AMBARI-9343. Externalize username and password used in Ranger install. (Gautam Borad via yusaku)

AMBARI-9475. Upgrade pack definition for Ranger. (Velmurugan Periasamy via yusaku)
AMBARI-9476. Use JDBC driver symbolic link instead of filename in ranger install. (Velmurugan Periasamy via yusaku)

ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py

@@ -50,7 +50,7 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code = result.getcode()
       response = json.loads(result.read())
@@ -65,25 +65,25 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error : %s" % (e.reason))
+        Logger.error("Error : {0}".format(e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
       return None
 
-  def create_repository_urllib2(self, data, usernamepassword):
+  def create_repository_urllib2(self, data, usernamepassword, policy_user):
     try:
       searchRepoURL = self.urlReposPub
-      base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+      base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
       headers = {
         'Accept': 'application/json',
         "Content-Type": "application/json"
       }
       request = urllib2.Request(searchRepoURL, data, headers)
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code = result.getcode()
       response = json.loads(json.JSONEncoder().encode(result.read()))
@@ -99,7 +99,7 @@ class Rangeradmin:
         if (len(policyList)) > 0:
           policiesUpdateCount = 0
           for policy in policyList:
-            updatedPolicyObj = self.get_policy_params(typeOfPolicy, policy)
+            updatedPolicyObj = self.get_policy_params(typeOfPolicy, policy, policy_user)
             policyResCode, policyResponse = self.update_ranger_policy(updatedPolicyObj['id'],
                                                                       json.dumps(updatedPolicyObj), usernamepassword)
             if policyResCode == 200:
@@ -121,10 +121,10 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".foramt(e.read()))
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -136,17 +136,17 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response = result.read()
       response_code = result.getcode()
       return response_code, response
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error : %s" % (e.reason))
+        Logger.error("Error : {0}".format(e.reason))
       return None, None
     except httplib.BadStatusLine, e:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -159,7 +159,7 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code = result.getcode()
       response = json.loads(result.read())
@@ -169,10 +169,10 @@ class Rangeradmin:
         return None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
       return None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
@@ -181,13 +181,13 @@ class Rangeradmin:
   def update_ranger_policy(self, policyId, data, usernamepassword):
     try:
       searchRepoURL = self.urlPolicies + "/" + str(policyId)
-      base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+      base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
       headers = {
         'Accept': 'application/json',
         "Content-Type": "application/json"
       }
       request = urllib2.Request(searchRepoURL, data, headers)
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       request.get_method = lambda: 'PUT'
       result = urllib2.urlopen(request)
       response_code = result.getcode()
@@ -200,30 +200,30 @@ class Rangeradmin:
         return None, None
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
       return None, None
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")
       return None, None
 
-  def get_policy_params(self, typeOfPolicy, policyObj):
+  def get_policy_params(self, typeOfPolicy, policyObj, policy_user):
 
     typeOfPolicy = typeOfPolicy.lower()
     if typeOfPolicy == "hdfs":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Read', 'Write', 'Execute', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': [policy_user], 'permList': ['Read', 'Write', 'Execute', 'Admin']}]
     elif typeOfPolicy == "hive":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'],
+      policyObj['permMapList'] = [{'userList': [policy_user],
                                    'permList': ['Select', 'Update', 'Create', 'Drop', 'Alter', 'Index', 'Lock', 'All',
                                                 'Admin']}]
     elif typeOfPolicy == "hbase":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Read', 'Write', 'Create', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': [policy_user], 'permList': ['Read', 'Write', 'Create', 'Admin']}]
     elif typeOfPolicy == "knox":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa'], 'permList': ['Allow', 'Admin']}]
+      policyObj['permMapList'] = [{'userList': [policy_user], 'permList': ['Allow', 'Admin']}]
     elif typeOfPolicy == "storm":
-      policyObj['permMapList'] = [{'userList': ['ambari-qa', 'storm'],
+      policyObj['permMapList'] = [{'userList': [policy_user],
                                    'permList': ['SubmitTopology', 'FileUpload', 'GetNimbusConf', 'GetClusterInfo',
                                                 'FileDownload', 'KillTopology', 'Rebalance', 'Activate', 'Deactivate',
                                                 'GetTopologyConf', 'GetTopology', 'GetUserTopology',
@@ -238,7 +238,7 @@ class Rangeradmin:
       base64string = base64.encodestring(usernamepassword).replace('\n', '')
       request.add_header("Content-Type", "application/json")
       request.add_header("Accept", "application/json")
-      request.add_header("Authorization", "Basic %s" % base64string)
+      request.add_header("Authorization", "Basic {0}".format(base64string))
       result = urllib2.urlopen(request)
       response_code =  result.getcode()
       response = json.loads(result.read())
@@ -267,13 +267,13 @@ class Rangeradmin:
           admin_user['description'] = ambari_admin_username
           admin_user['firstName'] = ambari_admin_username
           data =  json.dumps(admin_user)
-          base64string = base64.encodestring('%s' % (usernamepassword)).replace('\n', '')
+          base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
           headers = {
-	          'Accept': 'application/json',
-	          "Content-Type": "application/json"
+            'Accept': 'application/json',
+            "Content-Type": "application/json"
           }
           request = urllib2.Request(url, data, headers)
-          request.add_header("Authorization", "Basic %s" % base64string)
+          request.add_header("Authorization", "Basic {0}".format(base64string))
           result = urllib2.urlopen(request)
           response_code =  result.getcode()
           response = json.loads(json.JSONEncoder().encode(result.read()))
@@ -289,11 +289,11 @@ class Rangeradmin:
 
     except urllib2.URLError, e:
       if isinstance(e, urllib2.HTTPError):
-        Logger.error("HTTP Code: %s" % e.code)
-        Logger.error("HTTP Data: %s" % e.read())
+        Logger.error("HTTP Code: {0}".format(e.code))
+        Logger.error("HTTP Data: {0}".format(e.read()))
         return '',''
       else:
-        Logger.error("Error: %s" % (e.reason))
+        Logger.error("Error: {0}".format(e.reason))
         return '',''
     except httplib.BadStatusLine:
       Logger.error("Ranger Admin service is not reachable, please restart the service and then try again")

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py

@@ -52,7 +52,7 @@ class HbaseMaster(Script):
     import params
     env.set_params(params)
     self.configure(env) # for security
-    setup_ranger_hbase(env)  
+    setup_ranger_hbase()  
     hbase_service( 'master',
       action = 'start'
     )

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py

@@ -57,7 +57,7 @@ class HbaseRegionServer(Script):
     import params
     env.set_params(params)
     self.configure(env) # for security
-    setup_ranger_hbase(env)  
+    setup_ranger_hbase()  
     hbase_service( 'regionserver',
       action = 'start'
     )

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params.py

@@ -164,14 +164,13 @@ if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
     region_drainer = format("/usr/hdp/current/hbase-{role_root}/bin/draining_servers.rb")
     hbase_cmd = format("/usr/hdp/current/hbase-{role_root}/bin/hbase")
 
-user_input = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled","no")
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # Setting Flag value for ranger hbase plugin
   enable_ranger_hbase = False
-  user_input = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']
-  if user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-hbase-plugin-properties/ranger-hbase-plugin-enabled","no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_hbase = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_hbase = False
 
 # ranger host
@@ -180,11 +179,63 @@ has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
+
+# ranger hbase properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_hbase'
+db_enabled = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-hbase-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-hbase-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-hbase-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-hbase-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-hbase-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+grant_revoke = default("/configurations/ranger-hbase-plugin-properties/UPDATE_XAPOLICIES_ON_GRANT_REVOKE","true")
+
+zookeeper_znode_parent = config['configurations']['hbase-site']['zookeeper.znode.parent']
+hbase_zookeeoer_quorum = config['configurations']['hbase-site']['hbase.zookeeper.quorum']
+hbase_zookeeper_property_clientPort = config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
+hbase_security_authentication = config['configurations']['hbase-site']['hbase.security.authentication']
+hadoop_security_authentication = config['configurations']['core-site']['hadoop.security.authentication']
+
+repo_config_username = default("/configurations/ranger-hbase-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hbase")
+repo_config_password = default("/configurations/ranger-hbase-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hbase")
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-hbase-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{exec_tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
 driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py

@@ -27,9 +27,8 @@ from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
-def setup_ranger_hbase(env):
+def setup_ranger_hbase():
   import params
-  env.set_params(params)
   
   if params.has_ranger_admin:
 
@@ -65,8 +64,8 @@ def setup_ranger_hbase(env):
 
     file_path = '/usr/hdp/'+ hdp_version +'/ranger-hbase-plugin/install.properties'
 
-    ranger_hbase_dict = ranger_hbase_properties(params)
-    hbase_repo_data = hbase_repo_properties(params)
+    ranger_hbase_dict = ranger_hbase_properties()
+    hbase_repo_data = hbase_repo_properties()
 
     write_properties_to_file(file_path, ranger_hbase_dict)
 
@@ -76,16 +75,14 @@ def setup_ranger_hbase(env):
       response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hbase_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hbase_dict['REPOSITORY_NAME'], 'hbase', 'true', ambari_username_password_for_ranger)
           if repo and repo['name'] == ranger_hbase_dict['REPOSITORY_NAME']:
             Logger.info('Hbase Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(hbase_repo_data, ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(hbase_repo_data, ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('Hbase Repository created in Ranger admin')
             else:
@@ -141,66 +138,67 @@ def modify_config(filepath, variable, setting):
 
   return
 
-def ranger_hbase_properties(params):
+def ranger_hbase_properties():
+  import params
+
   ranger_hbase_properties = dict()
 
-  ranger_hbase_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-  ranger_hbase_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_hbase_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_hbase_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-  ranger_hbase_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_hbase_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-  ranger_hbase_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-  ranger_hbase_properties['REPOSITORY_NAME']          = str(params.config['clusterName']) + '_hbase'
-
-  ranger_hbase_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-  ranger_hbase_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hbase-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-    
-
-  ranger_hbase_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-  ranger_hbase_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-  ranger_hbase_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-  ranger_hbase_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hbase-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  ranger_hbase_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_hbase_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_hbase_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_hbase_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_hbase_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_hbase_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_hbase_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_hbase_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_hbase_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_hbase_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_hbase_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_hbase_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_hbase_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_hbase_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_hbase_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
    
-  ranger_hbase_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hbase-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+  ranger_hbase_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.grant_revoke
 
   return ranger_hbase_properties    
 
-def hbase_repo_properties(params):
+def hbase_repo_properties():
+  import params
 
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-  config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site']['hadoop.security.authentication']
-  config_dict['hbase.security.authentication'] = params.config['configurations']['hbase-site']['hbase.security.authentication']
-  config_dict['hbase.zookeeper.property.clientPort'] = params.config['configurations']['hbase-site']['hbase.zookeeper.property.clientPort']
-  config_dict['hbase.zookeeper.quorum'] = params.config['configurations']['hbase-site']['hbase.zookeeper.quorum']
-  config_dict['zookeeper.znode.parent'] =  params.config['configurations']['hbase-site']['zookeeper.znode.parent']
-
-  if params.config['configurations']['cluster-env']['security_enabled']:
-    config_dict['hbase.master.kerberos.principal'] = params.config['configurations']['hbase-site']['hbase.master.kerberos.principal']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['hadoop.security.authentication'] = params.hadoop_security_authentication
+  config_dict['hbase.security.authentication'] = params.hbase_security_authentication
+  config_dict['hbase.zookeeper.property.clientPort'] = params.hbase_zookeeper_property_clientPort
+  config_dict['hbase.zookeeper.quorum'] = params.hbase_zookeeoer_quorum
+  config_dict['zookeeper.znode.parent'] = params.zookeeper_znode_parent
+
+  if params.security_enabled:
+    config_dict['hbase.master.kerberos.principal'] = params.master_jaas_princ
   else:
     config_dict['hbase.master.kerberos.principal'] = ''
 
   repo= dict()
-  repo['isActive']                = "true"
-  repo['config']                  = json.dumps(config_dict)
-  repo['description']             = "hbase repo"
-  repo['name']                    = str(params.config['clusterName']) + "_hbase"
-  repo['repositoryType']          = "Hbase"
-  repo['assetType']               = '2'
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "hbase repo"
+  repo['name'] = params.repo_name
+  repo['repositoryType'] = "Hbase"
+  repo['assetType'] = '2'
 
   data = json.dumps(repo)
 

