You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2013/05/30 23:01:15 UTC
svn commit: r1488012 - in /incubator/ambari/trunk: ./
ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/
ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/
ambari-agent/src/main/puppet/modules/hdp-hbase/templates/
Author: jaimin
Date: Thu May 30 21:01:14 2013
New Revision: 1488012
URL: http://svn.apache.org/r1488012
Log:
AMBARI-2225. Security fixes with HBase service check. (jaimin)
Modified:
incubator/ambari/trunk/CHANGES.txt
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_grant_permissions.erb
Modified: incubator/ambari/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/CHANGES.txt?rev=1488012&r1=1488011&r2=1488012&view=diff
==============================================================================
--- incubator/ambari/trunk/CHANGES.txt (original)
+++ incubator/ambari/trunk/CHANGES.txt Thu May 30 21:01:14 2013
@@ -907,6 +907,8 @@ Trunk (unreleased changes):
BUG FIXES
+ AMBARI-2225. Security fixes with HBase service check. (jaimin)
+
AMBARI-2233. Ensure version values are used appropriately throughout
Ambari. (smohanty)
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp?rev=1488012&r1=1488011&r2=1488012&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp Thu May 30 21:01:14 2013
@@ -18,15 +18,18 @@
# under the License.
#
#
-class hdp-hbase::hbase::service_check()
+class hdp-hbase::hbase::service_check() inherits hdp-hbase::params
{
$smoke_test_user = $hdp::params::smokeuser
-
+ $security_enabled = $hdp::params::security_enabled
$output_file = "/apps/hbase/data/ambarismoketest"
$conf_dir = $hdp::params::hbase_conf_dir
-
+ $smoke_user_keytab = "${hdp-hbase::params::keytab_path}/${smoke_test_user}.headless.keytab"
+ $hbase_user = $hdp-hbase::params::hbase_user
+ $hbase_keytab = "${hdp-hbase::params::keytab_path}/${hbase_user}.headless.keytab"
$test_cmd = "fs -test -e ${output_file}"
$serviceCheckData = hdp_unique_id_and_date()
+ $kinit_cmd = "${hdp::params::kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user};"
anchor { 'hdp-hbase::hbase::service_check::begin':}
@@ -42,9 +45,16 @@ class hdp-hbase::hbase::service_check()
mode => '0755',
content => template('hdp-hbase/hbase-smoke.sh.erb'),
}
+ if ($security_enabled == true) {
+ $servicecheckcmd = "su - ${smoke_test_user} -c '$kinit_cmd hbase --config $conf_dir shell $hbase_servicecheck_file'"
+ $smokeverifycmd = "su - ${smoke_test_user} -c '$kinit_cmd /tmp/hbaseSmokeVerify.sh $conf_dir ${serviceCheckData}'"
+ } else {
+ $servicecheckcmd = "su - ${smoke_test_user} -c 'hbase --config $conf_dir shell $hbase_servicecheck_file'"
+ $smokeverifycmd = "su - ${smoke_test_user} -c '/tmp/hbaseSmokeVerify.sh $conf_dir ${serviceCheckData}'"
+ }
exec { $hbase_servicecheck_file:
- command => "su - ${smoke_test_user} -c 'hbase --config $conf_dir shell $hbase_servicecheck_file'",
+ command => $servicecheckcmd,
tries => 3,
try_sleep => 5,
path => '/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin',
@@ -52,7 +62,7 @@ class hdp-hbase::hbase::service_check()
}
exec { '/tmp/hbaseSmokeVerify.sh':
- command => "su - ${smoke_test_user} -c '/tmp/hbaseSmokeVerify.sh $conf_dir ${serviceCheckData}'",
+ command => $smokeverifycmd,
tries => 3,
try_sleep => 5,
path => '/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin',
@@ -67,9 +77,30 @@ class hdp-hbase::hbase::service_check()
before => Anchor['hdp-hbase::hbase::service_check::end'] #TODO: remove after testing
}
- Anchor['hdp-hbase::hbase::service_check::begin'] -> File['/tmp/hbaseSmokeVerify.sh']
- File[$hbase_servicecheck_file] -> Exec[$hbase_servicecheck_file] -> Exec['/tmp/hbaseSmokeVerify.sh']
- -> Anchor['hdp-hbase::hbase::service_check::end']
-
+ if ($security_enabled == true) {
+ $hbase_grant_premissions_file = '/tmp/hbase_grant_permissions.sh'
+ $hbase_kinit_cmd = "${hdp::params::kinit_path_local} -kt ${hbase_keytab} ${hbase_user};"
+ $grantprivelegecmd = "$hbase_kinit_cmd hbase shell ${hbase_grant_premissions_file}"
+
+ file { $hbase_grant_premissions_file:
