You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2017/04/24 12:01:53 UTC
[38/50] [abbrv] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log
is growing rapidly on the KDC server (echekanskiy)
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
index 602dad7..a42ca79 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
@@ -216,63 +216,6 @@ class NameNodeDefault(NameNode):
try_sleep=10
)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.namenode.kerberos.internal.spnego.principal',
- 'dfs.namenode.keytab.file',
- 'dfs.namenode.kerberos.principal']
- props_read_check = ['dfs.namenode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'hdfs-site' not in security_params
- or 'dfs.namenode.keytab.file' not in security_params['hdfs-site']
- or 'dfs.namenode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.namenode.keytab.file'],
- security_params['hdfs-site']['dfs.namenode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def rebalancehdfs(self, env):
import params
env.set_params(params)
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
index 7ba1f96..602c179 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
@@ -77,64 +77,6 @@ class NFSGateway(Script):
check_process_status(status_params.nfsgateway_pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['nfs.keytab.file',
- 'nfs.kerberos.principal']
- props_read_check = ['nfs.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'nfs.keytab.file' not in security_params['hdfs-site'] or
- 'nfs.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['nfs.keytab.file'],
- security_params['hdfs-site'][
- 'nfs.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
index 0f1f438..030a470 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
@@ -75,66 +75,6 @@ class SNameNodeDefault(SNameNode):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hadoop-hdfs-secondarynamenode", params.version)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal',
- 'dfs.secondary.namenode.keytab.file',
- 'dfs.secondary.namenode.kerberos.principal']
- props_read_check = ['dfs.secondary.namenode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.secondary.namenode.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.secondary.namenode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'],
- security_params['hdfs-site'][
- 'dfs.secondary.namenode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
index 19a78c7..fa948ca 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
@@ -119,49 +119,6 @@ class ZkfcSlaveDefault(ZkfcSlave):
env.set_params(status_params)
check_process_status(status_params.zkfc_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- if not result_issues: # If all validations passed successfully
- if status_params.hdfs_user_principal or status_params.hdfs_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- status_params.hdfs_user_keytab,
- status_params.hdfs_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out(
- {"securityIssuesFound": "hdfs principal and/or keytab file is not specified"})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def disable_security(self, env):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
index 8b69e45..2dc6906 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
@@ -113,58 +113,6 @@ class HiveMetastoreDefault(HiveMetastore):
check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major):
self.upgrade_schema(env)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.metastore.kerberos.keytab.file",
- "hive.metastore.kerberos.principal"]
-
- props_read_check = ["hive.metastore.kerberos.keytab.file"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \
- or 'hive.metastore.kerberos.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.metastore.kerberos.keytab.file'],
- security_params['hive-site']['hive.metastore.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
-
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
-
def upgrade_schema(self, env):
"""
Executes the schema upgrade binary. This is its own function because it could
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
index f6251e7..7c3a805 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
@@ -135,67 +135,6 @@ class HiveServerDefault(HiveServer):
if resource_created:
params.HdfsResource(None, action="execute")
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def _base_node(self, path):
if not path.startswith('/'):
path = '/' + path
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
index 46864c0..8f57f1e 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
@@ -152,67 +152,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive):
# Recursively check all existing gmetad pid files
check_process_status(status_params.hive_interactive_pid)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def restart_llap(self, env):
"""
Custom command to Restart LLAP
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
index 93fa411..18e11ab 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
@@ -84,73 +84,6 @@ class WebHCatServerDefault(WebHCatServer):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hive-webhcat", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations ={}
- expectations.update(
- build_expectations(
- 'webhcat-site',
- {
- "templeton.kerberos.secret": "secret"
- },
- [
- "templeton.kerberos.keytab",
- "templeton.kerberos.principal"
- ],
- [
- "templeton.kerberos.keytab"
- ]
- )
- )
- expectations.update(
- build_expectations(
- 'hive-site',
- {
- "hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"
- },
- None,
- None
- )
- )
-
- security_params = {}
- security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir,
- {'webhcat-site.xml': FILE_TYPE_XML}))
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'webhcat-site' not in security_params \
- or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \
- or 'templeton.kerberos.principal' not in security_params['webhcat-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.webhcat_user,
- security_params['webhcat-site']['templeton.kerberos.keytab'],
- security_params['webhcat-site']['templeton.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hcat_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
index 8b69e45..2dc6906 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
@@ -113,58 +113,6 @@ class HiveMetastoreDefault(HiveMetastore):
check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major):
self.upgrade_schema(env)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.metastore.kerberos.keytab.file",
- "hive.metastore.kerberos.principal"]
-
- props_read_check = ["hive.metastore.kerberos.keytab.file"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \
- or 'hive.metastore.kerberos.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.metastore.kerberos.keytab.file'],
- security_params['hive-site']['hive.metastore.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
