger-site']['HTTPS_KEYSTORE_FILE']
+  d['https.attrib.keystorePass'] = params.config['configurations']['ranger-site']['HTTPS_KEYSTORE_PASS']
+  d['https.attrib.keyAlias'] = params.config['configurations']['ranger-site']['HTTPS_KEY_ALIAS']
+  d['https.attrib.clientAuth'] = params.config['configurations']['ranger-site']['HTTPS_CLIENT_AUTH']
+  write_properties_to_file(file_path, d)
+
+  d.clear();
+
+  file_path = params.ranger_conf + '/xa_system.properties'
+  d['http.enabled'] = params.config['configurations']['ranger-site']['HTTP_ENABLED']
+  write_properties_to_file(file_path, d)
+  Logger.info('Performing Ranger post installation..DONE')
 
-    if check_db_connnection(env):
-        file_path = params.ranger_home + '/install.properties'
 
-        if os.path.isfile(file_path):
-            shutil.copyfile(file_path, params.ranger_home + '/install-bk.properties')
-        else:
-            raise Fail('Ranger admin install.properties file doesnot exist')
-
-        write_properties_to_file(file_path, params.config['configurations']['admin-properties'])
-    
-        cmd = format('cd {ranger_home} && {ranger_home}/setup.sh')
-
-        try:
-           opt = Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
-        except Exception, e:
-            if os.path.isfile(params.ranger_home + '/install-bk.properties'):
-                os.remove(file_path)
-                os.rename(params.ranger_home + '/install-bk.properties', file_path)
-            raise Fail('Ranger installation Failed, {0}'.format(str(e)))
-
-        if os.path.isfile(params.ranger_home + '/install-bk.properties'):
-            os.remove(file_path)
-            os.rename(params.ranger_home + '/install-bk.properties', file_path)
-        else:
-            raise Fail('Ranger admin install.properties backup file doesnot exist')
-        
 def setup_usersync(env):
-    import params
-    env.set_params(params)
+  import params
+
+  env.set_params(params)
+
+  file_path = params.usersync_home + '/install.properties'
+  write_properties_to_file(file_path, usersync_properties(params))
+
+  cmd = format('cd {usersync_home} && {usersync_home}/setup.sh')
+  Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
-    file_path = params.usersync_home + '/install.properties'
-    write_properties_to_file(file_path, usersync_properties(params))
-    
-    cmd = format('cd {usersync_home} && {usersync_home}/setup.sh')
-    Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
 def write_properties_to_file(file_path, value):
-    for key in value:
-      modify_config(file_path, key, value[key])        
+  for key in value:
+    modify_config(file_path, key, value[key])
+
 
 def modify_config(filepath, variable, setting):
-    var_found = False
-    already_set = False
-    V=str(variable)
-    S=str(setting)
-
-    if ' ' in S:
-        S = '%s' % S
-
-    for line in fileinput.input(filepath, inplace = 1):
-        if not line.lstrip(' ').startswith('#') and '=' in line:
-            _infile_var = str(line.split('=')[0].rstrip(' '))
-            _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
-            if var_found == False and _infile_var.rstrip(' ') == V:
-                var_found = True
-                if _infile_set.lstrip(' ') == S:
-                    already_set = True
-                else:
-                    line = "%s=%s\n" % (V, S)
-
-        sys.stdout.write(line)
-
-    if not var_found:
-        with open(filepath, "a") as f:
-            f.write("%s=%s\n" % (V, S))
-    elif already_set == True:
-        pass
-    else:
-        pass
+  var_found = False
+  already_set = False
+  V = str(variable)
+  S = str(setting)
+
+  if ' ' in S:
+    S = '%s' % S
+
+  for line in fileinput.input(filepath, inplace=1):
+    if not line.lstrip(' ').startswith('#') and '=' in line:
+      _infile_var = str(line.split('=')[0].rstrip(' '))
+      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+      if var_found == False and _infile_var.rstrip(' ') == V:
+        var_found = True
+        if _infile_set.lstrip(' ') == S:
+          already_set = True
+        else:
+          line = "%s=%s\n" % (V, S)
+
+    sys.stdout.write(line)
+
+  if not var_found:
+    with open(filepath, "a") as f:
+      f.write("%s=%s\n" % (V, S))
+  elif already_set == True:
+    pass
+  else:
+    pass
+
+  return
 
