AMBARI-13040. Improve help text description for Ranger properties in Ambari. (Gautam Board via jaimin)

ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml

@@ -30,7 +30,7 @@
   <property>
     <name>common.name.for.certificate</name>
     <value></value>
-    <description>Used for repository creation on ranger admin</description>
+    <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -63,7 +63,7 @@
   <property>
     <name>KNOX_HOME</name>
     <value>/usr/hdp/current/knox-server</value>
-    <description></description>
+    <description>Knox home folder</description>
   </property>
 
   <property>

ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml

@@ -23,101 +23,101 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/ranger/kms/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/ranger/kms/audit/db/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/ranger/kms/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/ranger/kms/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>true</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/ranger/kms/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/ranger/kms/audit/solr/spool</description>
   </property>  
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>  
 
 </configuration>

ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml

@@ -47,7 +47,7 @@
     <property>
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description> java keystore credential file</description>
+    <description>java keystore credential file</description>
   </property>
 
   <property>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml

@@ -23,7 +23,7 @@
   <property>
     <name>common.name.for.certificate</name>
     <value></value>
-    <description>Used for repository creation on ranger admin</description>
+    <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml

@@ -33,8 +33,7 @@
 	<property>
 		<name>common.name.for.certificate</name>
 		<value></value>
-		<description>Used for repository creation on ranger admin
-		</description>
+		<description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
 		<value-attributes>
 			<empty-value-valid>true</empty-value-valid>
 		</value-attributes>

ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml

@@ -36,7 +36,7 @@
   <property>
     <name>common.name.for.certificate</name>
     <value></value>
-    <description>Used for repository creation on ranger admin</description>
+    <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>

ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml

@@ -30,7 +30,7 @@
   <property>
     <name>common.name.for.certificate</name>
     <value></value>
-    <description>Used for repository creation on ranger admin</description>
+    <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/hbase/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/hbase/audit/db/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/hbase/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/hbase/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>false</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/hbase/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/hbase/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>true</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml

@@ -43,19 +43,19 @@
 		<name>xasecure.policymgr.clientssl.truststore.password</name>
 		<value>changeit</value>
 		<property-type>PASSWORD</property-type>
-		<description>java  truststore password</description>
+		<description>java truststore password</description>
 	</property>
 
     <property>
 		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
 		<value>jceks://file{{credential_file}}</value>
-		<description>java  keystore credential file</description>
+		<description>java keystore credential file</description>
 	</property>
 
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
 		<value>jceks://file{{credential_file}}</value>
-		<description>java  truststore credential file</description>
+		<description>java truststore credential file</description>
 	</property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/hadoop/hdfs/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/hadoop/hdfs/audit/db/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/hadoop/hdfs/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/hadoop/hdfs/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>false</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/hadoop/hdfs/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/hadoop/hdfs/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml

@@ -43,19 +43,19 @@
 		<name>xasecure.policymgr.clientssl.truststore.password</name>
 		<value>changeit</value>
 		<property-type>PASSWORD</property-type>
-		<description>java  truststore password</description>
+		<description>java truststore password</description>
 	</property>
 
     <property>
 		<name>xasecure.policymgr.clientssl.keystore.credential.file</name>
 		<value>jceks://file{{credential_file}}</value>
-		<description>java  keystore credential file</description>
+		<description>java keystore credential file</description>
 	</property>
 
 	<property>
 		<name>xasecure.policymgr.clientssl.truststore.credential.file</name>
 		<value>jceks://file{{credential_file}}</value>
-		<description>java  truststore credential file</description>
+		<description>java truststore credential file</description>
 	</property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/hive/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/hive/audit/db/spool</description>
   </property>  
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/hive/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/hive/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>false</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/hive/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/hive/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml

@@ -43,19 +43,19 @@
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
     <property-type>PASSWORD</property-type>
-    <description>java  truststore password</description>
+    <description>java truststore password</description>
   </property>
 
     <property>
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  keystore credential file</description>
+    <description>java keystore credential file</description>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  truststore credential file</description>
+    <description>java truststore credential file</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml