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py

@@ -70,7 +70,7 @@ class NameNode(Script):
 
     env.set_params(params)
     self.configure(env)
-    setup_ranger_hdfs(env)
+    setup_ranger_hdfs()
     namenode(action="start", rolling_restart=rolling_restart, env=env)
 
   def post_rolling_restart(self, env):

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params.py

@@ -320,24 +320,79 @@ mapred_log_dir_prefix = default("/configurations/mapred-env/mapred_log_dir_prefi
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-user_input = default("/configurations/ranger-hdfs-plugin-properties/ranger-hdfs-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # setting flag value for ranger hdfs plugin
   enable_ranger_hdfs = False
-  if  user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-hdfs-plugin-properties/ranger-hdfs-plugin-enabled", "no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_hdfs = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_hdfs = False
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
+#ranger hdfs properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_hadoop'
+db_enabled = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-hdfs-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-hdfs-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-hdfs-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-hdfs-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-hdfs-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+
+hadoop_security_authentication = config['configurations']['core-site']['hadoop.security.authentication']
+hadoop_security_authorization = config['configurations']['core-site']['hadoop.security.authorization']
+fs_default_name = config['configurations']['core-site']['fs.defaultFS']
+hadoop_security_auth_to_local = config['configurations']['core-site']['hadoop.security.auth_to_local']
+hadoop_rpc_protection = default("/configurations/ranger-hdfs-plugin-properties/hadoop.rpc.protection", "-")
+common_name_for_certificate = default("/configurations/ranger-hdfs-plugin-properties/common.name.for.certificate", "-")
+
+repo_config_username = default("/configurations/ranger-hdfs-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hadoop")
+repo_config_password = default("/configurations/ranger-hdfs-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hadoop")
+
+if security_enabled:
+  _sn_principal_name = default("/configurations/hdfs-site/dfs.secondary.namenode.kerberos.principal", "nn/_HOST@EXAMPLE.COM")
+  _sn_principal_name = _sn_principal_name.replace('_HOST',hostname.lower())
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-hdfs-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
-driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py

@@ -28,11 +28,9 @@ from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
 
-def setup_ranger_hdfs(env):
+def setup_ranger_hdfs():
   import params
 
-  env.set_params(params)
-
   if params.has_ranger_admin:
 
     environment = {"no_proxy": format("{params.ambari_server_hostname}")}
@@ -68,8 +66,8 @@ def setup_ranger_hdfs(env):
 
     file_path = '/usr/hdp/' + hdp_version + '/ranger-hdfs-plugin/install.properties'
 
-    ranger_hdfs_dict = ranger_hdfs_properties(params)
-    hdfs_repo_data = hdfs_repo_properties(params)
+    ranger_hdfs_dict = ranger_hdfs_properties()
+    hdfs_repo_data = hdfs_repo_properties()
 
     write_properties_to_file(file_path, ranger_hdfs_dict)
 
@@ -80,16 +78,14 @@ def setup_ranger_hdfs(env):
         ranger_hdfs_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hdfs_dict['REPOSITORY_NAME'], 'hdfs', 'true', ambari_username_password_for_ranger)
           if repo and repo['name'] == ranger_hdfs_dict['REPOSITORY_NAME']:
             Logger.info('HDFS Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(hdfs_repo_data, ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(hdfs_repo_data, ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('HDFS Repository created in Ranger Admin')
             else:
@@ -148,89 +144,59 @@ def modify_config(filepath, variable, setting):
   return
 
 
-def ranger_hdfs_properties(params):
+def ranger_hdfs_properties():
+  import params
+
   ranger_hdfs_properties = dict()
 
-  ranger_hdfs_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties'][
-    'policymgr_external_url']
-  ranger_hdfs_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_hdfs_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_hdfs_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties'][
-    'audit_db_name']
-  ranger_hdfs_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_hdfs_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties'][
-    'audit_db_password']
-  ranger_hdfs_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host']
-  ranger_hdfs_properties['REPOSITORY_NAME'] = str(params.config['clusterName']) + '_hadoop'
-
-  ranger_hdfs_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.DB.IS_ENABLED']
-
-  ranger_hdfs_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.IS_ENABLED']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = \
-  params.config['configurations']['ranger-hdfs-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-
-  ranger_hdfs_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_KEYSTORE_FILE_PATH']
-  ranger_hdfs_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_KEYSTORE_PASSWORD']
-  ranger_hdfs_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_TRUSTSTORE_FILE_PATH']
-  ranger_hdfs_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'SSL_TRUSTSTORE_PASSWORD']
+  ranger_hdfs_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_hdfs_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_hdfs_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_hdfs_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_hdfs_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_hdfs_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_hdfs_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_hdfs_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_hdfs_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_hdfs_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_hdfs_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_hdfs_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_hdfs_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_hdfs_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_hdfs_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
 
   return ranger_hdfs_properties
 
 
-def hdfs_repo_properties(params):
+def hdfs_repo_properties():
+  import params
+
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'REPOSITORY_CONFIG_PASSWORD']
-  config_dict['hadoop.security.authentication'] = params.config['configurations']['core-site'][
-    'hadoop.security.authentication']
-  config_dict['hadoop.security.authorization'] = params.config['configurations']['core-site'][
-    'hadoop.security.authorization']
-  config_dict['fs.default.name'] = params.config['configurations']['core-site']['fs.defaultFS']
-  config_dict['hadoop.security.auth_to_local'] = params.config['configurations']['core-site'][
-    'hadoop.security.auth_to_local']
-  config_dict['hadoop.rpc.protection'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'hadoop.rpc.protection']
-  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hdfs-plugin-properties'][
-    'common.name.for.certificate']
-
-  if params.config['configurations']['cluster-env']['security_enabled']:
-    config_dict['dfs.datanode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
-      'dfs.datanode.kerberos.principal']
-    config_dict['dfs.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
-      'dfs.namenode.kerberos.principal']
-    config_dict['dfs.secondary.namenode.kerberos.principal'] = params.config['configurations']['hdfs-site'][
-      'dfs.secondary.namenode.kerberos.principal']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['hadoop.security.authentication'] = params.hadoop_security_authentication
+  config_dict['hadoop.security.authorization'] = params.hadoop_security_authorization
+  config_dict['fs.default.name'] = params.fs_default_name
+  config_dict['hadoop.security.auth_to_local'] = params.hadoop_security_auth_to_local
+  config_dict['hadoop.rpc.protection'] = params.hadoop_rpc_protection
+  config_dict['commonNameForCertificate'] = params.common_name_for_certificate
+
+  if params.security_enabled:
+    config_dict['dfs.datanode.kerberos.principal'] = params._dn_principal_name
+    config_dict['dfs.namenode.kerberos.principal'] = params._nn_principal_name
+    config_dict['dfs.secondary.namenode.kerberos.principal'] = params._sn_principal_name
   else:
     config_dict['dfs.datanode.kerberos.principal'] = ''
     config_dict['dfs.namenode.kerberos.principal'] = ''
@@ -240,7 +206,7 @@ def hdfs_repo_properties(params):
   repo['isActive'] = "true"
   repo['config'] = json.dumps(config_dict)
   repo['description'] = "hdfs repo"
-  repo['name'] = str(params.config['clusterName']) + "_hadoop"
+  repo['name'] = params.repo_name
   repo['repositoryType'] = "Hdfs"
   repo['assetType'] = '1'
 

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py

@@ -56,7 +56,7 @@ class HiveServer(Script):
     # This function is needed in HDP 2.2, but it is safe to call in earlier versions.
     copy_tarballs_to_hdfs('mapreduce', 'hive-server2', params.tez_user, params.hdfs_user, params.user_group)
     copy_tarballs_to_hdfs('tez', 'hive-server2', params.tez_user, params.hdfs_user, params.user_group)
-    setup_ranger_hive(env)    
+    setup_ranger_hive()    
     hive_service( 'hiveserver2', action = 'start',
       rolling_restart=rolling_restart )
 

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params.py

@@ -335,20 +335,70 @@ HdfsDirectory = functools.partial(
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-user_input = default("/configurations/ranger-hive-plugin-properties/ranger-hive-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >=0:
   # setting flag value for ranger hive plugin
   enable_ranger_hive = False
-  user_input = config['configurations']['ranger-hive-plugin-properties']['ranger-hive-plugin-enabled']
-  if  user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-hive-plugin-properties/ranger-hive-plugin-enabled", "no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_hive = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_hive = False
 
-ranger_jdbc_jar_name = "mysql-connector-java.jar"
+#ranger hive properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_hive'
+db_enabled = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-hive-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-hive-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-hive-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-hive-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-hive-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+grant_revoke = default("/configurations/ranger-hive-plugin-properties/UPDATE_XAPOLICIES_ON_GRANT_REVOKE","true")
+
+jdbc_driver_class_name = default("/configurations/ranger-hive-plugin-properties/jdbc.driverClassName","")
+common_name_for_certificate = default("/configurations/ranger-hive-plugin-properties/common.name.for.certificate", "-")
+
+repo_config_username = default("/configurations/ranger-hive-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hive")
+repo_config_password = default("/configurations/ranger-hive-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hive")
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-hive-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  ranger_jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  ranger_jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  ranger_jdbc_jar_name = "ojdbc6.jar"
+  ranger_jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 ranger_downloaded_custom_connector = format("{tmp_dir}/{ranger_jdbc_jar_name}")
 
-ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_jar_name}")
-ranger_driver_curl_target = format("{java_share_dir}/{ranger_jdbc_jar_name}")
+ranger_driver_curl_source = format("{jdk_location}/{ranger_jdbc_symlink_name}")
+ranger_driver_curl_target = format("{java_share_dir}/{ranger_jdbc_jar_name}")
+
+if security_enabled:
+  hive_principal = hive_server_principal.replace('_HOST',hive_server_host.lower())

ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py

@@ -27,9 +27,8 @@ from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
-def setup_ranger_hive(env):
+def setup_ranger_hive():
   import params
-  env.set_params(params)
 
   if params.has_ranger_admin:
 
@@ -45,7 +44,7 @@ def setup_ranger_hive(env):
     if not os.path.isfile(params.ranger_driver_curl_target):
       Execute(('cp', '--remove-destination', params.ranger_downloaded_custom_connector, params.ranger_driver_curl_target),
               path=["/bin", "/usr/bin/"],
-              sudo=True)
+              sudo=True)     
 
     try:
       command = 'hdp-select status hive-server2'
@@ -65,8 +64,8 @@ def setup_ranger_hive(env):
 
     file_path = '/usr/hdp/'+ hdp_version +'/ranger-hive-plugin/install.properties'
 
-    ranger_hive_dict = ranger_hive_properties(params)
-    hive_repo_data = hive_repo_properties(params)
+    ranger_hive_dict = ranger_hive_properties()
+    hive_repo_data = hive_repo_properties()
 
     write_properties_to_file(file_path, ranger_hive_dict)
   
@@ -76,9 +75,7 @@ def setup_ranger_hive(env):
       response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_hive_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_hive_dict['REPOSITORY_NAME'], 'hive', 'true', ambari_username_password_for_ranger)
@@ -86,7 +83,7 @@ def setup_ranger_hive(env):
           if repo and repo['name'] ==  ranger_hive_dict['REPOSITORY_NAME']:
             Logger.info('Hive Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(hive_repo_data,ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(hive_repo_data,ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('Hive Repository created in Ranger Admin')
             else:
@@ -144,61 +141,63 @@ def modify_config(filepath, variable, setting):
 
   return
 
-def ranger_hive_properties(params):
-  ranger_hive_properties = dict()
-
-  ranger_hive_properties['POLICY_MGR_URL']       = params.config['configurations']['admin-properties']['policymgr_external_url']
-  ranger_hive_properties['SQL_CONNECTOR_JAR']    = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_hive_properties['XAAUDIT.DB.FLAVOUR']     = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_hive_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-  ranger_hive_properties['XAAUDIT.DB.USER_NAME']   = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_hive_properties['XAAUDIT.DB.PASSWORD']    = params.config['configurations']['admin-properties']['audit_db_password']
-  ranger_hive_properties['XAAUDIT.DB.HOSTNAME']    = params.config['configurations']['admin-properties']['db_host']
-  ranger_hive_properties['REPOSITORY_NAME']      = str(params.config['clusterName']) + '_hive'
-
-  ranger_hive_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-  ranger_hive_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-hive-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-  
+def ranger_hive_properties():
+  import params
 
