RANGER-5554: Refactor Ranger Admin bootstrap to use runtime XML config only

dev-support/ranger-docker/Dockerfile.ranger

@@ -13,47 +13,53 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-ARG RANGER_DB_TYPE=postgres
 ARG RANGER_BASE_IMAGE=apache/ranger-base
 ARG RANGER_BASE_VERSION=20260123-2-8
 
 FROM ${RANGER_BASE_IMAGE}:${RANGER_BASE_VERSION} AS ranger
 
 ARG RANGER_VERSION
-ARG RANGER_DB_TYPE
 ARG TARGETARCH
 
-COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz     /home/ranger/dist/
+# JDBC jar filenames are defined in the image and reused by ranger.sh at runtime.
+ENV RANGER_JDBC_POSTGRES_JAR=postgresql-42.2.16.jre7.jar \
+    RANGER_JDBC_MYSQL_JAR=mysql-connector-java-8.0.28.jar \
+    RANGER_JDBC_ORACLE_JAR=ojdbc8.jar \
+    RANGER_JDBC_MSSQL_JAR=mssql-jdbc-12.8.1.jre8.jar \
+    RANGER_JDBC_LOG4JDBC_JAR=log4jdbc-1.2.jar
+
+COPY ./downloads/${RANGER_JDBC_POSTGRES_JAR}          ${RANGER_DIST}/
+COPY ./downloads/${RANGER_JDBC_MYSQL_JAR}             ${RANGER_DIST}/
+COPY ./downloads/${RANGER_JDBC_LOG4JDBC_JAR}          ${RANGER_DIST}/
+COPY ./downloads/${RANGER_JDBC_ORACLE_JAR}            ${RANGER_DIST}/
+COPY ./downloads/${RANGER_JDBC_MSSQL_JAR}             ${RANGER_DIST}/
+COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz     ${RANGER_DIST}/
+
 COPY ./scripts/admin/ranger.sh                        ${RANGER_SCRIPTS}/
-COPY ./scripts/admin/create-ranger-services.py        ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/user_password_bootstrap.py       ${RANGER_SCRIPTS}/
+COPY ./scripts/python/log_config.py                   ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/dba.py                           ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/ranger_admin_xml_config.py       ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/create_ranger_services.py        ${RANGER_SCRIPTS}/
 
 RUN    tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \
     && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \
     && rm -f /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz \
     && rm -f /opt/ranger/admin/install.properties \
+    && rm -f /opt/ranger/admin/setup.sh \
+    && rm -f /opt/ranger/admin/dba_script.py \
+    && rm -f /opt/ranger/admin/db_setup.py \
     && mkdir -p /var/run/ranger /var/log/ranger /usr/share/java/ \
+    && chown ranger:ranger /usr/share/java \
+    && mkdir -p ${RANGER_HOME}/admin/ews/webapp/WEB-INF/classes/conf \
+    && rm -rf ${RANGER_HOME}/admin/ews/logs \
+    && ln -s /var/log/ranger ${RANGER_HOME}/admin/ews/logs \
     && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \
     && chmod 755 ${RANGER_SCRIPTS}/ranger.sh
 
-FROM ranger AS ranger_postgres
-COPY ./downloads/postgresql-42.2.16.jre7.jar         /home/ranger/dist/
-RUN mv /home/ranger/dist/postgresql-42.2.16.jre7.jar /usr/share/java/postgresql.jar
-
-FROM ranger AS ranger_mysql
-COPY ./downloads/mysql-connector-java-8.0.28.jar  /home/ranger/dist/
-COPY ./downloads/log4jdbc-1.2.jar                 /home/ranger/dist/
-RUN     mv /home/ranger/dist/mysql-connector-java-8.0.28.jar /usr/share/java/mysql-connector.jar \
-     && mv /home/ranger/dist/log4jdbc-1.2.jar ${RANGER_HOME}/admin/ews/webapp/WEB-INF/lib/log4jdbc-1.2.jar
-
-FROM ranger AS ranger_oracle
-COPY ./downloads/ojdbc8.jar         /home/ranger/dist/
-RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar
-
-FROM ranger AS ranger_sqlserver
-COPY ./downloads/mssql-jdbc-12.8.1.jre8.jar            /home/ranger/dist/
-RUN mv /home/ranger/dist/mssql-jdbc-12.8.1.jre8.jar    /usr/share/java/mssql.jar
-
-FROM ranger_${RANGER_DB_TYPE}
+# Copy config files
+COPY ./scripts/admin/configs/logback.xml                     ${RANGER_HOME}/admin/ews/webapp/WEB-INF/classes/conf
+COPY ./scripts/admin/configs/security-applicationContext.xml ${RANGER_HOME}/admin/ews/webapp/WEB-INF/classes/conf
 
