You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by dm...@apache.org on 2013/08/21 15:06:13 UTC
git commit: AMBARI-2930. Whether security is enabled or not should be
keyed off of "hadoop.security.authentication" in "core-site.xml",
not "security_enabled" global param (Vitaly Brodetskyi via dlysnichenko)
Updated Branches:
refs/heads/trunk a811db6d4 -> 3a97a6e99
AMBARI-2930. Whether security is enabled or not should be keyed off of "hadoop.security.authentication" in "core-site.xml", not "security_enabled" global param (Vitaly Brodetskyi via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/3a97a6e9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/3a97a6e9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/3a97a6e9
Branch: refs/heads/trunk
Commit: 3a97a6e999c51f7843819463a12c8b3ff542fcb1
Parents: a811db6
Author: Lisnichenko Dmitro <dl...@hortonworks.com>
Authored: Wed Aug 21 16:03:38 2013 +0300
Committer: Lisnichenko Dmitro <dl...@hortonworks.com>
Committed: Wed Aug 21 16:03:38 2013 +0300
----------------------------------------------------------------------
.../puppet/modules/hdp-hadoop/templates/health_check.erb | 2 +-
.../main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb | 2 +-
.../modules/hdp-nagios/templates/hadoop-services.cfg.erb | 6 +++---
.../main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb | 2 +-
.../modules/hdp-zookeeper/templates/zookeeper-env.sh.erb | 2 +-
ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp | 8 +++++++-
.../HDP/1.2.0/services/HDFS/configuration/core-site.xml | 2 +-
.../HDP/1.2.1/services/HDFS/configuration/core-site.xml | 2 +-
.../HDP/1.3.0/services/HDFS/configuration/core-site.xml | 2 +-
.../HDP/1.3.2/services/HDFS/configuration/core-site.xml | 2 +-
.../HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml | 2 +-
.../HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml | 2 +-
.../HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml | 2 +-
.../HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml | 2 +-
14 files changed, 22 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb b/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb
index 112f36e..b84b336 100644
--- a/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb
+++ b/ambari-agent/src/main/puppet/modules/hdp-hadoop/templates/health_check.erb
@@ -41,7 +41,7 @@ function check_disks {
}
function check_taskcontroller {
- if [ "<%=scope.function_hdp_template_var("security_enabled")%>" == "true" ]; then
+ if [ "<%=scope.function_hdp_template_var("::hdp::params::security_enabled")%>" == "true" ]; then
perm=`stat -c %a:%U:%G <%=scope.function_hdp_template_var("task_bin_exe")%> 2>/dev/null`
if [ $? -eq 0 ] && [ "$perm" == "6050:root:hadoop" ] ; then
echo "taskcontroller ok"
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb
index 43ed8cc..6c4e146 100644
--- a/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb
+++ b/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb
@@ -76,7 +76,7 @@ export HBASE_PID_DIR=<%=scope.function_hdp_template_var("hbase_pid_dir")%>
export HBASE_MANAGES_ZK=false
-<% if scope.function_hdp_template_var("security_enabled") == true %>
+<% if scope.function_hdp_template_var("::hdp::params::security_enabled") == true %>
export HBASE_OPTS="$HBASE_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_client_jaas_config_file")%>"
export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_jaas_config_file")%>"
export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_jaas_config_file")%>"
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
index ca64fe1..97ff763 100644
--- a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
+++ b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
@@ -645,7 +645,7 @@ define service {
use hadoop-service
service_description HIVE-METASTORE::Hive Metastore status
servicegroups HIVE-METASTORE
- <%if scope.function_hdp_template_var("security_enabled")-%>
+ <%if scope.function_hdp_template_var("::hdp::params::security_enabled")-%>
check_command check_hive_metastore_status!<%=scope.function_hdp_template_var("::hive_metastore_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>
<%else-%>
check_command check_hive_metastore_status!<%=scope.function_hdp_template_var("::hive_metastore_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!false
@@ -662,7 +662,7 @@ define service {
use hadoop-service
service_description OOZIE::Oozie Server status
servicegroups OOZIE
- <%if scope.function_hdp_template_var("security_enabled")-%>
+ <%if scope.function_hdp_template_var("::hdp::params::security_enabled")-%>
check_command check_oozie_status!<%=scope.function_hdp_template_var("::hdp::oozie_server_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!true!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>
<%else-%>
