RANGER-5080: Add docker support for MS SQL Server database (#483)

Author: kumaab

.github/workflows/maven.yml

@@ -105,7 +105,7 @@ jobs:
         run: |
           cp ranger-*.tar.gz dev-support/ranger-docker/dist
           cp version dev-support/ranger-docker/dist
-      
+
       - name: Cache downloaded archives
         uses: actions/cache@v4
         with:
@@ -159,8 +159,9 @@ jobs:
           -f docker-compose.ranger-hive.yml \
           -f docker-compose.ranger-knox.yml \
           -f docker-compose.ranger-ozone.yml up -d
+
       - name: Check status of containers and remove them
-        run: | 
+        run: |
           sleep 60
           containers=(ranger ranger-zk ranger-solr ranger-postgres ranger-usersync ranger-tagsync ranger-kms ranger-hadoop ranger-hbase ranger-kafka ranger-hive ranger-knox ozone-om ozone-scm ozone-datanode);
           flag=true;

dev-support/ranger-docker/.env

@@ -36,6 +36,7 @@ UBI_VERSION=latest
 MARIADB_VERSION=10.7.3
 POSTGRES_VERSION=12
 ORACLE_VERSION=23.6
+SQLSERVER_VERSION=2019-latest
 ENABLE_DB_MOUNT=true
 ZK_VERSION=3.9.2
 SOLR_VERSION=8.11.3

dev-support/ranger-docker/Dockerfile.ranger

@@ -58,6 +58,10 @@ FROM ranger AS ranger_oracle
 COPY ./downloads/ojdbc8.jar         /home/ranger/dist/
 RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar
 
+FROM ranger AS ranger_sqlserver
+COPY ./downloads/mssql-jdbc-12.8.1.jre8.jar            /home/ranger/dist/
+RUN mv /home/ranger/dist/mssql-jdbc-12.8.1.jre8.jar    /usr/share/java/mssql.jar
+
 FROM ranger_${RANGER_DB_TYPE}
 
 USER ranger

dev-support/ranger-docker/Dockerfile.ranger-kms

@@ -58,6 +58,10 @@ FROM ranger-kms AS ranger_oracle
 COPY ./downloads/ojdbc8.jar         /home/ranger/dist/
 RUN mv /home/ranger/dist/ojdbc8.jar /usr/share/java/oracle.jar
 
+FROM ranger-kms AS ranger_sqlserver
+COPY ./downloads/mssql-jdbc-12.8.1.jre8.jar            /home/ranger/dist/
+RUN mv /home/ranger/dist/mssql-jdbc-12.8.1.jre8.jar    /usr/share/java/mssql.jar
+
 FROM ranger_${RANGER_DB_TYPE}
 
 ENTRYPOINT [ "/home/ranger/scripts/ranger-kms.sh" ]

dev-support/ranger-docker/Dockerfile.ranger-sqlserver

@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG SQLSERVER_VERSION
+
+FROM mcr.microsoft.com/mssql/server:${SQLSERVER_VERSION}
+
+ENV ACCEPT_EULA=Y
+ENV MSSQL_SA_PASSWORD=rangerR0cks!
+
+EXPOSE 1433
+
+USER root
+
+RUN  mkdir -p /docker-entrypoint-initdb.d
+COPY config/init_mssql.sh /docker-entrypoint-initdb.d/
+RUN  chown -R mssql /docker-entrypoint-initdb.d/
+RUN  chmod +x /docker-entrypoint-initdb.d/init_mssql.sh
+
+USER mssql
+
+ENTRYPOINT ["/docker-entrypoint-initdb.d/init_mssql.sh"]