+ owner => $hbase_user,
+ group => $hdp::params::user_group,
+ mode => '0644',
+ content => template('hdp-hbase/hbase_grant_permissions.erb')
+ }
+ hdp::exec { '${smokeuser}_grant_privileges' :
+ command => $grantprivelegecmd,
+ require => File[$hbase_grant_premissions_file],
+ user => $hbase_user
+ }
+ Anchor['hdp-hbase::hbase::service_check::begin'] -> File['/tmp/hbaseSmokeVerify.sh']
+ File[$hbase_servicecheck_file] -> File[$hbase_grant_premissions_file] ->
+ Hdp::Exec['${smokeuser}_grant_privileges'] -> Exec[$hbase_servicecheck_file] ->
+ Exec['/tmp/hbaseSmokeVerify.sh'] -> Anchor['hdp-hbase::hbase::service_check::end']
+ } else {
+ Anchor['hdp-hbase::hbase::service_check::begin'] -> File['/tmp/hbaseSmokeVerify.sh']
+ File[$hbase_servicecheck_file] -> Exec[$hbase_servicecheck_file] -> Exec['/tmp/hbaseSmokeVerify.sh']
+ -> Anchor['hdp-hbase::hbase::service_check::end']
+ }
anchor{ 'hdp-hbase::hbase::service_check::end':}
}
\ No newline at end of file
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp?rev=1488012&r1=1488011&r2=1488012&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp Thu May 30 21:01:14 2013
@@ -29,6 +29,7 @@ class hdp-hbase(
$hdp::params::component_exists['hdp-hbase'] = true
$smokeuser = $hdp::params::smokeuser
+ $security_enabled = $hdp::params::security_enabled
#Configs generation
@@ -102,26 +103,6 @@ class hdp-hbase(
if ($security_enabled == true) {
if ($type == 'master' and $service_state == 'running') {
hdp-hbase::configfile { 'hbase_master_jaas.conf' : }
-
- $hbase_grant_premissions_file = '/tmp/hbase_grant_permissions.sh'
-
- file { $hbase_grant_premissions_file:
- owner => $hbase_user,
- group => $hdp::params::user_group,
- mode => '0644',
- content => template('hdp-hbase/hbase_grant_permissions.erb')
- }
- $hbase_principal = $hdp-hbase::params::hbase_master_principal
- $hbase_user_keytab = $hdp-hbase::params::hbase_keytab_path
- $kinit_cmd = "${hdp::params::kinit_path_local} -kt ${hbase_user_keytab} ${hbase_principal};"
- hdp::exec { '${smokeuser}_grant_privileges' :
- command => "su - ${hbase_user} -c '$kinit_cmd hbase --config $conf_dir shell ${hbase_grant_premissions_file}'",
- require => File[$hbase_grant_premissions_file]
- }
-
- Hdp-hbase::Configfile<||> -> File[$hbase_grant_premissions_file] ->
- Hdp::Exec['${smokeuser}_grant_privileges'] -> Anchor['hdp-hbase::end']
-
} elsif ($type == 'regionserver' and $service_state == 'running') {
hdp-hbase::configfile { 'hbase_regionserver_jaas.conf' : }
} elsif ($type == 'client') {
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp?rev=1488012&r1=1488011&r2=1488012&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp Thu May 30 21:01:14 2013
@@ -83,6 +83,7 @@ class hdp-hbase::params() inherits hdp::
$regionserver_memstore_upperlimit = hdp_default("hbase-site/regionserver.memstore.upperlimit","0.4")
+ $keytab_path = hdp_default("keytab_path","/etc/security/keytabs")
$hbase_client_jaas_config_file = hdp_default("hbase_client_jaas_config_file", "${conf_dir}/hbase_client_jaas.conf")
$hbase_master_jaas_config_file = hdp_default("hbase_master_jaas_config_file", "${conf_dir}/hbase_master_jaas.conf")
$hbase_regionserver_jaas_config_file = hdp_default("hbase_regionserver_jaas_config_file", "${conf_dir}/hbase_regionserver_jaas.conf")
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_grant_permissions.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_grant_permissions.erb?rev=1488012&r1=1488011&r2=1488012&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_grant_permissions.erb (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_grant_permissions.erb Thu May 30 21:01:14 2013
@@ -17,4 +17,5 @@
# under the License.
#
#
-grant '<%=scope.function_hdp_template_var("::hdp::params::smokeuser")%>', '<%=scope.function_hdp_template_var("::hdp-hbase::params::smokeuser_permissions")%>'
\ No newline at end of file
+grant '<%=scope.function_hdp_template_var("::hdp::params::smokeuser")%>', '<%=scope.function_hdp_template_var("::hdp-hbase::params::smokeuser_permissions")%>'
+exit
\ No newline at end of file