-
Notifications
You must be signed in to change notification settings - Fork 993
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RANGER-5080: Add docker support for MS SQL Server database (#483)
- Loading branch information
Showing
15 changed files
with
576 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| # Licensed to the Apache Software Foundation (ASF) under one | ||
| # or more contributor license agreements. See the NOTICE file | ||
| # distributed with this work for additional information | ||
| # regarding copyright ownership. The ASF licenses this file | ||
| # to you under the Apache License, Version 2.0 (the | ||
| # "License"); you may not use this file except in compliance | ||
| # with the License. You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| ARG SQLSERVER_VERSION | ||
|
|
||
| FROM mcr.microsoft.com/mssql/server:${SQLSERVER_VERSION} | ||
|
|
||
| ENV ACCEPT_EULA=Y | ||
| ENV MSSQL_SA_PASSWORD=rangerR0cks! | ||
|
|
||
| EXPOSE 1433 | ||
|
|
||
| USER root | ||
|
|
||
| RUN mkdir -p /docker-entrypoint-initdb.d | ||
| COPY config/init_mssql.sh /docker-entrypoint-initdb.d/ | ||
| RUN chown -R mssql /docker-entrypoint-initdb.d/ | ||
| RUN chmod +x /docker-entrypoint-initdb.d/init_mssql.sh | ||
|
|
||
| USER mssql | ||
|
|
||
| ENTRYPOINT ["/docker-entrypoint-initdb.d/init_mssql.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Licensed to the Apache Software Foundation (ASF) under one | ||
| # or more contributor license agreements. See the NOTICE file | ||
| # distributed with this work for additional information | ||
| # regarding copyright ownership. The ASF licenses this file | ||
| # to you under the Apache License, Version 2.0 (the | ||
| # "License"); you may not use this file except in compliance | ||
| # with the License. You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| /opt/mssql/bin/sqlservr & | ||
|
|
||
| # Wait for SQL Server to be ready | ||
| echo "Waiting for SQL Server to start..." | ||
| RETRIES=30 # Number of retries | ||
| SLEEP_INTERVAL=5 # Seconds to wait between retries | ||
| for i in $(seq 1 $RETRIES); do | ||
| # Try to connect to SQL Server | ||
| /opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P "rangerR0cks!" -Q "SELECT 1" -C > /dev/null 2>&1 | ||
| if [ $? -eq 0 ]; then | ||
| echo "SQL Server is ready!" | ||
| break | ||
| else | ||
| echo "SQL Server is not ready yet. Waiting..." | ||
| sleep $SLEEP_INTERVAL | ||
| fi | ||
| done | ||
|
|
||
| if [ $i -eq $RETRIES ]; then | ||
| echo "SQL Server did not become ready in time. Exiting." | ||
| exit 1 | ||
| fi | ||
|
|
||
| /opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P 'rangerR0cks!' -Q " | ||
| -- Set the database context | ||
| USE master; | ||
| -- Create databases | ||
| CREATE DATABASE ranger; | ||
| CREATE DATABASE rangerkms; | ||
| CREATE DATABASE hive; | ||
| GO | ||
| -- Create users and assign permissions | ||
| USE ranger; | ||
| CREATE LOGIN rangeradmin WITH PASSWORD = 'rangerR0cks!'; | ||
| CREATE USER rangeradmin FOR LOGIN rangeradmin; | ||
| ALTER ROLE db_owner ADD MEMBER rangeradmin; -- Grant equivalent high-level permissions | ||
| GO | ||
| USE rangerkms; | ||
| CREATE LOGIN rangerkms WITH PASSWORD = 'rangerR0cks!'; | ||
| CREATE USER rangerkms FOR LOGIN rangerkms; | ||
| ALTER ROLE db_owner ADD MEMBER rangerkms; -- Grant equivalent high-level permissions | ||
| GO | ||
| USE hive; | ||
| CREATE LOGIN hive WITH PASSWORD = 'rangerR0cks!'; | ||
| CREATE USER hive FOR LOGIN hive; | ||
| ALTER ROLE db_owner ADD MEMBER hive; -- Grant equivalent high-level permissions | ||
| GO | ||
| " -C | ||
|
|
||
| # Bring SQL Server to the foreground | ||
| wait -n | ||
| exec /opt/mssql/bin/sqlservr |
25 changes: 25 additions & 0 deletions
25
dev-support/ranger-docker/docker-compose.ranger-sqlserver.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| services: | ||
| ranger-db: | ||
| build: | ||
| context: . | ||
| dockerfile: Dockerfile.ranger-sqlserver | ||
| args: | ||
| - SQLSERVER_VERSION=${SQLSERVER_VERSION} | ||
| image: ranger-sqlserver | ||
| container_name: ranger-sqlserver | ||
| hostname: ranger-db.example.com | ||
| networks: | ||
| - ranger | ||
| healthcheck: | ||
| test: [ | ||
| "CMD-SHELL", | ||
| "/opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P rangerR0cks! -Q \"SELECT 1\" -C" # -C bypasses SSL validation | ||
| ] | ||
| interval: 15s | ||
| timeout: 10s | ||
| retries: 3 | ||
| start_period: 10s | ||
|
|
||
| networks: | ||
| ranger: | ||
| name: rangernw |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| <?xml version="1.0" encoding="UTF-8" standalone="no"?> | ||
| <?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!-- | ||
| /* | ||
| * Licensed to the Apache Software Foundation (ASF) under one | ||
| * or more contributor license agreements. See the NOTICE file | ||
| * distributed with this work for additional information | ||
| * regarding copyright ownership. The ASF licenses this file | ||