-    return
 
 def usersync_properties(params):
-    d = dict()
-
-    d['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url']
-    
-    d['SYNC_SOURCE'] = params.config['configurations']['usersync-properties']['SYNC_SOURCE']
-    d['MIN_UNIX_USER_ID_TO_SYNC'] = params.config['configurations']['usersync-properties']['MIN_UNIX_USER_ID_TO_SYNC']
-    d['SYNC_INTERVAL'] = params.config['configurations']['usersync-properties']['SYNC_INTERVAL']
-    d['SYNC_LDAP_URL'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_URL']
-    d['SYNC_LDAP_BIND_DN'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_DN']
-    d['SYNC_LDAP_BIND_PASSWORD'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_PASSWORD']
-    d['CRED_KEYSTORE_FILENAME'] = params.config['configurations']['usersync-properties']['CRED_KEYSTORE_FILENAME']
-    d['SYNC_LDAP_USER_SEARCH_BASE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_BASE']
-    d['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_SCOPE']
-    d['SYNC_LDAP_USER_OBJECT_CLASS'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_OBJECT_CLASS']
-    d['SYNC_LDAP_USER_SEARCH_FILTER'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_FILTER']
-    d['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_NAME_ATTRIBUTE']
-    d['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE']
-    d['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USERNAME_CASE_CONVERSION']
-    d['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_GROUPNAME_CASE_CONVERSION']
-    d['logdir'] = params.config['configurations']['usersync-properties']['logdir']
-
-    return d
+  d = dict()
+
+  d['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url']
+
+  d['SYNC_SOURCE'] = params.config['configurations']['usersync-properties']['SYNC_SOURCE']
+  d['MIN_UNIX_USER_ID_TO_SYNC'] = params.config['configurations']['usersync-properties']['MIN_UNIX_USER_ID_TO_SYNC']
+  d['SYNC_INTERVAL'] = params.config['configurations']['usersync-properties']['SYNC_INTERVAL']
+  d['SYNC_LDAP_URL'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_URL']
+  d['SYNC_LDAP_BIND_DN'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_DN']
+  d['SYNC_LDAP_BIND_PASSWORD'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_PASSWORD']
+  d['CRED_KEYSTORE_FILENAME'] = params.config['configurations']['usersync-properties']['CRED_KEYSTORE_FILENAME']
+  d['SYNC_LDAP_USER_SEARCH_BASE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_BASE']
+  d['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_USER_SEARCH_SCOPE']
+  d['SYNC_LDAP_USER_OBJECT_CLASS'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_USER_OBJECT_CLASS']
+  d['SYNC_LDAP_USER_SEARCH_FILTER'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_USER_SEARCH_FILTER']
+  d['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_USER_NAME_ATTRIBUTE']
+  d['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE']
+  d['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_USERNAME_CASE_CONVERSION']
+  d['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties'][
+    'SYNC_LDAP_GROUPNAME_CASE_CONVERSION']
+  d['logdir'] = params.config['configurations']['usersync-properties']['logdir']
+
+  return d
+
 