 USER ranger
 

dev-support/ranger-docker/README.md

@@ -44,6 +44,15 @@ Use Dockerfiles in this directory to create docker images and run them to build
   # valid values for RANGER_DB_TYPE: mysql/postgres/oracle
    ~~~
 
+- The Ranger Admin container uses `scripts/admin/ranger-admin-site.xml` for all database flavors. The file defaults to PostgreSQL and includes commented MySQL and Oracle blocks; uncomment the matching block and comment the other database flavor settings before starting the stack.
+   ~~~
+   export RANGER_DB_TYPE=mysql
+   # In scripts/admin/ranger-admin-site.xml, enable the commented MySQL block and comment others.
+
+   export RANGER_DB_TYPE=oracle
+   # In scripts/admin/ranger-admin-site.xml, enable the commented Oracle block and comment others.
+   ~~~
+
 ### Apache Ranger Build
 
 #### In containers using docker compose

dev-support/ranger-docker/docker-compose.ranger.yml

@@ -7,7 +7,7 @@ services:
         - RANGER_BASE_IMAGE=${RANGER_BASE_IMAGE}
         - RANGER_BASE_VERSION=${RANGER_BASE_VERSION}
         - RANGER_VERSION=${RANGER_VERSION}
-        - RANGER_DB_TYPE=${RANGER_DB_TYPE}
+        - RANGER_DB_TYPE=${RANGER_DB_TYPE:-postgres}
         - KERBEROS_ENABLED=${KERBEROS_ENABLED}
     image: ranger:latest
     container_name: ranger
@@ -16,8 +16,9 @@ services:
       - ./dist/keytabs/ranger:/etc/keytabs
       - ./dist/version:/home/ranger/dist/version:ro
       - ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
-      - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
-      - ./scripts/admin/ranger-admin-install-${RANGER_DB_TYPE}.properties:/opt/ranger/admin/install.properties
+      - ./scripts/hadoop/core-site.xml:/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/core-site.xml:ro
+      - ./scripts/admin/ranger-admin-site.xml:/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml:ro
+      - ./scripts/admin/ranger-admin-default-site.xml:/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-default-site.xml:ro
     stdin_open: true
     tty: true
     networks:
@@ -35,9 +36,13 @@ services:
         condition: service_started
     environment:
       - RANGER_VERSION
-      - RANGER_DB_TYPE
+      - RANGER_DB_TYPE=${RANGER_DB_TYPE:-postgres}
       - KERBEROS_ENABLED
       - DEBUG_ADMIN=${DEBUG_ADMIN:-false}
+      - RANGER_ADMIN_DB_PASSWORD=rangerR0cks!
+      - RANGER_ADMIN_PASSWORD=rangerR0cks!
+      - RANGER_USERSYNC_PASSWORD=rangerR0cks!
+      - RANGER_TAGSYNC_PASSWORD=rangerR0cks!
     command:
       - /home/ranger/scripts/ranger.sh
 