-
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
-
def upgrade_schema(self, env):
"""
Executes the schema upgrade binary. This is its own function because it could
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
index f6251e7..7c3a805 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
@@ -135,67 +135,6 @@ class HiveServerDefault(HiveServer):
if resource_created:
params.HdfsResource(None, action="execute")
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def _base_node(self, path):
if not path.startswith('/'):
path = '/' + path
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
index 46864c0..8f57f1e 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
@@ -152,67 +152,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive):
# Recursively check all existing gmetad pid files
check_process_status(status_params.hive_interactive_pid)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def restart_llap(self, env):
"""
Custom command to Restart LLAP
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
index 93fa411..18e11ab 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
@@ -84,73 +84,6 @@ class WebHCatServerDefault(WebHCatServer):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hive-webhcat", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations ={}
- expectations.update(
- build_expectations(
- 'webhcat-site',
- {
- "templeton.kerberos.secret": "secret"
- },
- [
- "templeton.kerberos.keytab",
- "templeton.kerberos.principal"
- ],
- [
- "templeton.kerberos.keytab"
- ]
- )
- )
- expectations.update(
- build_expectations(
- 'hive-site',
- {
- "hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"
- },
- None,
- None
- )
- )
-
- security_params = {}
- security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir,
- {'webhcat-site.xml': FILE_TYPE_XML}))
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'webhcat-site' not in security_params \
- or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \
- or 'templeton.kerberos.principal' not in security_params['webhcat-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.webhcat_user,
- security_params['webhcat-site']['templeton.kerberos.keytab'],
- security_params['webhcat-site']['templeton.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hcat_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
index c50c67b..39fdcf5 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
@@ -43,27 +43,6 @@ class KerberosClient(KerberosScript):
def status(self, env):
raise ClientComponentHasNoStatus()
- def security_status(self, env):
- import status_params
- if status_params.security_enabled:
- if status_params.smoke_user and status_params.smoke_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.smoke_user,
- status_params.smoke_user_keytab,
- status_params.smoke_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNKNOWN"})
- self.put_structured_out({"securityStateErrorInfo": "Missing smoke user credentials"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def set_keytab(self, env):
self.write_keytab_file()
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
index 31e54e5..8996d23 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
@@ -202,67 +202,6 @@ class KnoxGatewayDefault(KnoxGateway):
File(params.ldap_pid_file,
action = "delete"
)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations = {}
- expectations.update(build_expectations(
- 'krb5JAASLogin',
- None,
- ['keytab', 'principal'],
- None
- ))
- expectations.update(build_expectations(
- 'gateway-site',
- {
- "gateway.hadoop.kerberos.secured" : "true"
- },
- None,
- None
- ))
-
- security_params = {
- "krb5JAASLogin":
- {
- 'keytab': status_params.knox_keytab_path,
- 'principal': status_params.knox_principal_name
- }
- }
- security_params.update(get_params_from_filesystem(status_params.knox_conf_dir,
- {"gateway-site.xml" : FILE_TYPE_XML}))
-
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'krb5JAASLogin' not in security_params
- or 'keytab' not in security_params['krb5JAASLogin']
- or 'principal' not in security_params['krb5JAASLogin']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file and principal are not set."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.knox_user,
- security_params['krb5JAASLogin']['keytab'],
- security_params['krb5JAASLogin']['principal'],
- status_params.hostname,
- status_params.temp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
index a8b2cf4..9320bc3 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
@@ -105,69 +105,6 @@ class OozieServer(Script):
@OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT)
class OozieServerDefault(OozieServer):
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations = {
- "oozie-site":
- build_expectations('oozie-site',
- {
- "oozie.authentication.type": "kerberos",
- "oozie.service.AuthorizationService.security.enabled": "true",
- "oozie.service.HadoopAccessorService.kerberos.enabled": "true"
- },
- [
- "local.realm",
- "oozie.authentication.kerberos.principal",
- "oozie.authentication.kerberos.keytab",
- "oozie.service.HadoopAccessorService.kerberos.principal",
- "oozie.service.HadoopAccessorService.keytab.file"
- ],
- None)
- }
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'oozie-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('oozie-site' not in security_params
- or 'oozie.authentication.kerberos.principal' not in security_params['oozie-site']
- or 'oozie.authentication.kerberos.keytab' not in security_params['oozie-site']
- or 'oozie.service.HadoopAccessorService.kerberos.principal' not in security_params['oozie-site']
- or 'oozie.service.HadoopAccessorService.keytab.file' not in security_params['oozie-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.oozie_user,
- security_params['oozie-site']['oozie.authentication.kerberos.keytab'],
- security_params['oozie-site']['oozie.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.oozie_user,
- security_params['oozie-site']['oozie.service.HadoopAccessorService.keytab.file'],
- security_params['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def pre_upgrade_restart(self, env, upgrade_type=None):
"""
Performs the tasks that should be done before an upgrade of oozie. This includes:
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
index 178c043..f991e71 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
@@ -74,58 +74,6 @@ class DrpcServer(Script):
import status_params
env.set_params(status_params)
check_process_status(status_params.pid_drpc)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
-
- try:
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
- storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check,
- props_read_check)
-
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'storm_jaas.conf': FILE_TYPE_JAAS_CONF})
-
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_jaas' not in security_params
