RANGER-5554: Refactor Ranger Admin bootstrap to use runtime XML config only

dev-support/ranger-docker/Dockerfile.ranger

@@ -25,12 +25,19 @@ ARG TARGETARCH
 
 COPY ./dist/ranger-${RANGER_VERSION}-admin.tar.gz     /home/ranger/dist/
 COPY ./scripts/admin/ranger.sh                        ${RANGER_SCRIPTS}/
-COPY ./scripts/admin/create-ranger-services.py        ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/user_password_bootstrap.py       ${RANGER_SCRIPTS}/
+COPY ./scripts/python/log_config.py                   ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/dba.py                           ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/ranger_admin_xml_config.py       ${RANGER_SCRIPTS}/
+COPY ./scripts/admin/create-ranger-services.py        ${RANGER_SCRIPTS}/create_services.py
 
 RUN    tar xvfz /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz --directory=${RANGER_HOME} \
     && ln -s ${RANGER_HOME}/ranger-${RANGER_VERSION}-admin ${RANGER_HOME}/admin \
     && rm -f /home/ranger/dist/ranger-${RANGER_VERSION}-admin.tar.gz \
     && rm -f /opt/ranger/admin/install.properties \
+    && rm -f /opt/ranger/admin/setup.sh \
+    && rm -f /opt/ranger/admin/dba_script.py \
+    && rm -f /opt/ranger/admin/db_setup.py \
     && mkdir -p /var/run/ranger /var/log/ranger /usr/share/java/ \
     && chown -R ranger:ranger ${RANGER_HOME}/admin/ ${RANGER_SCRIPTS}/ /var/run/ranger/ /var/log/ranger/ \
     && chmod 755 ${RANGER_SCRIPTS}/ranger.sh

dev-support/ranger-docker/docker-compose.ranger.yml

@@ -17,7 +17,9 @@ services:
       - ./dist/version:/home/ranger/dist/version:ro
       - ./scripts/kdc/krb5.conf:/etc/krb5.conf:ro
       - ./scripts/hadoop/core-site.xml:/home/ranger/scripts/core-site.xml:ro
-      - ./scripts/admin/ranger-admin-install-${RANGER_DB_TYPE}.properties:/opt/ranger/admin/install.properties
+      - ./scripts/admin/core-site.xml:/opt/ranger/admin/configs/core-site.xml:ro
+      - ./scripts/admin/ranger-admin-site.xml:/opt/ranger/admin/configs/ranger-admin-site.xml:ro
+      - ./scripts/admin/ranger-admin-default-site.xml:/opt/ranger/admin/configs/ranger-admin-default-site.xml:ro
     stdin_open: true
     tty: true
     networks:
@@ -38,6 +40,10 @@ services:
       - RANGER_DB_TYPE
       - KERBEROS_ENABLED
       - DEBUG_ADMIN=${DEBUG_ADMIN:-false}
+      - RANGER_ADMIN_DB_PASSWORD=rangerR0cks!
+      - RANGER_ADMIN_PASSWORD=rangerR0cks!
+      - RANGER_USERSYNC_PASSWORD=rangerR0cks!
+      - RANGER_TAGSYNC_PASSWORD=rangerR0cks!
     command:
       - /home/ranger/scripts/ranger.sh
 

dev-support/ranger-docker/scripts/admin/core-site.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<configuration>
+    <property>
+        <name>hadoop.security.authentication</name>
+        <value>simple</value>
+    </property>
+    <property>
+        <name>hadoop.security.authorization</name>
+        <value>true</value>
+    </property>
+    <property>
+        <name>fs.defaultFS</name>
+        <value>hdfs://localhost:9000</value>
+    </property>
+    <property>
+        <name>hadoop.rpc.protection</name>
+        <value>authentication</value>
+    </property>
+    <property>
+        <name>hadoop.security.key.provider.path</name>
+        <value>kms://http@localhost:9292/kms</value>
+    </property>
+    <property>
+        <name>zookeeper.quorum</name>
+        <value>localhost:2181</value>
+    </property>
+    <property>
+        <name>cluster.name</name>
+        <value>dev</value>
+    </property>
+</configuration>

dev-support/ranger-docker/scripts/admin/create-ranger-services.py

@@ -1,16 +1,17 @@
 from apache_ranger.model.ranger_service import RangerService
-from apache_ranger.client.ranger_client import RangerClient
 from json import JSONDecodeError
 
-ranger_client = RangerClient('http://ranger:6080', ('admin', 'rangerR0cks!'))
+from log_config import configure_logging, get_logger
+from ranger_admin_xml_config import get_ranger_client
 
+logger = get_logger(__name__)
 
-def service_not_exists(service):
+def service_not_exists(ranger_client, service):
     try:
         svc = ranger_client.get_service(service.name)
     except JSONDecodeError:
-        return 1
-    return 0 if svc is not None else 1
+        return True
+    return svc is None
 
 
 hdfs = RangerService({'name': 'dev_hdfs', 'type': 'hdfs',
@@ -148,11 +149,24 @@ def service_not_exists(service):
                                  'ranger.plugin.super.users': 'solr',
                                  'ranger.plugin.solr.policy.refresh.synchronous':'true'}})
 
-services = [hdfs, yarn, hive, hbase, kafka, knox, kms, trino, ozone, solr]
-for service in services:
-    try:
-        if service_not_exists(service):
-            ranger_client.create_service(service)
-            print(f" {service.name} service created!")
-    except Exception as e:
-        print(f"An exception occured: {e}")
+def main() -> int:
+    configure_logging()
+    ranger_client = get_ranger_client()
+    services = [hdfs, yarn, hive, hbase, kafka, knox, kms, trino, ozone, solr]
+
+    for service in services:
+        try:
+            if service_not_exists(ranger_client, service):
+                ranger_client.create_service(service)
+                logger.info("%s service created", service.name)
+            else:
+                logger.info("%s service already exists", service.name)
+        except Exception:
+            logger.exception("Failed to reconcile Ranger service %s", service.name)
+            return 1
+
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())