-  ranger_hive_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-  ranger_hive_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-  ranger_hive_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-  ranger_hive_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-hive-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  ranger_hive_properties = dict()
 
-  ranger_hive_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.config['configurations']['ranger-hive-plugin-properties']['UPDATE_XAPOLICIES_ON_GRANT_REVOKE']
+  ranger_hive_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_hive_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_hive_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_hive_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_hive_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_hive_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_hive_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_hive_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_hive_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_hive_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_hive_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_hive_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_hive_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_hive_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_hive_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
+   
+  ranger_hive_properties['UPDATE_XAPOLICIES_ON_GRANT_REVOKE'] = params.grant_revoke
 
   return ranger_hive_properties
 
-def hive_repo_properties(params):
-
-  hive_host = params.config['clusterHostInfo']['hive_server_host'][0]
+def hive_repo_properties():
+  import params
 
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-  config_dict['jdbc.driverClassName'] = params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName']
-  config_dict['jdbc.url'] = 'jdbc:hive2://' + hive_host + ':10000'
-  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['jdbc.driverClassName'] = params.jdbc_driver_class_name
+  if params.security_enabled:
+    config_dict['jdbc.url'] = format("{params.hive_url}/default;principal={params.hive_principal}")
+  else:  
+    config_dict['jdbc.url'] = params.hive_url
+  config_dict['commonNameForCertificate'] = params.common_name_for_certificate
 
   repo= dict()
-  repo['isActive']        = "true"
-  repo['config']          = json.dumps(config_dict)
-  repo['description']       = "hive repo"
-  repo['name']          = str(params.config['clusterName']) + '_hive'
-  repo['repositoryType']      = "Hive"
-  repo['assetType']         = '3'
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "hive repo"
+  repo['name'] = params.repo_name
+  repo['repositoryType'] = "Hive"
+  repo['assetType'] = '3'
 
   data = json.dumps(repo)
 

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml

@@ -20,137 +20,143 @@
 -->
 <configuration supports_final="true">
 
-	<property>
-		<name>common.name.for.certificate</name>
-		<value>-</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>
-
-    <property>
-        <name>ranger-knox-plugin-enabled</name>
-        <value>No</value>
-        <description>Enable ranger knox plugin ?</description>
-    </property>
-
-	<property>
-		<name>REPOSITORY_CONFIG_USERNAME</name>
-		<value>admin</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>REPOSITORY_CONFIG_PASSWORD</name>
-		<value>admin-password</value>
-		<property-type>PASSWORD</property-type>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>KNOX_HOME</name>
-		<value>/usr/hdp/current/knox-server</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.DB.IS_ENABLED</name>
-		<value>true</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.IS_ENABLED</name>
-		<value>false</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
-		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
-		<value>%hostname%-audit.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
-		<value>900</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>86400</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>600</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
-		<value>10</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_PASSWORD</name>
-		<value>myKeyFilePassword</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_PASSWORD</name>
-		<value>changeit</value>
-		<description></description>
-	</property>
+  <property>
+    <name>policy_user</name>
+    <value>ambari-qa</value>
+    <description>This user must be system user and also present at Ranger admin portal</description>
+  </property> 
+
+  <property>
+    <name>common.name.for.certificate</name>
+    <value>-</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>ranger-knox-plugin-enabled</name>
+    <value>No</value>
+    <description>Enable ranger knox plugin ?</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <value>admin</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <value>admin-password</value>
+    <property-type>PASSWORD</property-type>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>KNOX_HOME</name>
+    <value>/usr/hdp/current/knox-server</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.DB.IS_ENABLED</name>
+    <value>true</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.IS_ENABLED</name>
+    <value>false</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+    <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+    <value>%hostname%-audit.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+    <value>900</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>86400</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+    <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>600</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+    <value>10</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_PASSWORD</name>
+    <value>myKeyFilePassword</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_PASSWORD</name>
+    <value>changeit</value>
+    <description></description>
+  </property>
 
 </configuration>

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py

@@ -80,7 +80,7 @@ class KnoxGateway(Script):
     self.configure(env)
     daemon_cmd = format('{knox_bin} start')
     no_op_test = format('ls {knox_pid_file} >/dev/null 2>&1 && ps -p `cat {knox_pid_file}` >/dev/null 2>&1')
-    setup_ranger_knox(env)
+    setup_ranger_knox()
     Execute(daemon_cmd,
             user=params.knox_user,
             environment={'JAVA_HOME': params.java_home},

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py

@@ -134,26 +134,71 @@ if security_enabled:
 
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-user_input = default("/configurations/ranger-knox-plugin-properties/ranger-knox-plugin-enabled", "no")
 has_ranger_admin = not len(ranger_admin_hosts) == 0
 
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # Setting Flag value for ranger hbase plugin
   enable_ranger_knox = False
-  user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled']
-  if user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-knox-plugin-properties/ranger-knox-plugin-enabled", "no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_knox = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_knox = False
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
+# ranger knox properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_knox'
+db_enabled = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-knox-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-knox-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-knox-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-knox-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-knox-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+
+knox_home = default("/configurations/ranger-knox-plugin-properties/KNOX_HOME", "/usr/hdp/current/knox-server")
+common_name_for_certificate = default("/configurations/ranger-knox-plugin-properties/common.name.for.certificate", "-")
+
+repo_config_username = default("/configurations/ranger-knox-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hbase")
+repo_config_password = default("/configurations/ranger-knox-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hbase")
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-knox-plugin-properties/policy_user", "ambari-qa")
+
+#For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
-driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    
-      
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py

@@ -27,9 +27,8 @@ from resource_management import *
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.core.logger import Logger
 
-def setup_ranger_knox(env):
+def setup_ranger_knox():
   import params
-  env.set_params(params)
 
   if params.has_ranger_admin:
 
@@ -65,8 +64,8 @@ def setup_ranger_knox(env):
 
     file_path = '/usr/hdp/'+ hdp_version +'/ranger-knox-plugin/install.properties'
 
-    ranger_knox_dict = ranger_knox_properties(params)
-    knox_repo_data = knox_repo_properties(params)     
+    ranger_knox_dict = ranger_knox_properties()
+    knox_repo_data = knox_repo_properties()     
 
     write_properties_to_file(file_path, ranger_knox_dict)
 
@@ -76,16 +75,14 @@ def setup_ranger_knox(env):
       response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_knox_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
       if response_code is not None and response_code == 200:
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_knox_dict['REPOSITORY_NAME'], 'knox', 'true', ambari_username_password_for_ranger)
           if repo and repo['name'] == ranger_knox_dict['REPOSITORY_NAME']:
             Logger.info('Knox Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('Knox Repository created in Ranger Admin')
             else:
@@ -143,62 +140,58 @@ def modify_config(filepath, variable, setting):
 
   return
 
-def ranger_knox_properties(params):
-  ranger_knox_properties = dict()
+def ranger_knox_properties():
+  import params
 
-  ranger_knox_properties['POLICY_MGR_URL']       = params.config['configurations']['admin-properties']['policymgr_external_url']
-  ranger_knox_properties['SQL_CONNECTOR_JAR']    = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_knox_properties['XAAUDIT.DB.FLAVOUR']     = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-  ranger_knox_properties['XAAUDIT.DB.USER_NAME']   = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_knox_properties['XAAUDIT.DB.PASSWORD']    = params.config['configurations']['admin-properties']['audit_db_password']
-  ranger_knox_properties['XAAUDIT.DB.HOSTNAME']    = params.config['configurations']['admin-properties']['db_host']
-  ranger_knox_properties['REPOSITORY_NAME']      = str(params.config['clusterName']) + '_knox'
-
-  ranger_knox_properties['KNOX_HOME'] = params.config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME']
-
-  ranger_knox_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-  ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-  ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-  
+  ranger_knox_properties = dict()
 
-  ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-  ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-  ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-  ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  ranger_knox_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_knox_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_knox_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_knox_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_knox_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_knox_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_knox_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_knox_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+  ranger_knox_properties['KNOX_HOME'] = params.knox_home
+
+  ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
   
-
   return ranger_knox_properties  
 
-def knox_repo_properties(params):
-
-  knoxHost = params.config['clusterHostInfo']['knox_gateway_hosts'][0]
-  knoxPort = params.config['configurations']['gateway-site']['gateway.port']
+def knox_repo_properties():
+  import params
 
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['knox.url'] = 'https://' + knoxHost + ':' + str(knoxPort) +'/gateway/admin/api/v1/topologies'
-  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate']
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['knox.url'] = 'https://' + params.knox_host_name + ':' + str(params.knox_host_port) +'/gateway/admin/api/v1/topologies'
+  config_dict['commonNameForCertificate'] = params.common_name_for_certificate
 
   repo= dict()
-  repo['isActive']        = "true"
-  repo['config']          = json.dumps(config_dict)
-  repo['description']       = "knox repo"
-  repo['name']          = str(params.config['clusterName']) + "_knox"
-  repo['repositoryType']      = "Knox"
-  repo['assetType']         = '5'
+  repo['isActive'] = "true"
+  repo['config'] = json.dumps(config_dict)
+  repo['description'] = "knox repo"
+  repo['name'] = params.repo_name
+  repo['repositoryType'] = "Knox"
+  repo['assetType'] = '5'
 
   data = json.dumps(repo)
 