- or 'StormServer' not in security_params['storm_jaas']
- or 'keyTab' not in security_params['storm_jaas']['StormServer']
- or 'principal' not in security_params['storm_jaas']['StormServer']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
index a974103..360af5d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
@@ -82,51 +82,6 @@ class NimbusDefault(Nimbus):
env.set_params(status_params)
check_process_status(status_params.pid_nimbus)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
- try:
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
- storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, props_read_check)
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
- security_params = get_params_from_filesystem(status_params.conf_dir, {'storm_jaas.conf': FILE_TYPE_JAAS_CONF})
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_jaas' not in security_params
- or 'StormServer' not in security_params['storm_jaas']
- or 'keyTab' not in security_params['storm_jaas']['StormServer']
- or 'principal' not in security_params['storm_jaas']['StormServer']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
index a56c0cd..fa3112d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
@@ -74,58 +74,6 @@ class PaceMaker(Script):
env.set_params(status_params)
check_process_status(status_params.pid_pacemaker)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
-
- try:
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
- storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check,
- props_read_check)
-
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'storm_jaas.conf': FILE_TYPE_JAAS_CONF})
-
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_jaas' not in security_params
- or 'StormServer' not in security_params['storm_jaas']
- or 'keyTab' not in security_params['storm_jaas']['StormServer']
- or 'principal' not in security_params['storm_jaas']['StormServer']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
index 63acecf..e257ef9 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
@@ -120,59 +120,6 @@ class UiServerDefault(UiServer):
import status_params
env.set_params(status_params)
check_process_status(status_params.pid_ui)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
-
- try:
- props_value_check = None
- props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab']
- props_read_check = ['storm_ui_keytab']
- storm_env_expectations = build_expectations('storm_ui', props_value_check, props_empty_check,
- props_read_check)
-
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
-
- security_params = {}
- security_params['storm_ui'] = {}
- security_params['storm_ui']['storm_ui_principal_name'] = status_params.storm_ui_principal
- security_params['storm_ui']['storm_ui_keytab'] = status_params.storm_ui_keytab
-
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_ui' not in security_params
- or 'storm_ui_principal_name' not in security_params['storm_ui']
- or 'storm_ui_keytab' not in security_params['storm_ui']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_ui']['storm_ui_keytab'],
- security_params['storm_ui']['storm_ui_principal_name'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
index 03fff21..b1e0c16 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
@@ -83,67 +83,6 @@ class ApplicationTimelineServerDefault(ApplicationTimelineServer):
env.set_params(status_params)
check_process_status(status_params.yarn_historyserver_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.enabled": "true",
- "yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.timeline-service.principal",
- "yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.principal",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
-
- props_read_check = ["yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.timeline-service.keytab' not in security_params['yarn-site']
- or 'yarn.timeline-service.principal' not in security_params['yarn-site']) \
- or 'yarn.timeline-service.http-authentication.kerberos.keytab' not in security_params['yarn-site'] \
- or 'yarn.timeline-service.http-authentication.kerberos.principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.timeline-service.keytab'],
- security_params['yarn-site']['yarn.timeline-service.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'],
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.yarn_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
index 8f5d380..d886244 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
@@ -120,62 +120,6 @@ class HistoryServerDefault(HistoryServer):
env.set_params(status_params)
check_process_status(status_params.mapred_historyserver_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- expectations = {}
- expectations.update(build_expectations('mapred-site',
- None,
- [
- 'mapreduce.jobhistory.keytab',
- 'mapreduce.jobhistory.principal',
- 'mapreduce.jobhistory.webapp.spnego-keytab-file',
- 'mapreduce.jobhistory.webapp.spnego-principal'
- ],
- None))
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'mapred-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'mapred-site' not in security_params or
- 'mapreduce.jobhistory.keytab' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.principal' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.webapp.spnego-keytab-file' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.webapp.spnego-principal' not in security_params['mapred-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal not set."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.mapred_user,
- security_params['mapred-site']['mapreduce.jobhistory.keytab'],
- security_params['mapred-site']['mapreduce.jobhistory.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.mapred_user,
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'],
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.mapred_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a00812a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
index 133d2e1..5acb20b 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
@@ -90,66 +90,6 @@ class NodemanagerDefault(Nodemanager):
env.set_params(status_params)
check_process_status(status_params.nodemanager_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.nodemanager.principal",
- "yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-principal",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_site_props)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.nodemanager.keytab' not in security_params['yarn-site']
- or 'yarn.nodemanager.principal' not in security_params['yarn-site']) \
- or 'yarn.nodemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \
- or 'yarn.nodemanager.webapp.spnego-principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.nodemanager.keytab'],
- security_params['yarn-site']['yarn.nodemanager.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.yarn_log_dir