@@ -23,7 +23,7 @@
   <property>
     <name>ranger.plugin.hive.service.name</name>
     <value>{{repo_name}}</value>
-    <description>Name of the Ranger service containing policies for this YARN instance</description>
+    <description>Name of the Ranger service containing policies for this HIVE instance</description>
   </property>
 
   <property>

ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/kafka/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/kafka/audit/db/spool</description>
   </property>  
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/kafka/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/kafka/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>true</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/kafka/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/kafka/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>true</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>  
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml

@@ -38,7 +38,7 @@
   <property>
     <name>common.name.for.certificate</name>
     <value></value>
-    <description>Used for repository creation on ranger admin</description>
+    <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>

ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml

@@ -43,19 +43,19 @@
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
     <property-type>PASSWORD</property-type>
-    <description>java  truststore password</description>
+    <description>java truststore password</description>
   </property>
 
     <property>
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file/{{credential_file}}</value>
-    <description>java  keystore credential file</description>
+    <description>java keystore credential file</description>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
     <value>jceks://file/{{credential_file}}</value>
-    <description>java  truststore credential file</description>
+    <description>java truststore credential file</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/knox/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/knox/audit/db/spool</description>
   </property>  
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/knox/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/knox/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>false</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/knox/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/knox/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml

@@ -43,19 +43,19 @@
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
     <property-type>PASSWORD</property-type>
-    <description>java  truststore password</description>
+    <description>java truststore password</description>
   </property>
 
     <property>
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  keystore credential file</description>
+    <description>java keystore credential file</description>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  truststore credential file</description>
+    <description>java truststore credential file</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml

@@ -21,14 +21,14 @@
   <property>
     <name>ranger.service.host</name>
     <value>{{ranger_host}}</value>
-    <description></description>
+    <description>Host where ranger service to be installed</description>
   </property>
 
   <property>
     <name>ranger.service.http.enabled</name>
     <value>true</value>
     <display-name>HTTP enabled</display-name>
-    <description></description>
+    <description>Enable HTTP</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -37,51 +37,51 @@
   <property>
     <name>ranger.service.http.port</name>
     <value>6080</value>
-    <description></description>
+    <description>HTTP port</description>
   </property>
 
   <property>
     <name>ranger.service.https.port</name>
     <value>6182</value>
-    <description></description>
+    <description>HTTPS port (if SSL is enabled)</description>
   </property> 
 
   <property>
     <name>ranger.service.https.attrib.ssl.enabled</name>
     <value>false</value>
-    <description></description>
+    <description>true/false, set to true if using SSL</description>
   </property>
 
   <property>
     <name>ranger.service.https.attrib.clientAuth</name>
     <value>want</value>
-    <description></description>
+    <description>Needs to be set to want for two way SSL</description>
   </property> 
 
   <property>
     <name>ranger.service.https.attrib.keystore.keyalias</name>
     <value>rangeradmin</value>
-    <description></description>
+    <description>Alias for Ranger Admin key in keystore</description>
   </property>
 
   <property>
     <name>ranger.service.https.attrib.keystore.pass</name>
     <value>xasecure</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Password for keystore</description>
   </property>
 
   <property>
     <name>ranger.https.attrib.keystore.file</name>
     <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
-    <description></description>
+    <description>Ranger admin keystore (specify full path)</description>
   </property>
 
   <property>
     <name>ranger.externalurl</name>
     <value>{{ranger_external_url}}</value>
     <display-name>External URL</display-name>
-    <description></description>
+    <description>URL to be used by clients to access ranger admin</description>
     <value-attributes>
       <visible>false</visible>
       <overridable>false</overridable>
@@ -92,7 +92,7 @@
     <name>ranger.jpa.jdbc.driver</name>
     <value>com.mysql.jdbc.Driver</value>
     <display-name>Driver class name for a JDBC Ranger database</display-name>
-    <description></description>
+    <description>JDBC driver class name</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -102,7 +102,7 @@
     <name>ranger.jpa.jdbc.url</name>
     <value>jdbc:mysql://localhost</value>
     <display-name>JDBC connect string for a Ranger database</display-name>
-    <description></description>
+    <description>JDBC connect string - auto populated based on other values</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -111,45 +111,45 @@
   <property>
     <name>ranger.jpa.jdbc.user</name>
     <value>{{ranger_db_user}}</value>
-    <description></description>
+    <description>JDBC user</description>
   </property>
 