@@ -65,7 +70,7 @@ services:
 
   ranger-db:
     extends:
-      service: ${RANGER_DB_TYPE}
+      service: ${RANGER_DB_TYPE:-postgres}
       file: docker-compose.ranger-db.yml
 
   ranger-zk:

dev-support/ranger-docker/scripts/admin/configs/logback.xml

@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<configuration>
+    <appender name="xa_log_appender" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <!--See http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+        <!--and http://logback.qos.ch/manual/appenders.html#TimeBasedRollingPolicy-->
+        <!--for further documentation-->
+        <file>${logdir}/ranger-admin-${hostname}-${user}.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%date [%thread] %level{5} [%file:%line] %msg%n</pattern>
+        </encoder>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>${logdir}/ranger-admin-${hostname}-${user}.log.%d{yyyy-MM-dd}</fileNamePattern>
+            <maxHistory>15</maxHistory>
+            <cleanHistoryOnStart>true</cleanHistoryOnStart>
+        </rollingPolicy>
+    </appender>
+    <appender name="sql_appender" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <!--See http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+        <!--and http://logback.qos.ch/manual/appenders.html#TimeBasedRollingPolicy-->
+        <!--for further documentation-->
+        <file>${logdir}/ranger_admin_sql.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%d [%t] %-5p %C{6} \(%F:%L\) %msg%n</pattern>
+        </encoder>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>${logdir}/ranger_admin_sql.log.%d{yyyy-MM-dd}</fileNamePattern>
+            <maxHistory>15</maxHistory>
+            <cleanHistoryOnStart>true</cleanHistoryOnStart>
+        </rollingPolicy>
+    </appender>
+    <appender name="perf_appender" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <!--See http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+        <!--and http://logback.qos.ch/manual/appenders.html#TimeBasedRollingPolicy-->
+        <!--for further documentation-->
+        <file>${logdir}/ranger_admin_perf.log</file>
+        <append>true</append>
+        <encoder>
+            <pattern>%d [%t] %msg%n</pattern>
+        </encoder>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>${logdir}/ranger_admin_perf.log.%d{yyyy-MM-dd}</fileNamePattern>
+            <maxHistory>15</maxHistory>
+            <cleanHistoryOnStart>true</cleanHistoryOnStart>
+        </rollingPolicy>
+    </appender>
+    <appender name="patch_logger" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <!--See http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+        <!--and http://logback.qos.ch/manual/appenders.html#TimeBasedRollingPolicy-->
+        <!--for further documentation-->
+        <append>true</append>
+        <file>${logdir}/ranger_db_patch.log</file>
+        <encoder>
+            <pattern>%d [%t] %-5p %C{6} \(%F:%L\) %msg%n</pattern>
+        </encoder>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>${logdir}/ranger_db_patch.log.%d{yyyy-MM-dd}</fileNamePattern>
+            <maxHistory>15</maxHistory>
+            <cleanHistoryOnStart>true</cleanHistoryOnStart>
+        </rollingPolicy>
+    </appender>
+    <logger name="xa" additivity="false" level="info">
+        <appender-ref ref="xa_log_appender"/>
+    </logger>
+    <logger name="jdbc.connection" additivity="false" level="error">
+        <appender-ref ref="sql_appender"/>
+    </logger>
+    <logger name="com.mchange" additivity="false" level="warn" />
+    <logger name="org.apache.ranger.perf" additivity="false" level="info">
+        <appender-ref ref="perf_appender"/>
+    </logger>
+    <logger name="jdbc.audit" additivity="false" level="error">
+        <appender-ref ref="sql_appender"/>
+    </logger>
+    <logger name="org.apache.ranger.patch" additivity="false" level="info">
+        <appender-ref ref="patch_logger"/>
+    </logger>
+    <logger name="jdbc.resultset" additivity="false" level="error">
+        <appender-ref ref="sql_appender"/>
+    </logger>
+    <logger name="org.springframework" additivity="false" level="warn">
+        <appender-ref ref="patch_logger"/>
+    </logger>
+    <logger name="jdbc.sqltiming" additivity="false" level="warn">
+        <appender-ref ref="sql_appender"/>
+    </logger>
+    <logger name="org.hibernate.SQL" additivity="false" level="warn">
+        <appender-ref ref="sql_appender"/>
+    </logger>
+    <logger name="org.apache.ranger" additivity="false" level="info">
+        <appender-ref ref="xa_log_appender"/>
+    </logger>
+    <logger name="jdbc.sqlonly" additivity="false" level="error">
+        <appender-ref ref="sql_appender"/>
+    </logger>
+    <root level="warn">
+        <appender-ref ref="xa_log_appender"/>
+    </root>
+</configuration>