You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ec...@apache.org on 2018/01/29 11:46:08 UTC
[ambari] branch trunk updated: AMBARI-22824. Let YARN/MR2 use ZK
principal name set by users when enabling Kerberos (until now it's been
hardcoded to 'zookeeper')
This is an automated email from the ASF dual-hosted git repository.
echekanskiy pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 4a9e13c AMBARI-22824. Let YARN/MR2 use ZK principal name set by users when enabling Kerberos (until now it's been hardcoded to 'zookeeper')
4a9e13c is described below
commit 4a9e13c7040761785c7d09e312f37cae590f2221
Author: smolnar82 <34...@users.noreply.github.com>
AuthorDate: Mon Jan 29 12:46:05 2018 +0100
AMBARI-22824. Let YARN/MR2 use ZK principal name set by users when enabling Kerberos (until now it's been hardcoded to 'zookeeper')
---
.../common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml | 4 ++++
.../common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py | 4 +++-
.../common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py | 4 +++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
index d663c49..52560ac 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/configuration/yarn-env.xml
@@ -244,6 +244,10 @@ if [ "x$JAVA_LIBRARY_PATH" != "x" ]; then
fi
YARN_OPTS="$YARN_OPTS -Dyarn.policy.file=$YARN_POLICYFILE"
YARN_OPTS="$YARN_OPTS -Djava.io.tmpdir={{hadoop_java_io_tmpdir}}"
+
+{% if rm_security_opts is defined %}
+YARN_OPTS="{{rm_security_opts}} $YARN_OPTS"
+{% endif %}
</value>
<value-attributes>
<type>content</type>
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index 4a49822..eab6870 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -347,7 +347,9 @@ if security_enabled:
rm_kinit_cmd = format("{kinit_path_local} -kt {rm_keytab} {rm_principal_name};")
yarn_jaas_file = os.path.join(config_dir, 'yarn_jaas.conf')
if stack_supports_zk_security:
- rm_security_opts = format('-Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Djava.security.auth.login.config={yarn_jaas_file} -Dzookeeper.sasl.clientconfig=Client')
+ zk_principal_name = default("/configurations/zookeeper-env/zookeeper_principal_name", "zookeeper/_HOST@EXAMPLE.COM")
+ zk_principal_user = zk_principal_name.split('/')[0]
+ rm_security_opts = format('-Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username={zk_principal_user} -Djava.security.auth.login.config={yarn_jaas_file} -Dzookeeper.sasl.clientconfig=Client')
# YARN timeline security options
if has_ats:
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
index 9afd112..7593708 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
@@ -345,7 +345,9 @@ if security_enabled:
rm_keytab = config['configurations']['yarn-site']['yarn.resourcemanager.keytab']
rm_kinit_cmd = format("{kinit_path_local} -kt {rm_keytab} {rm_principal_name};")
yarn_jaas_file = os.path.join(config_dir, 'yarn_jaas.conf')
- rm_security_opts = format('-Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username=zookeeper -Djava.security.auth.login.config={yarn_jaas_file} -Dzookeeper.sasl.clientconfig=Client')
+ zk_principal_name = default("/configurations/zookeeper-env/zookeeper_principal_name", "zookeeper/_HOST@EXAMPLE.COM")
+ zk_principal_user = zk_principal_name.split('/')[0]
+ rm_security_opts = format('-Dzookeeper.sasl.client=true -Dzookeeper.sasl.client.username={zk_principal_user} -Djava.security.auth.login.config={yarn_jaas_file} -Dzookeeper.sasl.clientconfig=Client')
# YARN timeline security options
if has_ats:
--
To stop receiving notification emails like this one, please contact
echekanskiy@apache.org.