   <property>
     <name>ranger.jpa.jdbc.password</name>
     <value>_</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>JDBC password</description>
   </property>
 
   <property>
     <name>ranger.jpa.jdbc.credential.alias</name>
     <value>rangeradmin</value>
-    <description></description>
+    <description>Alias name for storing JDBC password</description>
   </property>
 
   <property>
     <name>ranger.credential.provider.path</name>
     <value>/etc/ranger/admin/rangeradmin.jceks</value>
-    <description></description>
+    <description>File for credential store, provide full file path</description>
   </property>
 
   <property>
     <name>ranger.audit.source.type</name>
     <value>solr</value>
-    <description></description>
+    <description>db or solr, based on the audit destination used</description>
   </property>
 
   <property>
     <name>ranger.audit.solr.urls</name>
     <value>http://solr_host:6083/solr/ranger_audits</value>
-    <description></description>
+    <description>Solr url for audit</description>
   </property>
 
   <property>
     <name>ranger.authentication.method</name>
     <value>UNIX</value>
     <display-name>Authentication method</display-name>
-    <description></description>
+    <description>Ranger admin Authentication - UNIX/LDAP/AD/NONE</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -158,7 +158,7 @@
   <property>
     <name>ranger.ldap.url</name>
     <value>ldap://71.127.43.33:389</value>
-    <description></description>
+    <description>LDAP Server URL, only used if Authentication method is LDAP</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -167,7 +167,7 @@
   <property>
     <name>ranger.ldap.user.dnpattern</name>
     <value>uid={0},ou=users,dc=xasecure,dc=net</value>
-    <description></description>
+    <description>LDAP user DN, only used if Authentication method is LDAP</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -176,13 +176,13 @@
   <property>
     <name>ranger.ldap.group.searchbase</name>
     <value>ou=groups,dc=xasecure,dc=net</value>
-    <description></description>
+    <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
   </property>
 
   <property>
     <name>ranger.ldap.group.searchfilter</name>
     <value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value>
-    <description></description>
+    <description>LDAP group search filter, only used if Authentication method is LDAP</description>
   </property>
 
   <property>
@@ -197,7 +197,7 @@
   <property>
     <name>ranger.ldap.group.roleattribute</name>
     <value>cn</value>
-    <description></description>
+    <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -243,7 +243,7 @@
   <property>
     <name>ranger.ldap.ad.domain</name>
     <value>localhost</value>
-    <description></description>
+    <description>AD domain, only used if Authentication method is AD</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -252,7 +252,7 @@
   <property>
     <name>ranger.ldap.ad.url</name>
     <value>ldap://ad.xasecure.net:389</value>
-    <description></description>
+    <description>AD URL, only used if Authentication method is AD</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -307,39 +307,39 @@
   <property>
     <name>ranger.jpa.audit.jdbc.driver</name>
     <value>{{ranger_jdbc_driver}}</value>
-    <description></description>
+    <description>JDBC driver class name - for audit DB</description>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>JDBC connect string - auto populated based on other values</description>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.user</name>
     <value>{{ranger_audit_db_user}}</value>
-    <description></description>
+    <description>JDBC user - audit</description>
   </property> 
 
   <property>
     <name>ranger.jpa.audit.jdbc.password</name>
     <value>_</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>JDBC password - audit</description>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.credential.alias</name>
     <value>rangeraudit</value>
-    <description></description>
+    <description>Alias name for storing JDBC password - for audit user</description>
   </property>
 