 def check_db_connnection(env):
-    import params
-    env.set_params(params)
-    
-    db_root_password = params.config['configurations']['admin-properties']["db_root_password"]
-    db_root_user = params.config['configurations']['admin-properties']["db_root_user"]
-    db_host = params.config['configurations']['admin-properties']['db_host']
-    sql_command_invoker = params.config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
-
-    Logger.info('Checking MYSQL root password')
-
-    cmd_str = "\""+sql_command_invoker+"\""+" -u "+db_root_user+" --password="+db_root_password+" -h "+db_host+" -s -e \"select version();\""
-    status, output = get_status_output(cmd_str)
-    
-    if status == 0:
-        Logger.info('Checking MYSQL root password DONE')
-        return True 
-    else:
-        Logger.info('Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host and DB server running on DB Host')
-        sys.exit(1)
+  import params
+
+  env.set_params(params)
+
+  db_root_password = params.config['configurations']['admin-properties']["db_root_password"]
+  db_root_user = params.config['configurations']['admin-properties']["db_root_user"]
+  db_host = params.config['configurations']['admin-properties']['db_host']
+  sql_command_invoker = params.config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+
+  Logger.info('Checking MYSQL root password')
+
+  cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\""
+  status, output = get_status_output(cmd_str)
+
+  if status == 0:
+    Logger.info('Checking MYSQL root password DONE')
+    return True
+  else:
+    Logger.info(
+      'Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host and DB server running on DB Host')
+    sys.exit(1)
+
 
 def get_status_output(cmd):
-    import subprocess
+  import subprocess
 
-    ret = subprocess.call(cmd, shell=True)
-    return ret, ret
+  ret = subprocess.call(cmd, shell=True)
+  return ret, ret

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml

@@ -120,6 +120,7 @@
       <configuration-dependencies>
         <config-type>storm-site</config-type>
         <config-type>storm-env</config-type>
+        <config-type>ranger-storm-plugin-properties</config-type>
       </configuration-dependencies>
     </service>
   </services>

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py

@@ -30,6 +30,7 @@ from service import service
 from resource_management.libraries.functions.security_commons import build_expectations, \
   cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \
   FILE_TYPE_JAAS_CONF
+from setup_ranger_storm import setup_ranger_storm  
 
 class Nimbus(Script):
 
@@ -57,7 +58,7 @@ class Nimbus(Script):
     import params
     env.set_params(params)
     self.configure(env)
-
+    setup_ranger_storm(env)    
     service("nimbus", action="start")
 
   def stop(self, env, rolling_restart=False):

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py

@@ -26,6 +26,7 @@ import status_params
 
 # server configurations
 config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
 
 stack_name = default("/hostLevelParams/stack_name", None)
 
@@ -94,3 +95,28 @@ ams_collector_hosts = default("/clusterHostInfo/metric_collector_hosts", [])
 has_metric_collector = not len(ams_collector_hosts) == 0
 if has_metric_collector:
   metric_collector_host = ams_collector_hosts[0]
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+user_input = default("/configurations/ranger-storm-plugin-properties/ranger-storm-plugin-enabled", "no")
+
+if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
+  # setting flag value for ranger hive plugin
+  enable_ranger_storm = False
+  user_input = config['configurations']['ranger-storm-plugin-properties']['ranger-storm-plugin-enabled']
+  if user_input.lower() == 'yes':
+    enable_ranger_storm = True
+  elif user_input.lower() == 'no':
+    enable_ranger_storm = False
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = "mysql-connector-java.jar"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py