check_command check_oozie_status!<%=scope.function_hdp_template_var("::hdp::oozie_server_port")%>!<%=scope.function_hdp_template_var("java64_home")%>!false
@@ -679,7 +679,7 @@ define service {
use hadoop-service
service_description WEBHCAT::WebHCat Server status
servicegroups WEBHCAT
- <%if scope.function_hdp_template_var("security_enabled")-%>
+ <%if scope.function_hdp_template_var("::hdp::params::security_enabled")-%>
check_command check_templeton_status!<%=scope.function_hdp_template_var("::hdp::templeton_port")%>!v1!true!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>
<%else-%>
check_command check_templeton_status!<%=scope.function_hdp_template_var("::hdp::templeton_port")%>!v1!false
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb
index df1381c..e3edc7c 100644
--- a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb
+++ b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb
@@ -36,7 +36,7 @@ clientPort=<%=scope.function_hdp_template_var("clientPort")%>
server.<%=(i+1).to_s%>=<%=host%>:2888:3888
<% end -%>
-<% if scope.function_hdp_template_var("security_enabled") == true %>
+<% if scope.function_hdp_template_var("::hdp::params::security_enabled") == true %>
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
jaasLoginRenew=3600000
kerberos.removeHostFromPrincipal=true
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb
index 448a093..03cf969 100644
--- a/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb
+++ b/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb
@@ -19,7 +19,7 @@ export SERVER_JVMFLAGS=<%=scope.function_hdp_template_var("zk_server_heapsize")%
export JAVA=$JAVA_HOME/bin/java
export CLASSPATH=$CLASSPATH:/usr/share/zookeeper/*
-<% if scope.function_hdp_template_var("security_enabled") == true %>
+<% if scope.function_hdp_template_var("::hdp::params::security_enabled") == true %>
export SERVER_JVMFLAGS="$SERVER_JVMFLAGS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_server_jaas_file")%>"
export CLIENT_JVMFLAGS="$CLIENT_JVMFLAGS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_client_jaas_file")%>"
<% end %>
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp
index 1f91194..d62af04 100644
--- a/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp
+++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/params.pp
@@ -48,7 +48,13 @@ class hdp::params()
$public_hostname = hdp_default("public_hostname")
##### for secure install
- $security_enabled = hdp_default("security_enabled",false)
+ $hadoop_security_authenticatoin = hdp_default("core-site/hadoop.security.authentication", "simple")
+
+ $security_enabled = $hadoop_security_authenticatoin ? {
+ 'kerberos' => true,
+ default => false,
+ }
+
$kerberos_domain = hdp_default("kerberos_domain","EXAMPLE.COM")
$kinit_path_local = hdp_get_kinit_path(hdp_default("kinit_path_local"), "/usr/bin", "/usr/kerberos/bin", "/usr/sbin")
$keytab_path = hdp_default("keytab_path", "/etc/security/keytabs")
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml
index a312e68..a3f8137 100644
--- a/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/1.2.0/services/HDFS/configuration/core-site.xml
@@ -142,7 +142,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml
index 81dfc70..acf3e4c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/1.2.1/services/HDFS/configuration/core-site.xml
@@ -142,7 +142,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml
index 94ffbbb..fe0bcba 100644
--- a/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HDFS/configuration/core-site.xml
@@ -144,7 +144,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml
index 94ffbbb..fe0bcba 100644
--- a/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/1.3.2/services/HDFS/configuration/core-site.xml
@@ -144,7 +144,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml
index a312e68..a3f8137 100644
--- a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.0/services/HDFS/configuration/core-site.xml
@@ -142,7 +142,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml
index 81dfc70..acf3e4c 100644
--- a/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.2.1/services/HDFS/configuration/core-site.xml
@@ -142,7 +142,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml
index 94ffbbb..fe0bcba 100644
--- a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.0/services/HDFS/configuration/core-site.xml
@@ -144,7 +144,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/3a97a6e9/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml
index 94ffbbb..fe0bcba 100644
--- a/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDPLocal/1.3.2/services/HDFS/configuration/core-site.xml
@@ -144,7 +144,7 @@
<property>
<name>hadoop.security.authentication</name>
- <value></value>
+ <value>simple</value>
<description>
Set the authentication for the cluster. Valid values are: simple or
kerberos.