   <property>
     <name>ranger.unixauth.remote.login.enabled</name>
     <value>true</value>
     <display-name>Allow remote Login</display-name>
-    <description></description>
+    <description>Remote login enabled? - only used if Authentication method is UNIX</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -348,7 +348,7 @@
   <property>
     <name>ranger.unixauth.service.hostname</name>
     <value>localhost</value>
-    <description></description>
+    <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -357,7 +357,7 @@
   <property>
     <name>ranger.unixauth.service.port</name>
     <value>5151</value>
-    <description></description>
+    <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
     <value-attributes>
       <overridable>false</overridable>
     </value-attributes>
@@ -366,32 +366,32 @@
   <property>
     <name>ranger.jpa.jdbc.dialect</name>
     <value>{{jdbc_dialect}}</value>
-    <description></description>
+    <description>JDBC dialect used for policy DB</description>
   </property>
 
   <property>
     <name>ranger.jpa.audit.jdbc.dialect</name>
     <value>{{jdbc_dialect}}</value>
-    <description></description>
+    <description>JDBC dialect used for audit DB</description>
   </property>
 
   <property>
     <name>ranger.audit.solr.zookeepers</name>
     <value>NONE</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property> 
 
   <property>
     <name>ranger.audit.solr.username</name>
     <value>ranger_solr</value>
-    <description></description>
+    <description>Solr username</description>
   </property> 
 
   <property>
     <name>ranger.audit.solr.password</name>
     <value>NONE</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Solr password</description>
   </property> 
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml

@@ -21,87 +21,87 @@
   <property>
     <name>ranger.usersync.port</name>
     <value>5151</value>
-    <description></description>
+    <description>Port for unix authentication service, run within usersync</description>
   </property>
 
   <property>
     <name>ranger.usersync.ssl</name>
     <value>true</value>
-    <description></description>
+    <description>SSL enabled? (ranger admin -> usersync communication)</description>
   </property>
 
   <property>
     <name>ranger.usersync.keystore.file</name>
     <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
-    <description></description>
+    <description>Keystore file used for usersync</description>
   </property>
 
   <property>
     <name>ranger.usersync.keystore.password</name>
     <value>UnIx529p</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Keystore password</description>
   </property>
 
   <property>
     <name>ranger.usersync.truststore.file</name>
     <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
-    <description></description>
+    <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description>
   </property>
 
   <property>
     <name>ranger.usersync.truststore.password</name>
     <value>changeit</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Truststore password</description>
   </property>
 
   <property>
     <name>ranger.usersync.passwordvalidator.path</name>
     <value>./native/credValidator.uexe</value>
-    <description></description>
+    <description>Native program for password validation</description>
   </property>
 
   <property>
     <name>ranger.usersync.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Usersync enabled?</description>
   </property>
 
   <property>
     <name>ranger.usersync.sink.impl.class</name>
     <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
-    <description></description>
+    <description>Class to be used as sink (to sync users into ranger admin)</description>
   </property>
 
   <property>
     <name>ranger.usersync.policymanager.baseURL</name>
     <value>{{ranger_external_url}}</value>
-    <description></description>
+    <description>URL to be used by clients to access ranger admin, use FQDN</description>
   </property>
 
   <property>
     <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
     <value>1000</value>
-    <description></description>
+    <description>How many records to be returned per API call</description>
   </property>
 
   <property>
     <name>ranger.usersync.policymanager.mockrun</name>
     <value>false</value>
-    <description></description>
+    <description>Is user sync doing mock run?</description>
   </property>
 
   <property>
     <name>ranger.usersync.unix.minUserId</name>
     <value>500</value>
-    <description></description>
+    <description>Only sync users above this user id (applicable for UNIX)</description>
   </property>
 
   <property>
     <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
     <value>5</value>
-    <description></description>
+    <description>Sleeptime interval in milliseconds, if < 1000 then default to 30 sec</description>
   </property>
 