@@ -0,0 +1,206 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+import sys
+import fileinput
+import subprocess
+import json
+import re
+import os
+from resource_management import *
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions.ranger_functions import Rangeradmin
+
+def setup_ranger_storm(env):
+  import params
+  env.set_params(params)
+
+  if params.has_ranger_admin and params.security_enabled:
+
+    environment = {"no_proxy": format("{params.ambari_server_hostname}")}
+
+    Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o',
+            params.downloaded_custom_connector),
+            not_if=format("test -f {params.downloaded_custom_connector}"),
+            path=["/bin", "/usr/bin/"],
+            environment=environment,
+            sudo=True)
+
+    if not os.path.isfile(params.driver_curl_target):
+      Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
+              path=["/bin", "/usr/bin/"],
+              sudo=True)
+
+    try:
+      command = 'hdp-select status storm-nimbus'
+      return_code, hdp_output = shell.call(command)
+    except Exception, e:
+      Logger.error(str(e))
+      raise Fail('Unable to execute hdp-select command to retrieve the version.')
+
+    if return_code != 0:
+      raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+    cmd_split = hdp_output.strip().split( ) 
+    hdp_version = cmd_split[2]
+
+    match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+
+    if match is None:
+      raise Fail('Failed to get extracted version')
+
+    file_path = '/usr/hdp/'+ hdp_version +'/ranger-storm-plugin/install.properties'
+
+    ranger_storm_dict = ranger_storm_properties(params)
+    storm_repo_data = storm_repo_properties(params)        
+
+    write_properties_to_file(file_path, ranger_storm_dict)
+
+    if params.enable_ranger_storm:            
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-storm-plugin/ && sh enable-storm-plugin.sh')
+      ranger_adm_obj = Rangeradmin(url=ranger_storm_dict['POLICY_MGR_URL'])
+      response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_storm_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
+
+      if response_code is not None and response_code == 200:      
+        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
+        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
+        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
+        if ambari_ranger_admin != '' and ambari_ranger_password != '':
+          repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_storm_dict['REPOSITORY_NAME'], 'storm', 'true', ambari_username_password_for_ranger)
+          if repo and repo['name'] == ranger_storm_dict['REPOSITORY_NAME']:
+            Logger.info('STORM Repository exist')
+          else:
+            response = ranger_adm_obj.create_repository_urllib2(storm_repo_data, ambari_username_password_for_ranger)
+            if response is not None:
+              Logger.info('STORM Repository created in Ranger Admin')
+            else:
+              Logger.info('STORM Repository creation failed in Ranger Admin')
+        else:
+          Logger.info('Ambari admin username and password are blank ')
+      else:
+        Logger.info('Ranger service is not started on given host')                                        
+    else:
+      cmd = format('cd /usr/hdp/{hdp_version}/ranger-storm-plugin/ && sh disable-storm-plugin.sh')
+
+    Execute(cmd, environment={'JAVA_HOME': params.java64_home}, logoutput=True)            
+  else:
+    Logger.info('Ranger admin not installed or security is not enabled')
+
+
+def write_properties_to_file(file_path, value):
+  for key in value:
+    modify_config(file_path, key, value[key])
+
+
+def modify_config(filepath, variable, setting):
+  var_found = False
+  already_set = False
+  V=str(variable)
+  S=str(setting)
+  # use quotes if setting has spaces #
+  if ' ' in S:
+    S = '%s' % S
+
+  for line in fileinput.input(filepath, inplace = 1):
+    # process lines that look like config settings #
+    if not line.lstrip(' ').startswith('#') and '=' in line:
+      _infile_var = str(line.split('=')[0].rstrip(' '))
+      _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+      # only change the first matching occurrence #
+      if var_found == False and _infile_var.rstrip(' ') == V:
+        var_found = True
+        # don't change it if it is already set #
+        if _infile_set.lstrip(' ') == S:
+          already_set = True
+        else:
+          line = "%s=%s\n" % (V, S)
+
+    sys.stdout.write(line)
+
+  # Append the variable if it wasn't found #
+  if not var_found:
+    with open(filepath, "a") as f:
+      f.write("%s=%s\n" % (V, S))
+  elif already_set == True:
+    pass
+  else:
+    pass
+
+  return
+
+def ranger_storm_properties(params):
+  ranger_storm_properties = dict()
+
+  ranger_storm_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
+  ranger_storm_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
+  ranger_storm_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
+  ranger_storm_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
+  ranger_storm_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
+  ranger_storm_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
+  ranger_storm_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
+  ranger_storm_properties['REPOSITORY_NAME']          = str(params.config['clusterName']) + '_storm'
+
+  ranger_storm_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
+
+  ranger_storm_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
+  
+
+  ranger_storm_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
+  ranger_storm_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_KEYSTORE_PASSWORD']
+  ranger_storm_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
+  ranger_storm_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+
+  return ranger_storm_properties
+
+
+def storm_repo_properties(params):
+
+  storm_ui_server_host = params.config['clusterHostInfo']['storm_ui_server_hosts'][0]
+
+  config_dict = dict()
+  config_dict['username'] = params.config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+  config_dict['password'] = params.config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
+  config_dict['nimbus.url'] = 'http://' + storm_ui_server_host + ':' + str(params.config['configurations']['storm-site']['ui.port'])
+  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-storm-plugin-properties']['common.name.for.certificate']
+
+
+  repo = dict()
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "storm repo"
+  repo['name'] = str(params.config['clusterName']) + "_storm"
+  repo['repositoryType'] = "Storm"
+  repo['assetType'] = '6'
+
+  data = json.dumps(repo)
+
+  return data    