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/admin-properties.xml

@@ -21,160 +21,160 @@
 -->
 <configuration supports_final="false">
 
-	<property>
-		<name>DB_FLAVOR</name>
-		<value>MYSQL</value>
-		<description>The database type to be used (mysql/oracle)</description>
-	</property>
-
-        <property>
-                <name>SQL_COMMAND_INVOKER</name>
-                <value>mysql</value>
-                <description>The executable path to be used to invoke command-line MYSQL</description>
-        </property>
-
-        <property>
-                <name>SQL_CONNECTOR_JAR</name>
-                <value>/usr/share/java/mysql-connector-java.jar</value>
-                <description>Location of DB client library (please check the location of the jar file)</description>
-        </property>
-
-        <property>
-                <name>db_root_user</name>
-                <value>root</value>
-                <property-type>USER</property-type>
-                <description>Database admin user</description>
-        </property>
-
-        <property require-input="true">
-                <name>db_root_password</name>
-                <value>vagrant</value>
-                <property-type>PASSWORD</property-type>
-                <description>Database password for the database admin user-id</description>
-        </property>
-
-        <property>
-                <name>db_host</name>
-                <value>localhost</value>
-                <description>Database host</description>
-        </property>
-
-        <property>
-                <name>db_name</name>
-                <value>ranger</value>
-                <description>Database name</description>
-        </property>
-
-        <property>
-                <name>db_user</name>
-                <value>rangeradmin</value>
-                <property-type>USER</property-type>
-                <description>Database user-id used for the XASecure schema</description>
-        </property>
-
-        <property require-input="true">
-                <name>db_password</name>
-                <value>rangeradmin</value>
-                <property-type>PASSWORD</property-type>
-                <description>Database password for the XASecure schema</description>
-        </property>
-
-        <property>
-                <name>audit_db_name</name>
-                <value>ranger_audit</value>
-                <description>Audit database name</description>
-        </property>
-
-        <property>
-                <name>audit_db_user</name>
-                <value>rangerlogger</value>
-                <property-type>USER</property-type>
-                <description>Database user-id for storing auditlog information</description>
-        </property>
-
-        <property require-input="true">
-                <name>audit_db_password</name>
-                <value>rangerlogger</value>
-                <property-type>PASSWORD</property-type>
-                <description>Database password for storing auditlog information</description>
-        </property>
-
-        <property>
-                <name>policymgr_external_url</name>
-                <value>http://localhost:6080</value>
-                <description>Policy Manager external url</description>
-        </property>
-
-        <property>
-                <name>policymgr_http_enabled</name>
-                <value>true</value>
-                <description>HTTP Enabled</description>
-        </property>
-
-        <property>
-                <name>authentication_method</name>
-                <value>UNIX</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>remoteLoginEnabled</name>
-                <value>true</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>authServiceHostName</name>
-                <value>localhost</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>authServicePort</name>
-                <value>5151</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_url</name>
-                <value>"ldap://71.127.43.33:389"</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_userDNpattern</name>
-                <value>"uid={0},ou=users,dc=xasecure,dc=net"</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_groupSearchBase</name>
-                <value>"ou=groups,dc=xasecure,dc=net"</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_groupSearchFilter</name>
-                <value>"(member=uid={0},ou=users,dc=xasecure,dc=net)"</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_groupRoleAttribute</name>
-                <value>"cn"</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_ad_domain</name>
-                <value>"xasecure.net"</value>
-                <description></description>
-        </property>
-
-        <property>
-                <name>xa_ldap_ad_url</name>
-                <value>"ldap://ad.xasecure.net:389"</value>
-                <description></description>
-        </property>
-
-</configuration>
+  <property>
+    <name>DB_FLAVOR</name>
+    <value>MYSQL</value>
+    <description>The database type to be used (mysql/oracle)</description>
+  </property>
+
+  <property>
+    <name>SQL_COMMAND_INVOKER</name>
+    <value>mysql</value>
+    <description>The executable path to be used to invoke command-line MYSQL</description>
+  </property>
+
+  <property>
+    <name>SQL_CONNECTOR_JAR</name>
+    <value>/usr/share/java/mysql-connector-java.jar</value>
+    <description>Location of DB client library (please check the location of the jar file)</description>
+  </property>
+
+  <property>
+    <name>db_root_user</name>
+    <value>root</value>
+    <property-type>USER</property-type>
+    <description>Database admin user</description>
+  </property>
+
+  <property require-input="true">
+    <name>db_root_password</name>
+    <value>vagrant</value>
+    <property-type>PASSWORD</property-type>
+    <description>Database password for the database admin user-id</description>
+  </property>
+
+  <property>
+    <name>db_host</name>
+    <value>localhost</value>
+    <description>Database host</description>
+  </property>
+
+  <property>
+    <name>db_name</name>
+    <value>ranger</value>
+    <description>Database name</description>
+  </property>
+
+  <property>
+    <name>db_user</name>
+    <value>rangeradmin</value>
+    <property-type>USER</property-type>
+    <description>Database user-id used for the Ranger schema</description>
+  </property>
+
+  <property require-input="true">
+    <name>db_password</name>
+    <value>rangeradmin</value>
+    <property-type>PASSWORD</property-type>
+    <description>Database password for the Ranger schema</description>
+  </property>
+
+  <property>
+    <name>audit_db_name</name>
+    <value>ranger_audit</value>
+    <description>Audit database name</description>
+  </property>
+
+  <property>
+    <name>audit_db_user</name>
+    <value>rangerlogger</value>
+    <property-type>USER</property-type>
+    <description>Database user-id for storing auditlog information</description>
+  </property>
+
+  <property require-input="true">
+    <name>audit_db_password</name>
+    <value>rangerlogger</value>
+    <property-type>PASSWORD</property-type>
+    <description>Database password for storing auditlog information</description>
+  </property>
+
+  <property>
+    <name>policymgr_external_url</name>
+    <value>http://localhost:6080</value>
+    <description>Policy Manager external url</description>
+  </property>
+
+  <property>
+    <name>policymgr_http_enabled</name>
+    <value>true</value>
+    <description>HTTP Enabled</description>
+  </property>
+
+  <property>
+    <name>authentication_method</name>
+    <value>UNIX</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>remoteLoginEnabled</name>
+    <value>true</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>authServiceHostName</name>
+    <value>localhost</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>authServicePort</name>
+    <value>5151</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_url</name>
+    <value>"ldap://71.127.43.33:389"</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_userDNpattern</name>
+    <value>"uid={0},ou=users,dc=xasecure,dc=net"</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_groupSearchBase</name>
+    <value>"ou=groups,dc=xasecure,dc=net"</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_groupSearchFilter</name>
+    <value>"(member=uid={0},ou=users,dc=xasecure,dc=net)"</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_groupRoleAttribute</name>
+    <value>"cn"</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_ad_domain</name>
+    <value>"xasecure.net"</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>xa_ldap_ad_url</name>
+    <value>"ldap://ad.xasecure.net:389"</value>
+    <description></description>
+  </property>
+
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml

@@ -20,44 +20,64 @@
 -->
 <configuration supports_final="true">
 
-    <property>
-        <name>ranger_user</name>
-        <value>ranger</value>
-        <property-type>USER</property-type>
-        <description>Ranger username</description>
-    </property>
-
-    <property>
-        <name>ranger_group</name>
-        <value>ranger</value>
-        <property-type>GROUP</property-type>
-        <description>Ranger group</description>
-    </property>
-
-    <property>
-        <name>ranger_admin_log_dir</name>
-        <value>/var/log/ranger/admin</value>
-        <description></description>
-    </property>
-
-    <property>
-        <name>ranger_usersync_log_dir</name>
-        <value>/var/log/ranger/usersync</value>
-        <description></description>
-    </property>
-
-        <property>
-        <name>ranger_admin_username</name>
-        <value>amb_ranger_admin</value>
-        <property-type>TEXT</property-type>
-        <description></description>
-    </property>
-
-    <property>
-        <name>ranger_admin_password</name>
-        <value>ambari123</value>
-        <property-type>PASSWORD</property-type>
-        <description></description>
-    </property>
-
-</configuration>
+  <property>
+    <name>ranger_user</name>
+    <value>ranger</value>
+    <property-type>USER</property-type>
+    <description>Ranger username</description>
+  </property>
+
+  <property>
+    <name>ranger_group</name>
+    <value>ranger</value>
+    <property-type>GROUP</property-type>
+    <description>Ranger group</description>
+  </property>
+
+  <property>
+    <name>ranger_admin_log_dir</name>
+    <value>/var/log/ranger/admin</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>ranger_usersync_log_dir</name>
+    <value>/var/log/ranger/usersync</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>ranger_admin_username</name>
+    <value>amb_ranger_admin</value>
+    <property-type>TEXT</property-type>
+    <description></description>
+  </property>
+
+  <property>
+    <name>ranger_admin_password</name>
+    <value>ambari123</value>
+    <property-type>PASSWORD</property-type>
+    <description></description>
+  </property>
+
+  <property>
+    <name>admin_username</name>
+    <value>admin</value>
+    <description>This user must be synced with Ranger admin</description>
+  </property>  
+
+  <property>
+    <name>admin_password</name>
+    <value>admin</value>
+    <property-type>PASSWORD</property-type>
+    <description>This admin user password must be synced with Ranger admin</description>
+  </property>
+  
+  <property>
+    <name>oracle_home</name>
+    <value>-</value>
+    <property-type>TEXT</property-type>
+    <description>Oracle Home needs to be set to path where oracle is installed, this will help install Ranger Admin when used with Oracle as database.</description>
+  </property>  
+
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml

@@ -21,47 +21,46 @@
 -->
 <configuration supports_final="false">
 
-	<property>
-		<name>HTTP_SERVICE_PORT</name>
-		<value>6080</value>
-		<description>The http port to be used</description>
-	</property>
+  <property>
+    <name>HTTP_SERVICE_PORT</name>
+    <value>6080</value>
+    <description>The http port to be used</description>
+  </property>
 
-	<property>
-		<name>HTTPS_SERVICE_PORT</name>
-		<value>6182</value>
-		<description>The secured https port to be used</description>
-	</property>
+  <property>
+    <name>HTTPS_SERVICE_PORT</name>
+    <value>6182</value>
+    <description>The secured https port to be used</description>
+  </property>
 
-    <property>
-		<name>HTTPS_KEYSTORE_FILE</name>
-		<value>/etc/ranger/admin/keys/server.jks</value>
-		<description>The keystore file location</description>
-	</property>
+  <property>
+    <name>HTTPS_KEYSTORE_FILE</name>
+    <value>/etc/ranger/admin/keys/server.jks</value>
+    <description>The keystore file location</description>
+  </property>
 
-    <property>
-		<name>HTTPS_KEYSTORE_PASS</name>
-		<value>ranger</value>
-		<description>The keystore pass to be used </description>
-	</property>
+  <property>
+    <name>HTTPS_KEYSTORE_PASS</name>
+    <value>ranger</value>
+    <description>The keystore pass to be used </description>
+  </property>
 
-    <property>
-		<name>HTTPS_KEY_ALIAS</name>
-		<value>myKey</value>
-		<description>The key alias to be used </description>
-	</property>
+  <property>
+    <name>HTTPS_KEY_ALIAS</name>
+    <value>myKey</value>
+    <description>The key alias to be used </description>
+  </property>
 
-    <property>
-		<name>HTTPS_CLIENT_AUTH</name>
-		<value>want</value>
-		<description>The client auth to be used </description>
-	</property>
+  <property>
+    <name>HTTPS_CLIENT_AUTH</name>
+    <value>want</value>
+    <description>The client auth to be used </description>
+  </property>
 
-    <property>
-		<name>HTTP_ENABLED</name>
-		<value>true</value>
-		<description>http enabled or https enabled </description>
-	</property>
+  <property>
+    <name>HTTP_ENABLED</name>
+    <value>true</value>
+    <description>http enabled or https enabled </description>
+  </property>
 
-
-</configuration>
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/usersync-properties.xml

@@ -20,84 +20,84 @@
  */
 -->
 <configuration supports_final="false">
-	<property>
-		<name>SYNC_SOURCE</name>
-		<value>unix</value>
-		<description></description>
-	</property>
-	<property>
-		<name>MIN_UNIX_USER_ID_TO_SYNC</name>
-		<value>1000</value>
-		<description></description>
-	</property>
-	<property>
-		<name>SYNC_INTERVAL</name>
-		<value>1</value>
-		<description></description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_URL</name>
-		<value>ldap://localhost:389</value>
-		<description>a sample value would be:  ldap://ldap.example.com:389</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_BIND_DN</name>
-		<value>cn=admin,dc=xasecure,dc=net</value>
-		<description>a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc-org</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_BIND_PASSWORD</name>
-		<value>admin321</value>
-		<description></description>
-	</property>
-	<property>
-		<name>CRED_KEYSTORE_FILENAME</name>
-		<value>/usr/lib/xausersync/.jceks/xausersync.jceks</value>
-		<description></description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USER_SEARCH_BASE</name>
-		<value>ou=users,dc=xasecure,dc=net</value>
-		<description>sample value would be ou=users,dc=hadoop,dc=apache,dc=org</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USER_SEARCH_SCOPE</name>
-		<value>sub</value>
-		<description>default value: sub</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USER_OBJECT_CLASS</name>
-		<value>person</value>
-		<description>default value: person</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USER_SEARCH_FILTER</name>
-		<value>-</value>
-		<description>default value is empty</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USER_NAME_ATTRIBUTE</name>
-		<value>cn</value>
-		<description>default value: cn</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE</name>
-		<value>memberof,ismemberof</value>
-		<description></description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_USERNAME_CASE_CONVERSION</name>
-		<value>lower</value>
-		<description>possible values:  none, lower, upper</description>
-	</property>
-	<property>
-		<name>SYNC_LDAP_GROUPNAME_CASE_CONVERSION</name>
-		<value>lower</value>
-		<description>possible values:  none, lower, upper</description>
-	</property>
-	<property>
-		<name>logdir</name>
-		<value>logs</value>
-		<description>user sync log path</description>
-	</property>
-</configuration>
+  <property>
+    <name>SYNC_SOURCE</name>
+    <value>unix</value>
+    <description></description>
+  </property>
+  <property>
+    <name>MIN_UNIX_USER_ID_TO_SYNC</name>
+    <value>1000</value>
+    <description></description>
+  </property>
+  <property>
+    <name>SYNC_INTERVAL</name>
+    <value>1</value>
+    <description></description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_URL</name>
+    <value>ldap://localhost:389</value>
+    <description>a sample value would be:  ldap://ldap.example.com:389</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_BIND_DN</name>
+    <value>cn=admin,dc=xasecure,dc=net</value>
+    <description>a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc-org</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_BIND_PASSWORD</name>
+    <value>admin321</value>
+    <description></description>
+  </property>
+  <property>
+    <name>CRED_KEYSTORE_FILENAME</name>
+    <value>/usr/lib/xausersync/.jceks/xausersync.jceks</value>
+    <description></description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USER_SEARCH_BASE</name>
+    <value>ou=users,dc=xasecure,dc=net</value>
+    <description>sample value would be ou=users,dc=hadoop,dc=apache,dc=org</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USER_SEARCH_SCOPE</name>
+    <value>sub</value>
+    <description>default value: sub</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USER_OBJECT_CLASS</name>
+    <value>person</value>
+    <description>default value: person</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USER_SEARCH_FILTER</name>
+    <value>-</value>
+    <description>default value is empty</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USER_NAME_ATTRIBUTE</name>
+    <value>cn</value>
+    <description>default value: cn</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE</name>
+    <value>memberof,ismemberof</value>
+    <description></description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_USERNAME_CASE_CONVERSION</name>
+    <value>lower</value>
+    <description>possible values:  none, lower, upper</description>
+  </property>
+  <property>
+    <name>SYNC_LDAP_GROUPNAME_CASE_CONVERSION</name>
+    <value>lower</value>
+    <description>possible values:  none, lower, upper</description>
+  </property>
+  <property>
+    <name>logdir</name>
+    <value>logs</value>
+    <description>user sync log path</description>
+  </property>
+</configuration>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml

@@ -19,67 +19,67 @@
  */
 -->
 <metainfo>
-    <schemaVersion>2.0</schemaVersion>
-    <services>
-        <service>
-            <name>RANGER</name>
-            <displayName>Ranger</displayName>
-            <comment>Comprehensive security for Hadoop</comment>
-            <version>0.4.0</version>
-            <components>
-                
-                <component>
-                    <name>RANGER_ADMIN</name>
-                    <displayName>Ranger Admin</displayName>
-                    <category>MASTER</category>
-                    <cardinality>1</cardinality>
-                    <commandScript>
-                        <script>scripts/ranger_admin.py</script>
-                        <scriptType>PYTHON</scriptType>
-                        <timeout>600</timeout>
-                    </commandScript>
-                </component>
+  <schemaVersion>2.0</schemaVersion>
+  <services>
+    <service>
+      <name>RANGER</name>
+      <displayName>Ranger</displayName>
+      <comment>Comprehensive security for Hadoop</comment>
+      <version>0.4.0</version>
+      <components>
+          
+        <component>
+          <name>RANGER_ADMIN</name>
+          <displayName>Ranger Admin</displayName>
+          <category>MASTER</category>
+          <cardinality>1</cardinality>
+          <commandScript>
+            <script>scripts/ranger_admin.py</script>
+            <scriptType>PYTHON</scriptType>
+            <timeout>600</timeout>
+          </commandScript>
+        </component>
 
-                <component>
-                    <name>RANGER_USERSYNC</name>
-                    <displayName>Ranger Usersync</displayName>
-                    <category>MASTER</category>
-                    <cardinality>1</cardinality>
-                    <commandScript>
-                        <script>scripts/ranger_usersync.py</script>
-                        <scriptType>PYTHON</scriptType>
-                        <timeout>600</timeout>
-                    </commandScript>           
-                </component>
+        <component>
+          <name>RANGER_USERSYNC</name>
+          <displayName>Ranger Usersync</displayName>
+          <category>MASTER</category>
+          <cardinality>1</cardinality>
+          <commandScript>
+            <script>scripts/ranger_usersync.py</script>
+            <scriptType>PYTHON</scriptType>
+            <timeout>600</timeout>
+          </commandScript>        
+        </component>
 
-            </components>              
+      </components>              
 
-            <osSpecifics>
-                <osSpecific>
-                    <osFamily>redhat5,redhat6,suse11,ubuntu12</osFamily>
-                    <packages>
-                        <package>
-                            <name>ranger-admin</name>                                
-                        </package>
-                        <package>
-                            <name>ranger-usersync</name>
-                        </package>                           
-                    </packages>                        
-                </osSpecific>
-            </osSpecifics>
+      <osSpecifics>
+        <osSpecific>
+          <osFamily>redhat5,redhat6,suse11,ubuntu12</osFamily>
+          <packages>
+            <package>
+              <name>ranger-admin</name>                                
+            </package>
+            <package>
+              <name>ranger-usersync</name>
+            </package>                           
+          </packages>                        
+        </osSpecific>
+      </osSpecifics>
 
-            <configuration-dependencies>
-                <config-type>admin-properties</config-type>
-                <config-type>ranger-site</config-type>
-                <config-type>usersync-properties</config-type>
-            </configuration-dependencies>
+      <configuration-dependencies>
+        <config-type>admin-properties</config-type>
+        <config-type>ranger-site</config-type>
+        <config-type>usersync-properties</config-type>
+      </configuration-dependencies>
 
-            <commandScript>
-                <script>scripts/service_check.py</script>
-                <scriptType>PYTHON</scriptType>
-                <timeout>300</timeout>				
-            </commandScript>
+      <commandScript>
+        <script>scripts/service_check.py</script>
+        <scriptType>PYTHON</scriptType>
+        <timeout>300</timeout>        
+      </commandScript>
 
-        </service>
-    </services>
-</metainfo>
+    </service>
+  </services>
+</metainfo>

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py

@@ -28,16 +28,18 @@ hdp_stack_version         = str(config['hostLevelParams']['stack_version'])
 hdp_stack_version         = format_hdp_stack_version(hdp_stack_version)
 stack_is_hdp22_or_further = hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0
 
+version = default("/commandParams/version", None)
+
 if stack_is_hdp22_or_further:
-	ranger_home    = '/usr/hdp/current/ranger-admin'
-	ranger_conf    = '/etc/ranger/admin/conf'
-	ranger_stop    = '/usr/bin/ranger-admin-stop'
-	ranger_start   = '/usr/bin/ranger-admin-start'
-	usersync_home  = '/usr/hdp/current/ranger-usersync'
-	usersync_start = '/usr/bin/ranger-usersync-start'
-	usersync_stop  = '/usr/bin/ranger-usersync-stop'
+  ranger_home    = '/usr/hdp/current/ranger-admin'
+  ranger_conf    = '/etc/ranger/admin/conf'
+  ranger_stop    = '/usr/bin/ranger-admin-stop'
+  ranger_start   = '/usr/bin/ranger-admin-start'
+  usersync_home  = '/usr/hdp/current/ranger-usersync'
+  usersync_start = '/usr/bin/ranger-usersync-start'
+  usersync_stop  = '/usr/bin/ranger-usersync-stop'
 else:
-	pass
+  pass
 
 java_home = config['hostLevelParams']['java_home']
 unix_user  = default("/configurations/ranger-env/ranger_user", "ranger")
@@ -45,11 +47,74 @@ unix_group = default("/configurations/ranger-env/ranger_group", "ranger")
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
-jdk_location = config['hostLevelParams']['jdk_location']
+# admin-properties
+db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+sql_command_invoker = default("/configurations/admin-properties/SQL_COMMAND_INVOKER", "mysql")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+db_root_user = default("/configurations/admin-properties/db_root_user", "root")
+db_root_password = default("/configurations/admin-properties/db_root_password", " ")
+db_host = default("/configurations/admin-properties/db_host", "localhost")
+db_name = default("/configurations/admin-properties/db_name", "ranger")
+db_user = default("/configurations/admin-properties/db_user", "rangeradmin")
+db_password = default("/configurations/admin-properties/db_password", "rangeradmin")
+audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+policymgr_external_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+policymgr_http_enabled = default("/configurations/admin-properties/policymgr_http_enabled", "true")
+authentication_method = default("/configurations/admin-properties/authentication_method", "UNIX")
+remoteLoginEnabled = default("/configurations/admin-properties/remoteLoginEnabled", "true")
+authServiceHostName = default("/configurations/admin-properties/authServiceHostName", "localhost")
+authServicePort = default("/configurations/admin-properties/authServicePort", "5151")
+xa_ldap_url = default("/configurations/admin-properties/xa_ldap_url", "ldap://71.127.43.33:389")
+xa_ldap_userDNpattern = default("/configurations/admin-properties/xa_ldap_userDNpattern", "uid={0},ou=users,dc=xasecure,dc=net")
+xa_ldap_groupSearchBase = default("/configurations/admin-properties/xa_ldap_groupSearchBase", "ou=groups,dc=xasecure,dc=net")
+xa_ldap_groupSearchFilter = default("/configurations/admin-properties/xa_ldap_groupSearchFilter", "(member=uid={0},ou=users,dc=xasecure,dc=net)")
+xa_ldap_groupRoleAttribute = default("/configurations/admin-properties/xa_ldap_groupRoleAttribute", "cn")
+xa_ldap_ad_domain = default("/configurations/admin-properties/xa_ldap_ad_domain", "xasecure.net")
+xa_ldap_ad_url = default("/configurations/admin-properties/xa_ldap_ad_url", "ldap://ad.xasecure.net:389")
+
+# usersync-properties
+sync_source = default("/configurations/usersync-properties/SYNC_SOURCE", "unix")
+min_unix_user_id_to_sync = default("/configurations/usersync-properties/MIN_UNIX_USER_ID_TO_SYNC", "1000")
+sync_interval = default("/configurations/usersync-properties/SYNC_INTERVAL", "1")
+sync_ldap_url = default("/configurations/usersync-properties/SYNC_LDAP_URL", "ldap://localhost:389")
+sync_ldap_bind_dn = default("/configurations/usersync-properties/SYNC_LDAP_BIND_DN", "cn=admin,dc=xasecure,dc=net")
+sync_ldap_bind_password = default("/configurations/usersync-properties/SYNC_LDAP_BIND_PASSWORD", "admin321")
+cred_keystore_filename = default("/configurations/usersync-properties/CRED_KEYSTORE_FILENAME", "/usr/lib/xausersync/.jceks/xausersync.jceks")
+sync_ldap_user_search_base = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_BASE", "ou=users,dc=xasecure,dc=net")
+sync_ldap_user_search_scope = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE", "sub")
+sync_ldap_user_object_class = default("/configurations/usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS", "person")
+sync_ldap_user_search_filter = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER", "-")
+sync_ldap_user_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE", "cn")
+sync_ldap_user_group_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE", "memberof,ismemberof")
+sync_ldap_username_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_USERNAME_CASE_CONVERSION", "lower")
+sync_ldap_groupname_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_GROUPNAME_CASE_CONVERSION", "lower")
+logdir = default("/configurations/usersync-properties/logdir", "logs")
+
+# ranger-site
+http_enabled = default("/configurations/ranger-site/HTTP_ENABLED", "true")
+http_service_port = default("/configurations/ranger-site/HTTP_SERVICE_PORT", "6080")
+https_service_port = default("/configurations/ranger-site/HTTPS_SERVICE_PORT", "6182")
+https_attrib_keystoreFile = default("/configurations/ranger-site/HTTPS_KEYSTORE_FILE", "/etc/ranger/admin/keys/server.jks")
+https_attrib_keystorePass = default("/configurations/ranger-site/HTTPS_KEYSTORE_PASS", "ranger")
+https_attrib_keyAlias = default("/configurations/ranger-site/HTTPS_KEY_ALIAS", "mykey")
+https_attrib_clientAuth = default("/configurations/ranger-site/HTTPS_CLIENT_AUTH", "want")
+
+#ranger-env properties
+oracle_home = default("/configurations/ranger-env/oracle_home", "-")
+
+#For curl command in ranger to get db connector
+jdk_location = config['hostLevelParams']['jdk_location'] 
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if db_flavor and db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif db_flavor and db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
 driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py

@@ -24,23 +24,29 @@ from resource_management.core.exceptions import ComponentIsNotRunning
 from resource_management.core.logger import Logger
 from resource_management.core import shell
 from setup_ranger import setup_ranger
-
+import upgrade
 
 class RangerAdmin(Script):
   def install(self, env):
     self.install_packages(env)
-    setup_ranger(env)
+    setup_ranger()
 