dev-support/ranger-docker/config/init_mssql.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License,  Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+/opt/mssql/bin/sqlservr &
+
+# Wait for SQL Server to be ready
+echo "Waiting for SQL Server to start..."
+RETRIES=30  # Number of retries
+SLEEP_INTERVAL=5  # Seconds to wait between retries
+for i in $(seq 1 $RETRIES); do
+    # Try to connect to SQL Server
+    /opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P "rangerR0cks!" -Q "SELECT 1" -C > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        echo "SQL Server is ready!"
+        break
+    else
+        echo "SQL Server is not ready yet. Waiting..."
+        sleep $SLEEP_INTERVAL
+    fi
+done
+
+if [ $i -eq $RETRIES ]; then
+    echo "SQL Server did not become ready in time. Exiting."
+    exit 1
+fi
+
+/opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P 'rangerR0cks!' -Q "
+
+-- Set the database context
+USE master;
+
+-- Create databases
+CREATE DATABASE ranger;
+CREATE DATABASE rangerkms;
+CREATE DATABASE hive;
+GO
+
+-- Create users and assign permissions
+USE ranger;
+CREATE LOGIN rangeradmin WITH PASSWORD = 'rangerR0cks!';
+CREATE USER rangeradmin FOR LOGIN rangeradmin;
+ALTER ROLE db_owner ADD MEMBER rangeradmin; -- Grant equivalent high-level permissions
+GO
+
+USE rangerkms;
+CREATE LOGIN rangerkms WITH PASSWORD = 'rangerR0cks!';
+CREATE USER rangerkms FOR LOGIN rangerkms;
+ALTER ROLE db_owner ADD MEMBER rangerkms; -- Grant equivalent high-level permissions
+GO
+
+USE hive;
+CREATE LOGIN hive WITH PASSWORD = 'rangerR0cks!';
+CREATE USER hive FOR LOGIN hive;
+ALTER ROLE db_owner ADD MEMBER hive; -- Grant equivalent high-level permissions
+GO
+" -C
+
+# Bring SQL Server to the foreground
+wait -n
+exec /opt/mssql/bin/sqlservr

dev-support/ranger-docker/docker-compose.ranger-sqlserver.yml

@@ -0,0 +1,25 @@
+services:
+  ranger-db:
+    build:
+      context: .
+      dockerfile: Dockerfile.ranger-sqlserver
+      args:
+        - SQLSERVER_VERSION=${SQLSERVER_VERSION}
+    image: ranger-sqlserver
+    container_name: ranger-sqlserver
+    hostname: ranger-db.example.com
+    networks:
+      - ranger
+    healthcheck:
+      test: [
+        "CMD-SHELL",
+        "/opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P rangerR0cks! -Q \"SELECT 1\" -C" # -C bypasses SSL validation
+      ]
+      interval: 15s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+networks:
+  ranger:
+    name: rangernw

dev-support/ranger-docker/download-archives.sh

@@ -44,6 +44,7 @@ downloadIfNotPresent() {
 downloadIfNotPresent postgresql-42.2.16.jre7.jar            "https://search.maven.org/remotecontent?filepath=org/postgresql/postgresql/42.2.16.jre7"
 downloadIfNotPresent mysql-connector-java-8.0.28.jar        "https://search.maven.org/remotecontent?filepath=mysql/mysql-connector-java/8.0.28"
 downloadIfNotPresent ojdbc8.jar                             https://download.oracle.com/otn-pub/otn_software/jdbc/236
+downloadIfNotPresent mssql-jdbc-12.8.1.jre8.jar             https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.8.1.jre8
 downloadIfNotPresent log4jdbc-1.2.jar                       https://repo1.maven.org/maven2/com/googlecode/log4jdbc/log4jdbc/1.2
 
 if [[ $# -eq 0 ]]