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py

@@ -30,7 +30,7 @@ from resource_management.libraries.functions.version import compare_versions, fo
 from resource_management.libraries.functions.security_commons import build_expectations, \
   cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \
   FILE_TYPE_JAAS_CONF
-
+from setup_ranger_storm import setup_ranger_storm
 
 class UiServer(Script):
 
@@ -58,7 +58,7 @@ class UiServer(Script):
     import params
     env.set_params(params)
     self.configure(env)
-
+    setup_ranger_storm(env)    
     service("ui", action="start")
 
   def stop(self, env, rolling_restart=False):

ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml

@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+
+	<property>
+	    <name>common.name.for.certificate</name>
+      	<value>-</value>
+	    <description>Used for repository creation on ranger admin</description>
+	</property>	
+	
+	<property>
+		<name>ranger-storm-plugin-enabled</name>
+		<value>No</value>
+		<description>Enable ranger storm plugin ?</description>
+	</property>
+
+	<property>
+		<name>REPOSITORY_CONFIG_USERNAME</name>
+		<value>stormclient@EXAMPLE.COM</value>
+		<description>Used for repository creation on ranger admin</description>
+	</property>
+	
+	<property>
+		<name>REPOSITORY_CONFIG_PASSWORD</name>
+		<value>stormclient</value>
+		<property-type>PASSWORD</property-type>
+		<description>Used for repository creation on ranger admin</description>
+	</property>	
+
+	<property>
+		<name>XAAUDIT.DB.IS_ENABLED</name>
+		<value>true</value>
+		<description></description>
+	</property>	
+
+	<property>
+		<name>XAAUDIT.HDFS.IS_ENABLED</name>
+		<value>false</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+		<value>%hostname%-audit.log</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+		<value>900</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+		<value>86400</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+		<value>60</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+		<value>60</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+		<value>600</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+		<value>10</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>SSL_KEYSTORE_FILE_PATH</name>
+		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>SSL_KEYSTORE_PASSWORD</name>
+		<value>myKeyFilePassword</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>SSL_TRUSTSTORE_FILE_PATH</name>
+		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+		<description></description>
+	</property>
+
+	<property>
+		<name>SSL_TRUSTSTORE_PASSWORD</name>
+		<value>changeit</value>
+		<description></description>
+	</property>
+
+</configuration>	

ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py

@@ -48,14 +48,15 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
     putHDFSProperty = self.putProperty(configurations, "hadoop-env")
     putHDFSProperty('namenode_opt_maxnewsize', max(int(clusterData['totalAvailableRam'] / 8), 256))
     servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-    if 'ranger-hdfs-plugin-properties' in services['configurations']:
+    if ('ranger-hdfs-plugin-properties' in services['configurations']) and ('ranger-hdfs-plugin-enabled' in services['configurations']['ranger-hdfs-plugin-properties']['properties']):
       rangerPluginEnabled = services['configurations']['ranger-hdfs-plugin-properties']['properties']['ranger-hdfs-plugin-enabled']
       if ("RANGER" in servicesList) and (rangerPluginEnabled.lower() == 'Yes'.lower()):
         putHDFSProperty("dfs.permissions.enabled",'true')
 