-  def stop(self, env):
+  def stop(self, env, rolling_restart=False):
     import params
 
     env.set_params(params)
     Execute(format('{params.ranger_stop}'))
 
-  def start(self, env):
+  def pre_rolling_restart(self, env):
     import params
+    env.set_params(params)
+    upgrade.prestart(env, "ranger-admin")
 
-    setup_ranger(env)
+  def start(self, env, rolling_restart=False):
+    import params
+    
+    env.set_params(params)
+    setup_ranger()
     Execute(format('{params.ranger_start}'))
 
   def status(self, env):

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py

@@ -23,22 +23,29 @@ from resource_management.core.exceptions import ComponentIsNotRunning
 from resource_management.core.logger import Logger
 from resource_management.core import shell
 from setup_ranger import setup_usersync
-
+import upgrade
 
 class RangerUsersync(Script):
   def install(self, env):
     self.install_packages(env)
-    setup_usersync(env)
+    setup_usersync()
 
-  def stop(self, env):
+  def stop(self, env, rolling_restart=False):
     import params
 
+    env.set_params(params)
     Execute(format('{params.usersync_stop}'))
 
-  def start(self, env):
+  def pre_rolling_restart(self, env):
+    import params
+    env.set_params(params)
+    upgrade.prestart(env, "ranger-usersync")
+
+  def start(self, env, rolling_restart=False):
     import params
 
-    setup_usersync(env)
+    env.set_params(params)
+    setup_usersync()
     Execute(format('{params.usersync_start}'))
 
   def status(self, env):

ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py

@@ -17,7 +17,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 
 """
-
 import sys
 import fileinput
 import shutil
@@ -25,13 +24,10 @@ import os
 from resource_management import *
 from resource_management.core.logger import Logger
 
-
-def setup_ranger(env):
+def setup_ranger():
   import params
 
-  env.set_params(params)
-
-  if check_db_connnection(env):
+  if check_db_connnection():
 
     environment = {"no_proxy": format("{params.ambari_server_hostname}")}
 
@@ -45,7 +41,7 @@ def setup_ranger(env):
     if not os.path.isfile(params.driver_curl_target):
       Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
               path=["/bin", "/usr/bin/"],
-              sudo=True)
+              sudo=True)                        
 
     file_path = params.ranger_home + '/install.properties'
 
@@ -54,19 +50,23 @@ def setup_ranger(env):
     else:
       raise Fail('Ranger admin install.properties file doesnot exist')
 
-    write_properties_to_file(file_path, params.config['configurations']['admin-properties'])
-
-    cmd = format('cd {ranger_home} && {ranger_home}/setup.sh')
-
+    write_properties_to_file(file_path, admin_properties())
+    ##if db flavor == oracle - set oracle home env variable
+    if params.db_flavor.lower() == 'oracle' and params.oracle_home:
+      env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home}
+    else: 
+      env_dict = {'JAVA_HOME': params.java_home}
+    cmd = format('cd {params.ranger_home} && {params.ranger_home}/setup.sh')
+    
     try:
-      opt = Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+      Execute(cmd, environment=env_dict, logoutput=True)
     except Exception, e:
       if os.path.isfile(params.ranger_home + '/install-bk.properties'):
         os.remove(file_path)
         os.rename(params.ranger_home + '/install-bk.properties', file_path)
       raise Fail('Ranger installation Failed, {0}'.format(str(e)))
 
-    do_post_installation(env)
+    do_post_installation()
 
     if os.path.isfile(params.ranger_home + '/install-bk.properties'):
       os.remove(file_path)
@@ -74,48 +74,41 @@ def setup_ranger(env):
     else:
       raise Fail('Ranger admin install.properties backup file doesnot exist')
 
-
-def do_post_installation(env):
+def do_post_installation():
   import params
 
-  env.set_params(params)
-  Logger.info('Performing Ranger post installation..')
+  Logger.info('Performing Ranger post installation')
 
   file_path = params.ranger_conf + '/ranger_webserver.properties'
-  d = dict()
-  d['http.service.port'] = params.config['configurations']['ranger-site']['HTTP_SERVICE_PORT']
-  d['https.service.port'] = params.config['configurations']['ranger-site']['HTTPS_SERVICE_PORT']
-  d['https.attrib.keystoreFile'] = params.config['configurations']['ranger-site']['HTTPS_KEYSTORE_FILE']
-  d['https.attrib.keystorePass'] = params.config['configurations']['ranger-site']['HTTPS_KEYSTORE_PASS']
-  d['https.attrib.keyAlias'] = params.config['configurations']['ranger-site']['HTTPS_KEY_ALIAS']
-  d['https.attrib.clientAuth'] = params.config['configurations']['ranger-site']['HTTPS_CLIENT_AUTH']
-  write_properties_to_file(file_path, d)
+  ranger_site = dict()
+  ranger_site['http.service.port'] = params.http_service_port
+  ranger_site['https.service.port'] = params.https_service_port
+  ranger_site['https.attrib.keystoreFile'] = params.https_attrib_keystoreFile
+  ranger_site['https.attrib.keystorePass'] = params.https_attrib_keystorePass
+  ranger_site['https.attrib.keyAlias'] = params.https_attrib_keyAlias
+  ranger_site['https.attrib.clientAuth'] = params.https_attrib_clientAuth
+  write_properties_to_file(file_path, ranger_site)
 
-  d.clear();
+  ranger_site.clear()
 
   file_path = params.ranger_conf + '/xa_system.properties'
-  d['http.enabled'] = params.config['configurations']['ranger-site']['HTTP_ENABLED']
-  write_properties_to_file(file_path, d)
-  Logger.info('Performing Ranger post installation..DONE')
+  ranger_site['http.enabled'] = params.http_enabled
+  write_properties_to_file(file_path, ranger_site)
+  Logger.info('Performing Ranger post installation DONE')
 
-
-def setup_usersync(env):
+def setup_usersync():
   import params
 
-  env.set_params(params)
-
   file_path = params.usersync_home + '/install.properties'
-  write_properties_to_file(file_path, usersync_properties(params))
+  write_properties_to_file(file_path, usersync_properties())
 
-  cmd = format('cd {usersync_home} && {usersync_home}/setup.sh')
+  cmd = format('cd {params.usersync_home} && {params.usersync_home}/setup.sh')
   Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
 
-
 def write_properties_to_file(file_path, value):
   for key in value:
     modify_config(file_path, key, value[key])
 
-
 def modify_config(filepath, variable, setting):
   var_found = False
   already_set = False
@@ -148,63 +141,90 @@ def modify_config(filepath, variable, setting):
 
   return
 
-
-def usersync_properties(params):
-  d = dict()
-
-  d['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url']
-
-  d['SYNC_SOURCE'] = params.config['configurations']['usersync-properties']['SYNC_SOURCE']
-  d['MIN_UNIX_USER_ID_TO_SYNC'] = params.config['configurations']['usersync-properties']['MIN_UNIX_USER_ID_TO_SYNC']
-  d['SYNC_INTERVAL'] = params.config['configurations']['usersync-properties']['SYNC_INTERVAL']
-  d['SYNC_LDAP_URL'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_URL']
-  d['SYNC_LDAP_BIND_DN'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_DN']
-  d['SYNC_LDAP_BIND_PASSWORD'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_PASSWORD']
-  d['CRED_KEYSTORE_FILENAME'] = params.config['configurations']['usersync-properties']['CRED_KEYSTORE_FILENAME']
-  d['SYNC_LDAP_USER_SEARCH_BASE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_BASE']
-  d['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_USER_SEARCH_SCOPE']
-  d['SYNC_LDAP_USER_OBJECT_CLASS'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_USER_OBJECT_CLASS']
-  d['SYNC_LDAP_USER_SEARCH_FILTER'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_USER_SEARCH_FILTER']
-  d['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_USER_NAME_ATTRIBUTE']
-  d['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE']
-  d['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_USERNAME_CASE_CONVERSION']
-  d['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties'][
-    'SYNC_LDAP_GROUPNAME_CASE_CONVERSION']
-  d['logdir'] = params.config['configurations']['usersync-properties']['logdir']
-
-  return d
-
-
-def check_db_connnection(env):
+def admin_properties():
   import params
 
-  env.set_params(params)
-
-  db_root_password = params.config['configurations']['admin-properties']["db_root_password"]
-  db_root_user = params.config['configurations']['admin-properties']["db_root_user"]
-  db_host = params.config['configurations']['admin-properties']['db_host']
-  sql_command_invoker = params.config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
-
-  Logger.info('Checking MYSQL root password')
+  admin_properties = dict()
+
+  admin_properties['DB_FLAVOR'] = params.db_flavor
+  admin_properties['SQL_COMMAND_INVOKER'] = params.sql_command_invoker
+  admin_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  admin_properties['db_root_user'] = params.db_root_user
+  admin_properties['db_root_password'] = params.db_root_password
+  admin_properties['db_host'] = params.db_host
+  admin_properties['db_name'] = params.db_name
+  admin_properties['db_user'] = params.db_user
+  admin_properties['db_password'] = params.db_password
+  admin_properties['audit_db_name'] = params.audit_db_name
+  admin_properties['audit_db_user'] = params.audit_db_user
+  admin_properties['audit_db_password'] = params.audit_db_password
+  admin_properties['policymgr_external_url'] = params.policymgr_external_url
+  admin_properties['policymgr_http_enabled'] = params.policymgr_http_enabled
+  admin_properties['authentication_method'] = params.authentication_method
+  admin_properties['remoteLoginEnabled'] = params.remoteLoginEnabled
+  admin_properties['authServiceHostName'] = params.authServiceHostName
+  admin_properties['authServicePort'] = params.authServicePort
+  admin_properties['xa_ldap_url'] = params.xa_ldap_url
+  admin_properties['xa_ldap_userDNpattern'] = params.xa_ldap_userDNpattern
+  admin_properties['xa_ldap_groupSearchBase'] = params.xa_ldap_groupSearchBase
+  admin_properties['xa_ldap_groupSearchFilter'] = params.xa_ldap_groupSearchFilter
+  admin_properties['xa_ldap_groupRoleAttribute'] = params.xa_ldap_groupRoleAttribute
+  admin_properties['xa_ldap_ad_domain'] = params.xa_ldap_ad_domain
+  admin_properties['xa_ldap_ad_url'] = params.xa_ldap_ad_url
+
+  return admin_properties
+
+def usersync_properties():
+  import params
+  
+  usersync_properties = dict()
+
+  usersync_properties['POLICY_MGR_URL'] = params.policymgr_external_url
+
+  usersync_properties['SYNC_SOURCE'] = params.sync_source
+  usersync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = params.min_unix_user_id_to_sync
+  usersync_properties['SYNC_INTERVAL'] = params.sync_interval
+  usersync_properties['SYNC_LDAP_URL'] = params.sync_ldap_url
+  usersync_properties['SYNC_LDAP_BIND_DN'] = params.sync_ldap_bind_dn
+  usersync_properties['SYNC_LDAP_BIND_PASSWORD'] = params.sync_ldap_bind_password
+  usersync_properties['CRED_KEYSTORE_FILENAME'] = params.cred_keystore_filename
+  usersync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = params.sync_ldap_user_search_base
+  usersync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.sync_ldap_user_search_scope
+  usersync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = params.sync_ldap_user_object_class
+  usersync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = params.sync_ldap_user_search_filter
+  usersync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.sync_ldap_user_name_attribute
+  usersync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.sync_ldap_user_group_name_attribute
+  usersync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.sync_ldap_username_case_conversion
+  usersync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.sync_ldap_groupname_case_conversion
+  usersync_properties['logdir'] = params.logdir
+
+  return usersync_properties
+
+def check_db_connnection():
+  import params
 
