You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/02/03 14:53:20 UTC
[16/50] [abbrv] ambari git commit: AMBARI-19331. Setup correct
authentication and authorization mechanism between Yarn and Zookeeper (Attila
Magyar via rlevas)
AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4026efac
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4026efac
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4026efac
Branch: refs/heads/branch-dev-patch-upgrade
Commit: 4026efacc398197ddb3b67230641efd7c850e2b8
Parents: 2627380
Author: Attila Magyar <am...@hortonworks.com>
Authored: Wed Feb 1 13:14:07 2017 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Feb 1 13:14:07 2017 -0500
----------------------------------------------------------------------
.../YARN/2.1.0.2.0/package/scripts/params_linux.py | 2 ++
.../YARN/2.1.0.2.0/package/scripts/resourcemanager.py | 2 ++
.../resources/common-services/YARN/3.0.0.3.0/kerberos.json | 7 ++++++-
.../YARN/3.0.0.3.0/package/scripts/params_linux.py | 4 +++-
.../YARN/3.0.0.3.0/package/scripts/resourcemanager.py | 2 ++
.../main/resources/stacks/HDP/2.6/services/YARN/kerberos.json | 6 +++++-
6 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index aed8abc..335f1ac 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -257,6 +257,8 @@ rm_zk_address = config['configurations']['yarn-site']['yarn.resourcemanager.zk-a
rm_zk_znode = config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
rm_zk_store_class = config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
stack_supports_zk_security = check_stack_feature(StackFeature.SECURE_ZOOKEEPER, version_for_stack_feature_checks)
+rm_zk_failover_znode = default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path', '/yarn-leader-election')
+hadoop_registry_zk_root = default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
if security_enabled:
rm_principal_name = config['configurations']['yarn-site']['yarn.resourcemanager.principal']
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index a659dd1..b871b68 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -241,6 +241,8 @@ class ResourcemanagerDefault(Resourcemanager):
params.yarn_jaas_file, \
params.yarn_user)
zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+ zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+ zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
def wait_for_dfs_directories_created(self, *dirs):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
index 29cc00a..ae4db4f 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
@@ -31,7 +31,12 @@
"yarn.resourcemanager.proxyuser.*.groups": "",
"yarn.resourcemanager.proxyuser.*.hosts": "",
"yarn.resourcemanager.proxyuser.*.users": "",
- "yarn.resourcemanager.proxy-user-privileges.enabled": "true"
+ "yarn.resourcemanager.proxy-user-privileges.enabled": "true",
+ "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda",
+ "hadoop.registry.secure" : "true",
+ "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm,sasl:hive",
+ "hadoop.registry.client.auth" : "kerberos",
+ "hadoop.registry.jaas.context" : "Client"
}
},
{
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
index 4d47925..0f6f1fa 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
@@ -255,6 +255,8 @@ nodemanager_kinit_cmd = ""
rm_zk_address = config['configurations']['yarn-site']['yarn.resourcemanager.zk-address']
rm_zk_znode = config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
rm_zk_store_class = config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
+rm_zk_failover_znode = default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path', '/yarn-leader-election')
+hadoop_registry_zk_root = default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
if security_enabled:
rm_principal_name = config['configurations']['yarn-site']['yarn.resourcemanager.principal']
@@ -490,4 +492,4 @@ if enable_ranger_yarn and is_supported_yarn_ranger:
if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla':
xa_audit_db_is_enabled = False
-# ranger yarn plugin end section
\ No newline at end of file
+# ranger yarn plugin end section
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
index 4d8d95e..ba748f1 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
@@ -122,6 +122,8 @@ class ResourcemanagerDefault(Resourcemanager):
params.yarn_jaas_file, \
params.yarn_user)
zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+ zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+ zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
def start(self, env, upgrade_type=None):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
index eaffec6..ae4db4f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
@@ -32,7 +32,11 @@
"yarn.resourcemanager.proxyuser.*.hosts": "",
"yarn.resourcemanager.proxyuser.*.users": "",
"yarn.resourcemanager.proxy-user-privileges.enabled": "true",
- "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda"
+ "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda",
+ "hadoop.registry.secure" : "true",
+ "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm,sasl:hive",
+ "hadoop.registry.client.auth" : "kerberos",
+ "hadoop.registry.jaas.context" : "Client"
}
},
{