AMBARI-26056: Add ranger kms support

ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions.py

@@ -367,7 +367,7 @@ def create_ambari_admin_user(self,ambari_admin_username, ambari_admin_password,u
             'Accept': 'application/json',
             "Content-Type": "application/json"
           }
-          request = urllib.request.Request(url, data, headers)
+          request = urllib.request.Request(url, data.encode(), headers)
           request.add_header("Authorization", "Basic {0}".format(base64string))
           result = openurl(request, timeout=20)
           response_code = result.getcode()

ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/properties/stack_features.json

@@ -60,6 +60,16 @@
         "name": "ranger_install_infra_client",
         "description": "Ambari Infra Service support",
         "min_version": "2.5.0.0"
+      },
+      {
+        "name": "ranger_kms_ssl",
+        "description": "Ranger KMS SSL properties in ambari stack",
+        "min_version": "3.2.0"
+      },
+      {
+        "name": "ranger_kms_pid_support",
+        "description": "Ranger KMS Service support pid generation",
+        "min_version": "3.2.0"
       }
     ]
   }

ambari-server/src/main/resources/stacks/BIGTOP/3.2.0/properties/stack_packages.json

@@ -524,6 +524,9 @@
       "MAPREDUCE2": {
         "packages": []
       },
+      "RANGER_KMS": {
+        "packages": ["ranger-kms"]
+      },
       "SPARK": {
         "packages": [
           "spark"

ambari-server/src/main/resources/stacks/BIGTOP/3.3.0/services/RANGER_KMS/alerts.json

@@ -0,0 +1,32 @@
+{
+  "RANGER_KMS": {
+    "service": [],
+    "RANGER_KMS_SERVER": [
+      {
+        "name": "ranger_kms_server_process",
+        "label": "Ranger KMS Server Process",
+        "description": "This host-level alert is triggered if the Ranger KMS Server cannot be determined to be up.",
+        "interval": 1,
+        "scope": "HOST",
+        "source": {
+          "type": "PORT",
+          "uri": "{{kms-env/kms_port}}",
+          "default_port": 9292,
+          "reporting": {
+            "ok": {
+              "text": "TCP OK - {0:.3f}s response on port {1}"
+            },
+            "warning": {
+              "text": "TCP OK - {0:.3f}s response on port {1}",
+              "value": 1.5
+            },
+            "critical": {
+              "text": "Connection failed: {0} to {1}:{2}",
+              "value": 5.0
+            }
+          }
+        }
+      }
+    ]
+  }
+}

ambari-server/src/main/resources/stacks/BIGTOP/3.3.0/services/RANGER_KMS/configuration/dbks-site.xml

@@ -0,0 +1,317 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+  <property>
+    <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
+    <value>hdfs</value>
+    <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.db.encrypt.key.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>Password used for encrypting Master Key</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.url</name>
+    <display-name>JDBC connect string</display-name>
+    <value>jdbc:mysql://localhost</value>
+    <description>URL for Database</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>kms-properties</type>
+        <name>DB_FLAVOR</name>
+      </property>
+      <property>
+        <type>kms-properties</type>
+        <name>db_host</name>
+      </property>
+      <property>
+        <type>kms-properties</type>
+        <name>db_name</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.user</name>
+    <value>{{db_user}}</value>
+    <description>Database username used for operation</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>Database user's password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.credential.provider.path</name>
+    <value>/etc/ranger/kms/rangerkms.jceks</value>
+    <description>Credential provider path</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.credential.alias</name>
+    <value>ranger.ks.jdbc.password</value>
+    <description>Credential alias used for password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.masterkey.credential.alias</name>
+    <value>ranger.ks.masterkey.password</value>
+    <description>Credential alias used for masterkey</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.dialect</name>
+    <value>{{jdbc_dialect}}</value>
+    <description>Dialect used for database</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jpa.jdbc.driver</name>
+    <display-name>Driver class name for a JDBC Ranger KMS database</display-name>
+    <value>com.mysql.jdbc.Driver</value>
+    <description>Driver used for database</description>
+    <value-attributes>
+      <overridable>false</overridable>
+    </value-attributes>
+    <depends-on>
+      <property>
+        <type>kms-properties</type>
+        <name>DB_FLAVOR</name>
+      </property>
+    </depends-on>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.jdbc.sqlconnectorjar</name>
+    <value>{{ews_lib_jar_path}}</value>
+    <description>Driver used for database</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.type</name>
+    <display-name>HSM Type</display-name>
+    <value>LunaProvider</value>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>LunaProvider</value>
+          <label>Luna Provider</label>
+        </entry>
+      </entries>
+    </value-attributes>
+    <description>HSM type</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.enabled</name>
+    <display-name>HSM Enabled</display-name>
+    <value>false</value>
+    <description>Enable HSM ?</description>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+      <type>value-list</type>
+      <overridable>false</overridable>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.partition.name</name>
+    <display-name>HSM partition name. In case of HSM HA enter the group name</display-name>
+    <value>par19</value>
+    <description/>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.partition.password</name>
+    <value>_</value>
+    <property-type>PASSWORD</property-type>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <description>HSM partition password</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.hsm.partition.password.alias</name>
+    <display-name>HSM partition password alias</display-name>
+    <value>ranger.kms.hsm.partition.password</value>
+    <description>HSM partition password alias</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.kerberos.principal</name>
+    <value/>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
+    <name>ranger.ks.kerberos.keytab</name>
+    <value/>
+    <description/>
+    <value-attributes>
+      <empty-value-valid>true</empty-value-valid>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+
+
+
+
+  <property>
+    <name>ranger.kms.keysecure.enabled</name>
+    <display-name>Keysecure Enabled</display-name>
+    <value>false</value>
+    <description>Enable Keysecure ?</description>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.UserPassword.Authentication</name>
+    <display-name>Enable Keysecure User Password Authentication</display-name>
+    <value>true</value>
+    <description>Enable Keysecure User Password Authentication ?</description>
+    <value-attributes>
+      <overridable>false</overridable>
+      <type>value-list</type>
+      <entries>
+        <entry>
+          <value>true</value>
+          <label>Yes</label>
+        </entry>
+        <entry>
+          <value>false</value>
+          <label>No</label>
+        </entry>
+      </entries>
+      <selection-cardinality>1</selection-cardinality>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.masterkey.name</name>
+    <display-name>Keysecure MasterKey Name</display-name>
+    <value></value>
+    <description>Enter Keysecure MasterKey Name</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.login.username</name>
+    <display-name>Keysecure Login Username</display-name>
+    <value></value>
+    <description>Enter Keysecure Login Username</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.login.password</name>
+    <display-name>Keysecure Login Password</display-name>
+    <value></value>
+    <property-type>PASSWORD</property-type>
+    <description>Keysecure Login Password</description>
+    <value-attributes>
+      <type>password</type>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.login.password.alias</name>
+    <display-name>Keysecure Login Password Alias</display-name>
+    <value>ranger.ks.login.password</value>
+    <description>Enter Keysecure Login Password Alias</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.hostname</name>
+    <display-name>Keysecure Hostname</display-name>
+    <value></value>
+    <description>Enter Keysecure Hostname</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.masterkey.size</name>
+    <display-name>Keysecure Masterkey Size</display-name>
+    <value>256</value>
+    <description>Enter Keysecure Masterkey Size</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+  <property>
+    <name>ranger.kms.keysecure.sunpkcs11.cfg.filepath</name>
+    <display-name>Keysecure sunpkcs11 cfg filepath</display-name>
+    <value></value>
+    <description>Enter Keysecure sunpkcs11 cfg filepath</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+
+</configuration>