| * to you under the Apache License, Version 2.0 (the | ||
| * "License"); you may not use this file except in compliance | ||
| * with the License. You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
| --> | ||
| <configuration> | ||
| <property> | ||
| <name>javax.jdo.option.ConnectionURL</name> | ||
| <value>jdbc:sqlserver://ranger-db/hive</value> | ||
| </property> | ||
| <property> | ||
| <name>javax.jdo.option.ConnectionDriverName</name> | ||
| <value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value> | ||
| </property> | ||
| <property> | ||
| <name>javax.jdo.option.ConnectionUserName</name> | ||
| <value>hive</value> | ||
| </property> | ||
| <property> | ||
| <name>javax.jdo.option.ConnectionPassword</name> | ||
| <value>rangerR0cks!</value> | ||
| </property> | ||
| <property> | ||
| <name>hive.server2.enable.doAs</name> | ||
| <value>false</value> | ||
| </property> | ||
| <property> | ||
| <name>hive.zookeeper.quorum</name> | ||
| <value>ranger-zk.example.com</value> | ||
| </property> | ||
| <property> | ||
| <name>hive.zookeeper.client.port</name> | ||
| <value>2181</value> | ||
| </property> | ||
| </configuration> |
99 changes: 99 additions & 0 deletions
99
dev-support/ranger-docker/scripts/ranger-admin-install-sqlserver.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| # Licensed to the Apache Software Foundation (ASF) under one or more | ||
| # contributor license agreements. See the NOTICE file distributed with | ||
| # this work for additional information regarding copyright ownership. | ||
| # The ASF licenses this file to You under the Apache License, Version 2.0 | ||
| # (the "License"); you may not use this file except in compliance with | ||
| # the License. You may obtain a copy of the License at | ||
| # | ||
| # http://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| # | ||
| # This file provides a list of the deployment variables for the Policy Manager Web Application | ||
| # | ||
|
|
||
| PYTHON_COMMAND_INVOKER=python3 | ||
| RANGER_ADMIN_LOG_DIR=/var/log/ranger | ||
| RANGER_PID_DIR_PATH=/var/run/ranger | ||
| DB_FLAVOR=MSSQL | ||
| SQL_CONNECTOR_JAR=/usr/share/java/mssql.jar | ||
| CONNECTION_STRING_ADDITIONAL_PARAMS="trustServerCertificate=true;" | ||
| RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml | ||
|
|
||
| db_root_user=sa | ||
| db_root_password=rangerR0cks! | ||
| db_host=ranger-db | ||
|
|
||
| db_name=ranger | ||
| db_user=rangeradmin | ||
| db_password=rangerR0cks! | ||
|
|
||
| postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql | ||
| postgres_audit_file=db/postgres/xa_audit_db_postgres.sql | ||
| mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql | ||
| mysql_audit_file=db/mysql/xa_audit_db.sql | ||
| oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql | ||
| oracle_audit_file=db/oracle/xa_audit_db_oracle.sql | ||
| sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql | ||
| sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql | ||
|
|
||
| # For over-riding the jdbc url | ||
| is_override_db_connection_string=true | ||
| db_override_jdbc_connection_string="jdbc:sqlserver://ranger-db;databaseName=ranger;trustServerCertificate=true;" | ||
|
|
||
| rangerAdmin_password=rangerR0cks! | ||
| rangerTagsync_password=rangerR0cks! | ||
| rangerUsersync_password=rangerR0cks! | ||
| keyadmin_password=rangerR0cks! | ||
|
|
||
|
|
||
| audit_store=solr | ||
| audit_solr_urls=http://ranger-solr:8983/solr/ranger_audits | ||
| audit_solr_collection_name=ranger_audits | ||
|
|
||
| # audit_store=elasticsearch | ||
| audit_elasticsearch_urls= | ||
| audit_elasticsearch_port=9200 | ||
| audit_elasticsearch_protocol=http | ||
| audit_elasticsearch_user=elastic | ||
| audit_elasticsearch_password=elasticsearch | ||
| audit_elasticsearch_index=ranger_audits | ||
| audit_elasticsearch_bootstrap_enabled=true | ||
|
|
||
| policymgr_external_url=http://ranger-admin:6080 | ||
| policymgr_http_enabled=true | ||
|
|
||
| unix_user=ranger | ||
| unix_user_pwd=ranger | ||
| unix_group=ranger | ||
|
|
||
| # Following variables are referenced in db_setup.py. Do not remove these | ||
| sqlanywhere_core_file= | ||
| cred_keystore_filename= | ||
|
|
||
| # ################# DO NOT MODIFY ANY VARIABLES BELOW ######################### | ||
| # | ||
| # --- These deployment variables are not to be modified unless you understand the full impact of the changes | ||
| # | ||
| ################################################################################ | ||
| XAPOLICYMGR_DIR=$PWD | ||
| app_home=$PWD/ews/webapp | ||
| TMPFILE=$PWD/.fi_tmp | ||
| LOGFILE=$PWD/logfile | ||
| LOGFILES="$LOGFILE" | ||
|
|
||
| JAVA_BIN='java' | ||
| JAVA_VERSION_REQUIRED='1.8' | ||
|
|
||
| ranger_admin_max_heap_size=1g | ||
| #retry DB and Java patches after the given time in seconds. | ||
| PATCH_RETRY_INTERVAL=120 | ||
| STALE_PATCH_ENTRY_HOLD_TIME=10 | ||
|
|
||
| hadoop_conf= | ||
| authentication_method=UNIX |
Oops, something went wrong.