   <property>
@@ -122,26 +122,26 @@
   <property>
     <name>ranger.usersync.filesource.text.delimiter</name>
     <value>,</value>
-    <description></description>
+    <description>Delimiter used in file, if File based user sync is used</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.url</name>
     <value>ldap://localhost:389</value>
-    <description></description>
+    <description>LDAP server URL</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.binddn</name>
     <value>cn=admin,dc=xasecure,dc=net</value>
-    <description></description>
+    <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.ldapbindpassword</name>
     <value></value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Password for the account that can search for users.</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -150,13 +150,13 @@
   <property>
     <name>ranger.usersync.ldap.bindalias</name>
     <value>testldapalias</value>
-    <description></description>
+    <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.bindkeystore</name>
     <value></value>
-    <description></description>
+    <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -165,7 +165,8 @@
   <property>
     <name>ranger.usersync.ldap.searchBase</name>
     <value>dc=hadoop,dc=apache,dc=org</value>
-    <description></description>
+    <description>"# search base for users and groups
+# sample value would be dc=hadoop,dc=apache,dc=org"</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -174,31 +175,38 @@
   <property>
     <name>ranger.usersync.ldap.user.searchbase</name>
     <value>ou=users,dc=xasecure,dc=net</value>
-    <description></description>
+    <description>"# search base for users
+# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase"</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.user.searchscope</name>
     <value>sub</value>
-    <description></description>
+    <description>"# search scope for the users, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.user.objectclass</name>
     <value>person</value>
-    <description></description>
+    <description>LDAP User Object Class</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.user.searchfilter</name>
     <value>empty</value>
-    <description></description>
+    <description>"optional additional filter constraining the users selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.user.nameattribute</name>
     <value>cn</value>
-    <description></description>
+    <description>LDAP user name attribute</description>
   </property>
 
   <property>
@@ -213,31 +221,34 @@
   <property>
     <name>ranger.usersync.ldap.user.groupnameattribute</name>
     <value>memberof, ismemberof</value>
-    <description></description>
+    <description>LDAP user group name attribute</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.username.caseconversion</name>
     <value>lower</value>
-    <description></description>
+    <description>User name case conversion</description>
   </property>
 
   <property>
     <name>ranger.usersync.ldap.groupname.caseconversion</name>
     <value>lower</value>
-    <description></description>
+    <description>Group name case conversion</description>
   </property>
 
   <property>
     <name>ranger.usersync.logdir</name>
     <value>/var/log/ranger/usersync</value>
-    <description></description>
+    <description>User sync log directory</description>
   </property>
 
   <property>
     <name>ranger.usersync.group.searchenabled</name>
     <value>false</value>
-    <description></description>
+    <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+# valid values: true, false
+# any value other than true would be treated as false
+# default value: false"</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -246,7 +257,7 @@
   <property>
     <name>ranger.usersync.group.usermapsyncenabled</name>
     <value>false</value>
-    <description></description>
+    <description>User map sync enabled?</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -255,7 +266,11 @@
   <property>
     <name>ranger.usersync.group.searchbase</name>
     <value> </value>
-    <description></description>
+    <description>"# search base for groups
+# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase,  ranger.usersync.ldap.user.searchbase
+# if a value is not specified, takes the value of  ranger.usersync.ldap.searchBase
+# if  ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -264,7 +279,9 @@
   <property>
     <name>ranger.usersync.group.searchscope</name>
     <value> </value>
-    <description></description>
+    <description>"# search scope for the groups, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -282,7 +299,10 @@
   <property>
     <name>ranger.usersync.group.searchfilter</name>
     <value> </value>
-    <description></description>
+    <description>"# optional additional filter constraining the groups selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -291,7 +311,7 @@
   <property>
     <name>ranger.usersync.group.nameattribute</name>
     <value> </value>
-    <description></description>
+    <description>LDAP group name attribute</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -300,7 +320,7 @@
   <property>
     <name>ranger.usersync.group.memberattributename</name>
     <value> </value>
-    <description></description>
+    <description>LDAP group member attribute name</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>
@@ -309,19 +329,19 @@
   <property>
     <name>ranger.usersync.pagedresultsenabled</name>
     <value>true</value>
-    <description></description>
+    <description>Results can be paged?</description>
   </property>
 
   <property>
     <name>ranger.usersync.pagedresultssize</name>
     <value>500</value>
-    <description></description>
+    <description>Page size</description>
   </property>
 
