AMBARI-11685. AMBARI-11685 : YARN repo in Ranger Admin neds to have the right value for YARN REST URL (aonishuk)

ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml

@@ -64,7 +64,7 @@
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
-    <value>/var/log/kms/audit/db/spool</value>
+    <value>/var/log/ranger/kms/audit/db/spool</value>
     <description></description>
   </property>
 
@@ -82,7 +82,7 @@
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
-    <value>/var/log/kms/audit/hdfs/spool</value>
+    <value>/var/log/ranger/kms/audit/hdfs/spool</value>
     <description></description>
   </property>
 
@@ -106,7 +106,7 @@
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
-    <value>/var/log/kms/audit/solr/spool</value>
+    <value>/var/log/ranger/kms/audit/solr/spool</value>
     <description></description>
   </property>  
 

ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py

@@ -298,11 +298,16 @@ if has_ranger_admin:
     ranger_env = config['configurations']['ranger-env']
     ranger_plugin_properties = config['configurations']['ranger-yarn-plugin-properties']
     policy_user = config['configurations']['ranger-yarn-plugin-properties']['policy_user']
+    yarn_rest_url = config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address']
+    yarn_http_policy = config['configurations']['yarn-site']['yarn.http.policy']
+    scheme = 'http'
+    if yarn_http_policy.upper() == 'HTTPS_ONLY':
+      scheme = 'https'    
 
     ranger_plugin_config = {
       'username' : config['configurations']['ranger-yarn-plugin-properties']['REPOSITORY_CONFIG_USERNAME'],
       'password' : unicode(config['configurations']['ranger-yarn-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']),
-      'yarn.url' : config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'],
+      'yarn.url' : format('{scheme}://{yarn_rest_url}'),
       'commonNameForCertificate' : config['configurations']['ranger-yarn-plugin-properties']['common.name.for.certificate']
     }
 

ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml

@@ -21,7 +21,7 @@
 
 	<property>
 		<name>hadoop.rpc.protection</name>
-		<value>-</value>
+		<value></value>
 		<description>Used for repository creation on ranger admin
 		</description>
 	</property>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml

@@ -29,6 +29,7 @@
 	<property>
 		<name>xasecure.policymgr.clientssl.keystore.password</name>
 		<value>myKeyFilePassword</value>
+		<property-type>PASSWORD</property-type>
 		<description>password for keystore</description>
 	</property>
 
@@ -41,6 +42,7 @@
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore.password</name>
 		<value>changeit</value>
+		<property-type>PASSWORD</property-type>
 		<description>java  truststore password</description>
 	</property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml

@@ -29,6 +29,7 @@
 	<property>
 		<name>xasecure.policymgr.clientssl.keystore.password</name>
 		<value>myKeyFilePassword</value>
+		<property-type>PASSWORD</property-type>
 		<description>password for keystore</description>
 	</property>
 
@@ -41,6 +42,7 @@
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore.password</name>
 		<value>changeit</value>
+		<property-type>PASSWORD</property-type>
 		<description>java  truststore password</description>
 	</property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml

@@ -29,6 +29,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.keystore.password</name>
     <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
     <description>password for keystore</description>
   </property>
 
@@ -41,6 +42,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
+    <property-type>PASSWORD</property-type>
     <description>java  truststore password</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml

@@ -28,13 +28,13 @@
 
   <property>
     <name>hadoop.rpc.protection</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
 
   <property>
     <name>common.name.for.certificate</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
   

ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml

@@ -29,6 +29,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.keystore.password</name>
     <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
     <description>password for keystore</description>
   </property>
 
@@ -41,6 +42,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
+    <property-type>PASSWORD</property-type>
     <description>java  truststore password</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml

@@ -29,6 +29,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.keystore.password</name>
     <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
     <description>password for keystore</description>
   </property>
 
@@ -41,6 +42,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
+    <property-type>PASSWORD</property-type>
     <description>java  truststore password</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml

@@ -56,19 +56,20 @@
 
   <property>
     <name>ranger.service.https.attrib.keystore.keyalias</name>
-    <value>mkey</value>
+    <value>rangeradmin</value>
     <description></description>
   </property>
 
   <property>
     <name>ranger.service.https.attrib.keystore.pass</name>
-    <value>ranger</value>
+    <value>xasecure</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 
   <property>
     <name>ranger.https.attrib.keystore.file</name>
-    <value>/etc/ranger/admin/keys/server.jks</value>
+    <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
     <description></description>
   </property>
 
@@ -251,6 +252,7 @@
   <property>
     <name>ranger.audit.solr.password</name>
     <value>NONE</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property> 
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml

@@ -29,6 +29,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.keystore.password</name>
     <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
     <description>password for keystore</description>
   </property>
 
@@ -41,6 +42,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
+    <property-type>PASSWORD</property-type>
     <description>java  truststore password</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml

@@ -47,6 +47,7 @@
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
+    <property-type>PASSWORD</property-type>
     <description></description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml

@@ -28,7 +28,7 @@
 
   <property>
     <name>hadoop.rpc.protection</name>
-    <value>-</value>
+    <value></value>
     <description>Used for repository creation on ranger admin</description>
   </property>
 

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml

@@ -29,6 +29,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.keystore.password</name>
     <value>myKeyFilePassword</value>
+    <property-type>PASSWORD</property-type>
     <description>password for keystore</description>
   </property>
 
@@ -41,6 +42,7 @@
   <property>
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
+    <property-type>PASSWORD</property-type>
     <description>java  truststore password</description>
   </property>
 

ambari-web/app/data/HDP2.2/site_properties.js

@@ -805,6 +805,15 @@ hdp22properties.push(
     "serviceName": "HDFS",
     "filename": "ranger-hdfs-plugin-properties.xml"
   },
+  {
+    "id": "site property",
+    "name": "hadoop.rpc.protection",
+    "displayName": "hadoop.rpc.protection",
+    "category": "Advanced ranger-hdfs-plugin-properties",
+    "isRequired": false,
+    "serviceName": "HDFS",
+    "filename": "ranger-hdfs-plugin-properties.xml"
+  },  
   {
     "id": "site property",
     "name": "common.name.for.certificate",

ambari-web/app/data/HDP2.3/site_properties.js

@@ -420,6 +420,33 @@ hdp23properties.push({
     "category": "Advanced ranger-kafka-audit",
     "serviceName": "KAFKA"
   },
+  {
+    "id": "site property",
+    "name": "hadoop.rpc.protection",
+    "displayName": "hadoop.rpc.protection",
+    "isRequired": false,
+    "filename": "ranger-kafka-plugin-properties.xml",
+    "category": "Advanced ranger-kafka-plugin-properties",
+    "serviceName": "KAFKA"
+  },
+  {
+    "id": "site property",
+    "name": "common.name.for.certificate",
+    "displayName": "common.name.for.certificate",
+    "isRequired": false,
+    "filename": "ranger-kafka-plugin-properties.xml",
+    "category": "Advanced ranger-kafka-plugin-properties",
+    "serviceName": "KAFKA"
+  },
+  {
+    "id": "site property",
+    "name": "hadoop.rpc.protection",
+    "displayName": "hadoop.rpc.protection",
+    "isRequired": false,
+    "filename": "ranger-yarn-plugin-properties.xml",
+    "category": "Advanced ranger-yarn-plugin-properties",
+    "serviceName": "KAFKA"
+  },
   {
     "id": "site property",
     "name": "xasecure.audit.provider.summary.enabled",