dev-support/ranger-docker/scripts/hive-site-sqlserver.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?><!--
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+    <property>
+        <name>javax.jdo.option.ConnectionURL</name>
+        <value>jdbc:sqlserver://ranger-db/hive</value>
+    </property>
+    <property>
+        <name>javax.jdo.option.ConnectionDriverName</name>
+        <value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value>
+    </property>
+    <property>
+        <name>javax.jdo.option.ConnectionUserName</name>
+        <value>hive</value>
+    </property>
+    <property>
+        <name>javax.jdo.option.ConnectionPassword</name>
+        <value>rangerR0cks!</value>
+    </property>
+    <property>
+        <name>hive.server2.enable.doAs</name>
+        <value>false</value>
+    </property>
+    <property>
+        <name>hive.zookeeper.quorum</name>
+        <value>ranger-zk.example.com</value>
+    </property>
+    <property>
+        <name>hive.zookeeper.client.port</name>
+        <value>2181</value>
+    </property>
+</configuration>

dev-support/ranger-docker/scripts/ranger-admin-install-sqlserver.properties

@@ -0,0 +1,99 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# This file provides a list of the deployment variables for the Policy Manager Web Application
+#
+
+PYTHON_COMMAND_INVOKER=python3
+RANGER_ADMIN_LOG_DIR=/var/log/ranger
+RANGER_PID_DIR_PATH=/var/run/ranger
+DB_FLAVOR=MSSQL
+SQL_CONNECTOR_JAR=/usr/share/java/mssql.jar
+CONNECTION_STRING_ADDITIONAL_PARAMS="trustServerCertificate=true;"
+RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml
+
+db_root_user=sa
+db_root_password=rangerR0cks!
+db_host=ranger-db
+
+db_name=ranger
+db_user=rangeradmin
+db_password=rangerR0cks!
+
+postgres_core_file=db/postgres/optimized/current/ranger_core_db_postgres.sql
+postgres_audit_file=db/postgres/xa_audit_db_postgres.sql
+mysql_core_file=db/mysql/optimized/current/ranger_core_db_mysql.sql
+mysql_audit_file=db/mysql/xa_audit_db.sql
+oracle_core_file=db/oracle/optimized/current/ranger_core_db_oracle.sql
+oracle_audit_file=db/oracle/xa_audit_db_oracle.sql
+sqlserver_core_file=db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql
+
+# For over-riding the jdbc url
+is_override_db_connection_string=true
+db_override_jdbc_connection_string="jdbc:sqlserver://ranger-db;databaseName=ranger;trustServerCertificate=true;"
+
+rangerAdmin_password=rangerR0cks!
+rangerTagsync_password=rangerR0cks!
+rangerUsersync_password=rangerR0cks!
+keyadmin_password=rangerR0cks!
+
+
+audit_store=solr
+audit_solr_urls=http://ranger-solr:8983/solr/ranger_audits
+audit_solr_collection_name=ranger_audits
+
+# audit_store=elasticsearch
+audit_elasticsearch_urls=
+audit_elasticsearch_port=9200
+audit_elasticsearch_protocol=http
+audit_elasticsearch_user=elastic
+audit_elasticsearch_password=elasticsearch
+audit_elasticsearch_index=ranger_audits
+audit_elasticsearch_bootstrap_enabled=true
+
+policymgr_external_url=http://ranger-admin:6080
+policymgr_http_enabled=true
+
+unix_user=ranger
+unix_user_pwd=ranger
+unix_group=ranger
+
+# Following variables are referenced in db_setup.py. Do not remove these
+sqlanywhere_core_file=
+cred_keystore_filename=
+
+# #################  DO NOT MODIFY ANY VARIABLES BELOW #########################
+#
+# --- These deployment variables are not to be modified unless you understand the full impact of the changes
+#
+################################################################################
+XAPOLICYMGR_DIR=$PWD
+app_home=$PWD/ews/webapp
+TMPFILE=$PWD/.fi_tmp
+LOGFILE=$PWD/logfile
+LOGFILES="$LOGFILE"
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.8'
+
+ranger_admin_max_heap_size=1g
+#retry DB and Java patches after the given time in seconds.
+PATCH_RETRY_INTERVAL=120
+STALE_PATCH_ENTRY_HOLD_TIME=10
+
+hadoop_conf=
+authentication_method=UNIX