   <property>
     <name>ranger.usersync.credstore.filename</name>
     <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
-    <description></description>
+    <description>Credential store file name for user sync, specify full path</description>
   </property>                         
 
 </configuration>  

ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/storm/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/storm/audit/db/spool</description>
   </property>  
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/storm/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/storm/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>false</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/storm/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/storm/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>  
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml

@@ -43,19 +43,19 @@
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
     <property-type>PASSWORD</property-type>
-    <description>java  truststore password</description>
+    <description>java truststore password</description>
   </property>
 
     <property>
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  keystore credential file</description>
+    <description>java keystore credential file</description>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  truststore credential file</description>
+    <description>java truststore credential file</description>
   </property>
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml

@@ -23,102 +23,102 @@
   <property>
     <name>xasecure.audit.is.enabled</name>
     <value>true</value>
-    <description></description>
+    <description>Is Audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db</name>
     <value>false</value>
     <display-name>Audit to DB</display-name>
-    <description></description>
+    <description>Is Audit to DB enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.url</name>
     <value>{{audit_jdbc_url}}</value>
-    <description></description>
+    <description>Audit DB JDBC URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.user</name>
     <value>{{xa_audit_db_user}}</value>
-    <description></description>
+    <description>Audit DB JDBC User</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.password</name>
     <value>crypted</value>
     <property-type>PASSWORD</property-type>
-    <description></description>
+    <description>Audit DB JDBC Password</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.jdbc.driver</name>
     <value>{{jdbc_driver}}</value>
-    <description></description>
+    <description>Audit DB JDBC Driver</description>
   </property>
 
   <property>
     <name>xasecure.audit.credential.provider.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description></description>
+    <description>Credential file store</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.db.batch.filespool.dir</name>
     <value>/var/log/hadoop/yarn/audit/db/spool</value>
-    <description></description>
+    <description>/var/log/hadoop/yarn/audit/db/spool</description>
   </property>  
 
   <property>
     <name>xasecure.audit.destination.hdfs</name>
     <value>true</value>
     <display-name>Audit to HDFS</display-name>
-    <description></description>
+    <description>Is Audit to HDFS enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.dir</name>
     <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
-    <description></description>
+    <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
     <value>/var/log/hadoop/yarn/audit/hdfs/spool</value>
-    <description></description>
+    <description>/var/log/hadoop/yarn/audit/hdfs/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr</name>
     <value>false</value>
     <display-name>Audit to SOLR</display-name>
-    <description></description>
+    <description>Is Solr audit enabled?</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.urls</name>
     <value>{{ranger_audit_solr_urls}}</value>
-    <description></description>
+    <description>Solr URL</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.zookeepers</name>
     <value>none</value>
-    <description></description>
+    <description>Solr Zookeeper string</description>
   </property>
 
   <property>
     <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
     <value>/var/log/hadoop/yarn/audit/solr/spool</value>
-    <description></description>
+    <description>/var/log/hadoop/yarn/audit/solr/spool</description>
   </property>
 
   <property>
     <name>xasecure.audit.provider.summary.enabled</name>
     <value>false</value>
     <display-name>Audit provider summary enabled</display-name>
-    <description></description>
+    <description>Enable Summary audit?</description>
   </property>  
 
 </configuration>

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml

@@ -38,7 +38,7 @@
   <property>
     <name>common.name.for.certificate</name>
     <value></value>
-    <description>Used for repository creation on ranger admin</description>
+    <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description>
     <value-attributes>
       <empty-value-valid>true</empty-value-valid>
     </value-attributes>

ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml

@@ -43,19 +43,19 @@
     <name>xasecure.policymgr.clientssl.truststore.password</name>
     <value>changeit</value>
     <property-type>PASSWORD</property-type>
-    <description>java  truststore password</description>
+    <description>java truststore password</description>
   </property>
 
     <property>
     <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  keystore credential file</description>
+    <description>java keystore credential file</description>
   </property>
 
   <property>
     <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
     <value>jceks://file{{credential_file}}</value>
-    <description>java  truststore credential file</description>
+    <description>java truststore credential file</description>
   </property>
 
 </configuration>