   def recommendHIVEConfigurations(self, configurations, clusterData, services, hosts):
+    super(HDP22StackAdvisor, self).recommendHiveConfigurations(configurations, clusterData, services, hosts)
     servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-    if 'ranger-hive-plugin-properties' in services['configurations']:
+    if 'ranger-hive-plugin-properties' in services['configurations'] and ('ranger-hive-plugin-enabled' in services['configurations']['ranger-hive-plugin-properties']['properties']):
       rangerPluginEnabled = services['configurations']['ranger-hive-plugin-properties']['properties']['ranger-hive-plugin-enabled']
       if ("RANGER" in servicesList) :
         if (rangerPluginEnabled.lower() == "Yes".lower()):
@@ -68,16 +69,17 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
           putHiveProperty("hive.security.authenticator.manager", 'org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator')
 
   def recommendHBASEConfigurations(self, configurations, clusterData, services, hosts):
+    super(HDP22StackAdvisor, self).recommendHbaseEnvConfigurations(configurations, clusterData, services, hosts)
     putHbaseSiteProperty = self.putProperty(configurations, "hbase-site")
     putHbaseSiteProperty("hbase.regionserver.global.memstore.upperLimit", '0.4')
 
     servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-    if 'ranger-hbase-plugin-properties' in services['configurations']:
+    if 'ranger-hbase-plugin-properties' in services['configurations'] and ('ranger-hbase-plugin-enabled' in services['configurations']['ranger-hbase-plugin-properties']['properties']):
       rangerPluginEnabled = services['configurations']['ranger-hbase-plugin-properties']['properties']['ranger-hbase-plugin-enabled']
       if ("RANGER" in servicesList) and (rangerPluginEnabled.lower() == "Yes".lower()):
-          putHbaseSiteProperty("hbase.security.authorization", 'true')
-          putHbaseSiteProperty("hbase.coprocessor.master.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor')
-          putHbaseSiteProperty("hbase.coprocessor.region.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor')
+        putHbaseSiteProperty("hbase.security.authorization", 'true')
+        putHbaseSiteProperty("hbase.coprocessor.master.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor')
+        putHbaseSiteProperty("hbase.coprocessor.region.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor')
 
   def recommendTezConfigurations(self, configurations, clusterData, services, hosts):
     putTezProperty = self.putProperty(configurations, "tez-site")
@@ -368,6 +370,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
     return self.toConfigurationValidationProblems(validationItems, "hdfs-site")
 
   def validateHIVEConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
+    super(HDP22StackAdvisor, self).validateHiveConfigurations(properties, recommendedDefaults, configurations, services, hosts)
     hive_server2 = properties
     validationItems = [] 
     #Adding Ranger Plugin logic here 
@@ -411,6 +414,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
     return self.toConfigurationValidationProblems(validationItems, "hiveserver2-site")
 
   def validateHBASEConfigurations(self, properties, recommendedDefaults, configurations, services, hosts):
+    super(HDP22StackAdvisor, self).validateHbaseEnvConfigurations(properties, recommendedDefaults, configurations, services, hosts)
     hbase_site = properties
     validationItems = []
 

ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json

@@ -213,6 +213,9 @@
             "storm_pid_dir": "/var/run/storm",
             "storm_user": "storm"
         },
+        "ranger-storm-plugin-properties" : {
+            "ranger-storm-plugin-enabled":"no"
+        },
         "core-site": {
             "io.serializations": "org.apache.hadoop.io.serializer.WritableSerialization",
             "fs.trash.interval": "360",

ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json

@@ -223,6 +223,9 @@
             "nimbus_keytab": "/etc/security/keytabs/nimbus.service.keytab", 
             "storm_keytab": "/etc/security/keytabs/storm.service.keytab", 
             "storm_ui_principal_name": "HTTP/_HOST"
+        },
+        "ranger-storm-plugin-properties" : {
+            "ranger-storm-plugin-enabled":"yes"
         }, 
         "core-site": {
             "io.serializations": "org.apache.hadoop.io.serializer.WritableSerialization",