-  cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\""
+  db_root_password = params.db_root_password
+  db_root_user = params.db_root_user
+  db_host = params.db_host
+  sql_command_invoker = params.sql_command_invoker
+  db_flavor = params.db_flavor
+  cmd_str = ""
+  Logger.info('Checking DB connection')
+
+  if db_flavor and db_flavor.lower() == 'mysql':
+    cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\""
+  elif db_flavor and db_flavor.lower() == 'oracle':
+    cmd_str = sql_command_invoker +" " +  db_root_user + "/" + db_root_password + "@" + db_host + " AS SYSDBA"
   status, output = get_status_output(cmd_str)
 
   if status == 0:
-    Logger.info('Checking MYSQL root password DONE')
+    Logger.info('Checking DB connection DONE')
     return True
   else:
     Logger.info(
       'Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host and DB server running on DB Host')
     sys.exit(1)
 
-
 def get_status_output(cmd):
   import subprocess
 

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py

@@ -58,7 +58,7 @@ class Nimbus(Script):
     import params
     env.set_params(params)
     self.configure(env)
-    setup_ranger_storm(env)    
+    setup_ranger_storm()    
     service("nimbus", action="start")
 
   def stop(self, env, rolling_restart=False):

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py

@@ -103,24 +103,70 @@ metric_collector_sink_jar = "/usr/lib/storm/lib/ambari-metrics-storm-sink*.jar"
 # ranger host
 ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
 has_ranger_admin = not len(ranger_admin_hosts) == 0
-user_input = default("/configurations/ranger-storm-plugin-properties/ranger-storm-plugin-enabled", "no")
 
 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
   # setting flag value for ranger hive plugin
   enable_ranger_storm = False
-  user_input = config['configurations']['ranger-storm-plugin-properties']['ranger-storm-plugin-enabled']
-  if user_input.lower() == 'yes':
+  ranger_plugin_enable = default("/configurations/ranger-storm-plugin-properties/ranger-storm-plugin-enabled", "no")
+  if ranger_plugin_enable.lower() == 'yes':
     enable_ranger_storm = True
-  elif user_input.lower() == 'no':
+  elif ranger_plugin_enable.lower() == 'no':
     enable_ranger_storm = False
 
 ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
 
+#ranger storm properties
+policymgr_mgr_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080")
+sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar")
+xa_audit_db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL")
+xa_audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit")
+xa_audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger")
+xa_audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger")
+xa_db_host = default("/configurations/admin-properties/db_host", "localhost")
+repo_name = str(config['clusterName']) + '_storm'
+db_enabled = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.DB.IS_ENABLED", "false")
+hdfs_enabled = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.IS_ENABLED", "false")
+hdfs_dest_dir = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.DESTINATION_DIRECTORY", "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/app-type/time:yyyyMMdd")
+hdfs_buffer_dir = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit")
+hdfs_archive_dir = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY", "__REPLACE__LOG_DIR/hadoop/app-type/audit/archive")
+hdfs_dest_file = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FILE", "hostname-audit.log")
+hdfs_dest_flush_int_sec = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS", "900")
+hdfs_dest_rollover_int_sec = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS", "86400")
+hdfs_dest_open_retry_int_sec = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS", "60")
+hdfs_buffer_file = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FILE", "time:yyyyMMdd-HHmm.ss.log")
+hdfs_buffer_flush_int_sec = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS", "60")
+hdfs_buffer_rollover_int_sec = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS", "600")
+hdfs_archive_max_file_count = default("/configurations/ranger-storm-plugin-properties/XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT", "10")
+ssl_keystore_file = default("/configurations/ranger-storm-plugin-properties/SSL_KEYSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-keystore.jks")
+ssl_keystore_password = default("/configurations/ranger-storm-plugin-properties/SSL_KEYSTORE_PASSWORD", "myKeyFilePassword")
+ssl_truststore_file = default("/configurations/ranger-storm-plugin-properties/SSL_TRUSTSTORE_FILE_PATH", "/etc/hadoop/conf/ranger-plugin-truststore.jks")
+ssl_truststore_password = default("/configurations/ranger-storm-plugin-properties/SSL_TRUSTSTORE_PASSWORD", "changeit")
+
+common_name_for_certificate = default("/configurations/ranger-storm-plugin-properties/common.name.for.certificate", "-")
+
+repo_config_username = default("/configurations/ranger-storm-plugin-properties/REPOSITORY_CONFIG_USERNAME", "hadoop")
+repo_config_password = default("/configurations/ranger-storm-plugin-properties/REPOSITORY_CONFIG_PASSWORD", "hadoop")
+storm_ui_port = config['configurations']['storm-site']['ui.port']
+
+admin_uname = default("/configurations/ranger-env/admin_username", "admin")
+admin_password = default("/configurations/ranger-env/admin_password", "admin")
+admin_uname_password = format("{admin_uname}:{admin_password}")
+
+ambari_ranger_admin = default("/configurations/ranger-env/ranger_admin_username", "amb_ranger_admin")
+ambari_ranger_password = default("/configurations/ranger-env/ranger_admin_password", "ambari123")
+policy_user = default("/configurations/ranger-storm-plugin-properties/policy_user", "storm")
+
+#For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-jdbc_jar_name = "mysql-connector-java.jar"
+if xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'mysql':
+  jdbc_symlink_name = "mysql-jdbc-driver.jar"
+  jdbc_jar_name = "mysql-connector-java.jar"
+elif xa_audit_db_flavor and xa_audit_db_flavor.lower() == 'oracle':
+  jdbc_jar_name = "ojdbc6.jar"
+  jdbc_symlink_name = "oracle-jdbc-driver.jar"
 
 downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
 
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
-driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")    
+driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py

@@ -28,9 +28,8 @@ from resource_management import *
 from resource_management.core.logger import Logger
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 
-def setup_ranger_storm(env):
+def setup_ranger_storm():
   import params
-  env.set_params(params)
 
   if params.has_ranger_admin and params.security_enabled:
 
@@ -68,8 +67,8 @@ def setup_ranger_storm(env):
 
     file_path = '/usr/hdp/'+ hdp_version +'/ranger-storm-plugin/install.properties'
 
-    ranger_storm_dict = ranger_storm_properties(params)
-    storm_repo_data = storm_repo_properties(params)        
+    ranger_storm_dict = ranger_storm_properties()
+    storm_repo_data = storm_repo_properties()        
 
     write_properties_to_file(file_path, ranger_storm_dict)
 
@@ -78,17 +77,15 @@ def setup_ranger_storm(env):
       ranger_adm_obj = Rangeradmin(url=ranger_storm_dict['POLICY_MGR_URL'])
       response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_storm_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
 
-      if response_code is not None and response_code == 200:      
-        ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username']
-        ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password']
-        ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin')
+      if response_code is not None and response_code == 200:
+        ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
         ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password
         if ambari_ranger_admin != '' and ambari_ranger_password != '':
           repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_storm_dict['REPOSITORY_NAME'], 'storm', 'true', ambari_username_password_for_ranger)
           if repo and repo['name'] == ranger_storm_dict['REPOSITORY_NAME']:
             Logger.info('STORM Repository exist')
           else:
-            response = ranger_adm_obj.create_repository_urllib2(storm_repo_data, ambari_username_password_for_ranger)
+            response = ranger_adm_obj.create_repository_urllib2(storm_repo_data, ambari_username_password_for_ranger, params.policy_user)
             if response is not None:
               Logger.info('STORM Repository created in Ranger Admin')
             else:
@@ -146,58 +143,56 @@ def modify_config(filepath, variable, setting):
 
   return
 
-def ranger_storm_properties(params):
+def ranger_storm_properties():
+  import params
+
   ranger_storm_properties = dict()
 
-  ranger_storm_properties['POLICY_MGR_URL']           = params.config['configurations']['admin-properties']['policymgr_external_url']
-  ranger_storm_properties['SQL_CONNECTOR_JAR']        = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
-  ranger_storm_properties['XAAUDIT.DB.FLAVOUR']       = params.config['configurations']['admin-properties']['DB_FLAVOR']
-  ranger_storm_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
-  ranger_storm_properties['XAAUDIT.DB.USER_NAME']     = params.config['configurations']['admin-properties']['audit_db_user']
-  ranger_storm_properties['XAAUDIT.DB.PASSWORD']      = params.config['configurations']['admin-properties']['audit_db_password']
-  ranger_storm_properties['XAAUDIT.DB.HOSTNAME']      = params.config['configurations']['admin-properties']['db_host']
-  ranger_storm_properties['REPOSITORY_NAME']          = str(params.config['clusterName']) + '_storm'
-
-  ranger_storm_properties['XAAUDIT.DB.IS_ENABLED']   = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
-
-  ranger_storm_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
-  ranger_storm_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
-  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
-  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
-  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
-  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
-  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
-  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
-  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
-  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
-  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
-  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
-  
-
-  ranger_storm_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
-  ranger_storm_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_KEYSTORE_PASSWORD']
-  ranger_storm_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
-  ranger_storm_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+  ranger_storm_properties['POLICY_MGR_URL'] = params.policymgr_mgr_url
+  ranger_storm_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar
+  ranger_storm_properties['XAAUDIT.DB.FLAVOUR'] = params.xa_audit_db_flavor
+  ranger_storm_properties['XAAUDIT.DB.DATABASE_NAME'] = params.xa_audit_db_name
+  ranger_storm_properties['XAAUDIT.DB.USER_NAME'] = params.xa_audit_db_user
+  ranger_storm_properties['XAAUDIT.DB.PASSWORD'] = params.xa_audit_db_password
+  ranger_storm_properties['XAAUDIT.DB.HOSTNAME'] = params.xa_db_host
+  ranger_storm_properties['REPOSITORY_NAME'] = params.repo_name
+  ranger_storm_properties['XAAUDIT.DB.IS_ENABLED'] = params.db_enabled
+
+  ranger_storm_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.hdfs_enabled
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.hdfs_dest_dir
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.hdfs_buffer_dir
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.hdfs_archive_dir
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.hdfs_dest_file
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.hdfs_dest_flush_int_sec
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_dest_rollover_int_sec
+  ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.hdfs_dest_open_retry_int_sec
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.hdfs_buffer_file
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.hdfs_buffer_flush_int_sec
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.hdfs_buffer_rollover_int_sec
+  ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.hdfs_archive_max_file_count
+
+  ranger_storm_properties['SSL_KEYSTORE_FILE_PATH'] = params.ssl_keystore_file
+  ranger_storm_properties['SSL_KEYSTORE_PASSWORD'] = params.ssl_keystore_password
+  ranger_storm_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.ssl_truststore_file
+  ranger_storm_properties['SSL_TRUSTSTORE_PASSWORD'] = params.ssl_truststore_password
 
   return ranger_storm_properties
 
 
-def storm_repo_properties(params):
-
-  storm_ui_server_host = params.config['clusterHostInfo']['storm_ui_server_hosts'][0]
+def storm_repo_properties():
+  import params
 
   config_dict = dict()
-  config_dict['username'] = params.config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
-  config_dict['password'] = params.config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD']
-  config_dict['nimbus.url'] = 'http://' + storm_ui_server_host + ':' + str(params.config['configurations']['storm-site']['ui.port'])
-  config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-storm-plugin-properties']['common.name.for.certificate']
-
+  config_dict['username'] = params.repo_config_username
+  config_dict['password'] = params.repo_config_password
+  config_dict['nimbus.url'] = 'http://' + params.storm_ui_host[0].lower() + ':' + str(params.storm_ui_port)
+  config_dict['commonNameForCertificate'] = params.common_name_for_certificate
 
   repo = dict()
   repo['isActive'] = "true"
   repo['config'] = json.dumps(config_dict)
   repo['description'] = "storm repo"
-  repo['name'] = str(params.config['clusterName']) + "_storm"
+  repo['name'] = params.repo_name
   repo['repositoryType'] = "Storm"
   repo['assetType'] = '6'
 

ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py

@@ -58,7 +58,7 @@ class UiServer(Script):
     import params
     env.set_params(params)
     self.configure(env)
-    setup_ranger_storm(env)    
+    setup_ranger_storm()    
     service("ui", action="start")
 
   def stop(self, env, rolling_restart=False):

ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml

@@ -20,131 +20,137 @@
 -->
 <configuration supports_final="true">
 
-        <property>
-                <name>ranger-hbase-plugin-enabled</name>
-                <value>No</value>
-                <description>Enable ranger hbase plugin ?</description>
-        </property>
-
-	<property>
-		<name>REPOSITORY_CONFIG_USERNAME</name>
-		<value>hbase</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>REPOSITORY_CONFIG_PASSWORD</name>
-		<value>hbase</value>
-		<property-type>PASSWORD</property-type>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>XAAUDIT.DB.IS_ENABLED</name>
-		<value>true</value>
-		<description></description>
-	</property>	
-
-	<property>
-		<name>XAAUDIT.HDFS.IS_ENABLED</name>
-		<value>false</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
-		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
-		<value>%hostname%-audit.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
-		<value>900</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>86400</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>600</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
-		<value>10</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_PASSWORD</name>
-		<value>myKeyFilePassword</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_PASSWORD</name>
-		<value>changeit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>UPDATE_XAPOLICIES_ON_GRANT_REVOKE</name>
-		<value>true</value>
-		<description></description>
-	</property>
-
-</configuration>	
+  <property>
+    <name>policy_user</name>
+    <value>ambari-qa</value>
+    <description>This user must be system user and also present at Ranger admin portal</description>
+  </property>
+  
+  <property>
+    <name>ranger-hbase-plugin-enabled</name>
+    <value>No</value>
+    <description>Enable ranger hbase plugin ?</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <value>hbase</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <value>hbase</value>
+    <property-type>PASSWORD</property-type>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>XAAUDIT.DB.IS_ENABLED</name>
+    <value>true</value>
+    <description></description>
+  </property> 
+
+  <property>
+    <name>XAAUDIT.HDFS.IS_ENABLED</name>
+    <value>false</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+    <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+    <value>%hostname%-audit.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+    <value>900</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>86400</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+    <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>600</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+    <value>10</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_PASSWORD</name>
+    <value>myKeyFilePassword</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_PASSWORD</name>
+    <value>changeit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>UPDATE_XAPOLICIES_ON_GRANT_REVOKE</name>
+    <value>true</value>
+    <description></description>
+  </property>
+
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml

@@ -20,137 +20,143 @@
 -->
 <configuration supports_final="true">
 
-        <property>
-               <name>hadoop.rpc.protection</name>
-               <value>-</value>
-               <description>Used for repository creation on ranger admin</description>
-        </property>
-
-	<property>
-		<name>common.name.for.certificate</name>
-		<value>-</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>
-
-        <property>
-               <name>ranger-hdfs-plugin-enabled</name>
-               <value>No</value>
-               <description>Enable ranger hdfs plugin ?</description>
-        </property>
-
-	<property>
-		<name>REPOSITORY_CONFIG_USERNAME</name>
-		<value>hadoop</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>
-
-	<property>
-		<name>REPOSITORY_CONFIG_PASSWORD</name>
-		<value>hadoop</value>
-		<property-type>PASSWORD</property-type>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>XAAUDIT.DB.IS_ENABLED</name>
-		<value>true</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.IS_ENABLED</name>
-		<value>false</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
-		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
-		<value>%hostname%-audit.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
-		<value>900</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>86400</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>600</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
-		<value>10</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_PASSWORD</name>
-		<value>myKeyFilePassword</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_PASSWORD</name>
-		<value>changeit</value>
-		<description></description>
-	</property>
-
-</configuration>	
+  <property>
+    <name>policy_user</name>
+    <value>ambari-qa</value>
+    <description>This user must be system user and also present at Ranger admin portal</description>
+  </property> 
+
+  <property>
+    <name>hadoop.rpc.protection</name>
+    <value>-</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>common.name.for.certificate</name>
+    <value>-</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>ranger-hdfs-plugin-enabled</name>
+    <value>No</value>
+    <description>Enable ranger hdfs plugin ?</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <value>hadoop</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <value>hadoop</value>
+    <property-type>PASSWORD</property-type>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>XAAUDIT.DB.IS_ENABLED</name>
+    <value>true</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.IS_ENABLED</name>
+    <value>false</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+    <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+    <value>%hostname%-audit.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+    <value>900</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>86400</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+    <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>600</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+    <value>10</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_PASSWORD</name>
+    <value>myKeyFilePassword</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_PASSWORD</name>
+    <value>changeit</value>
+    <description></description>
+  </property>
+
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml

@@ -20,144 +20,149 @@
 -->
 <configuration supports_final="true">
 
-        <property>
-                <name>jdbc.driverClassName</name>
-                <value>org.apache.hive.jdbc.HiveDriver</value>
-                <description>Used for repository creation on ranger admin</description>
-        </property>
-
-	<property>
-	        <name>common.name.for.certificate</name>
-        	<value>-</value>
-	        <description>Used for repository creation on ranger admin</description>
-	</property>
-
-
-        <property>
-                <name>ranger-hive-plugin-enabled</name>
-                <value>No</value>
-                <description>Enable ranger hive plugin ?</description>
-        </property>
-
-	<property>
-	        <name>REPOSITORY_CONFIG_USERNAME</name>
-        	<value>hive</value>
-	        <description>Used for repository creation on ranger admin</description>
-	</property>
-
-	<property>
-        	<name>REPOSITORY_CONFIG_PASSWORD</name>
-	        <value>hive</value>
-	        <property-type>PASSWORD</property-type>
-	        <description>Used for repository creation on ranger admin</description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.DB.IS_ENABLED</name>
-		<value>true</value>
-		<description></description>
-	</property>	
-
-	<property>
-		<name>XAAUDIT.HDFS.IS_ENABLED</name>
-		<value>false</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
-		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
-		<value>%hostname%-audit.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
-		<value>900</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>86400</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>600</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
-		<value>10</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_PASSWORD</name>
-		<value>myKeyFilePassword</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_PASSWORD</name>
-		<value>changeit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>UPDATE_XAPOLICIES_ON_GRANT_REVOKE</name>
-		<value>true</value>
-		<description></description>
-	</property>	
-
-</configuration>	
+  <property>
+    <name>policy_user</name>
+    <value>ambari-qa</value>
+    <description>This user must be system user and also present at Ranger admin portal</description>
+  </property> 
+
+  <property>
+    <name>jdbc.driverClassName</name>
+    <value>org.apache.hive.jdbc.HiveDriver</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>common.name.for.certificate</name>
+    <value>-</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>ranger-hive-plugin-enabled</name>
+    <value>No</value>
+    <description>Enable ranger hive plugin ?</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <value>hive</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <value>hive</value>
+    <property-type>PASSWORD</property-type>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.DB.IS_ENABLED</name>
+    <value>true</value>
+    <description></description>
+  </property> 
+
+  <property>
+    <name>XAAUDIT.HDFS.IS_ENABLED</name>
+    <value>false</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+    <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+    <value>%hostname%-audit.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+    <value>900</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>86400</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+    <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>600</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+    <value>10</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_PASSWORD</name>
+    <value>myKeyFilePassword</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_PASSWORD</name>
+    <value>changeit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>UPDATE_XAPOLICIES_ON_GRANT_REVOKE</name>
+    <value>true</value>
+    <description></description>
+  </property> 
+
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/services/RANGER/metainfo.xml

@@ -19,11 +19,11 @@
  */
 -->
 <metainfo>
-    <schemaVersion>2.0</schemaVersion>
-    <services>
-        <service>
-            <name>RANGER</name>
-            <extends>common-services/RANGER/0.4.0</extends>		
-        </service>
-    </services>
-</metainfo>
+  <schemaVersion>2.0</schemaVersion>
+  <services>
+    <service>
+      <name>RANGER</name>
+      <extends>common-services/RANGER/0.4.0</extends>   
+    </service>
+  </services>
+</metainfo>

ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml

@@ -20,131 +20,137 @@
 -->
 <configuration supports_final="true">
 
-	<property>
-	    <name>common.name.for.certificate</name>
-      	<value>-</value>
-	    <description>Used for repository creation on ranger admin</description>
-	</property>	
-	
-	<property>
-		<name>ranger-storm-plugin-enabled</name>
-		<value>No</value>
-		<description>Enable ranger storm plugin ?</description>
-	</property>
-
-	<property>
-		<name>REPOSITORY_CONFIG_USERNAME</name>
-		<value>stormclient@EXAMPLE.COM</value>
-		<description>Used for repository creation on ranger admin</description>
-	</property>
-	
-	<property>
-		<name>REPOSITORY_CONFIG_PASSWORD</name>
-		<value>stormclient</value>
-		<property-type>PASSWORD</property-type>
-		<description>Used for repository creation on ranger admin</description>
-	</property>	
-
-	<property>
-		<name>XAAUDIT.DB.IS_ENABLED</name>
-		<value>true</value>
-		<description></description>
-	</property>	
-
-	<property>
-		<name>XAAUDIT.HDFS.IS_ENABLED</name>
-		<value>false</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
-		<value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
-		<value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
-		<value>%hostname%-audit.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
-		<value>900</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>86400</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
-		<value>%time:yyyyMMdd-HHmm.ss%.log</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
-		<value>60</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
-		<value>600</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
-		<value>10</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_KEYSTORE_PASSWORD</name>
-		<value>myKeyFilePassword</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_FILE_PATH</name>
-		<value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
-		<description></description>
-	</property>
-
-	<property>
-		<name>SSL_TRUSTSTORE_PASSWORD</name>
-		<value>changeit</value>
-		<description></description>
-	</property>
-
-</configuration>	
+  <property>
+    <name>policy_user</name>
+    <value>storm</value>
+    <description>This user must be system user and also present at Ranger admin portal</description>
+  </property> 
+
+  <property>
+    <name>common.name.for.certificate</name>
+    <value>-</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+  
+  <property>
+    <name>ranger-storm-plugin-enabled</name>
+    <value>No</value>
+    <description>Enable ranger storm plugin ?</description>
+  </property>
+
+  <property>
+    <name>REPOSITORY_CONFIG_USERNAME</name>
+    <value>stormtestuser@EXAMPLE.COM</value>
+    <description>Used for repository creation on ranger admin</description>
+  </property>
+  
+  <property>
+    <name>REPOSITORY_CONFIG_PASSWORD</name>
+    <value>stormtestuser</value>
+    <property-type>PASSWORD</property-type>
+    <description>Used for repository creation on ranger admin</description>
+  </property> 
+
+  <property>
+    <name>XAAUDIT.DB.IS_ENABLED</name>
+    <value>true</value>
+    <description></description>
+  </property> 
+
+  <property>
+    <name>XAAUDIT.HDFS.IS_ENABLED</name>
+    <value>false</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
+    <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
+    <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
+    <value>%hostname%-audit.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
+    <value>900</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>86400</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
+    <value>%time:yyyyMMdd-HHmm.ss%.log</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
+    <value>60</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
+    <value>600</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
+    <value>10</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_KEYSTORE_PASSWORD</name>
+    <value>myKeyFilePassword</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_FILE_PATH</name>
+    <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
+    <description></description>
+  </property>
+
+  <property>
+    <name>SSL_TRUSTSTORE_PASSWORD</name>
+    <value>changeit</value>
+    <description></description>
+  </property>
+
+</configuration>

ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.2.xml

@@ -57,6 +57,14 @@
         <component>ZOOKEEPER_SERVER</component>
       </service>
     </group>
+    
+    <group name="RANGER" title="Ranger">
+      <skippable>true</skippable>
+      <service name="RANGER">
+        <component>RANGER_ADMIN</component>
+        <component>RANGER_USERSYNC</component>
+      </service>
+    </group>
 
     <group name="CORE_MASTER" title="Core Masters">
       <service-check>false</service-check>
@@ -294,6 +302,25 @@
       </component>
     </service>
 
+    <service name="RANGER">
+      <component name="RANGER_ADMIN">
+        <pre-upgrade>
+          <task xsi:type="manual">
+            <message>Backup the Ranger Admin database and Ranger Audit database</message>
+          </task>
+        </pre-upgrade>
+        <upgrade>
+          <task xsi:type="restart" />
+        </upgrade>
+      </component>
+
+      <component name="RANGER_USERSYNC">
+        <upgrade>
+          <task xsi:type="restart" />
+        </upgrade>
+      </component>
+    </service>
+
     <service name="HDFS">
       <component name="NAMENODE">
         <upgrade>
@@ -359,7 +386,6 @@
         </upgrade>
       </component>
     </service>
-
     <service name="HBASE">
       <component name="HBASE_MASTER">
         <upgrade>