You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2013/06/20 03:02:32 UTC
svn commit: r1494828 - in /incubator/ambari/trunk/ambari-server/src:
main/python/ambari-server.py test/python/TestAmbaryServer.py
Author: swagle
Date: Thu Jun 20 01:02:32 2013
New Revision: 1494828
URL: http://svn.apache.org/r1494828
Log:
AMBARI-2441. Ambari server start fails with reconfigured user. (swagle)
Modified:
incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
Modified: incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py?rev=1494828&r1=1494827&r2=1494828&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py (original)
+++ incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py Thu Jun 20 01:02:32 2013
@@ -86,8 +86,10 @@ NR_USERADD_CMD = 'useradd -M -g {0} --co
NR_SET_USER_COMMENT_CMD = 'usermod -c "{0}" {1}'
NR_GROUPADD_CMD = 'groupadd {0}'
NR_ADD_USER_TO_GROUP = 'usermod -G {0} {0}'
-NR_CHMOD_CMD = 'chmod {0} {1}'
-NR_CHOWN_CMD = 'chown {0}:{1} {2}'
+NR_CHMOD_CMD = 'chmod {0} {1} {2}'
+NR_CHOWN_CMD = 'chown {0} {1}:{2} {3}'
+
+RECURSIVE_RM_CMD = 'rm -rf {0}'
# openssl command
EXPRT_KSTR_CMD = "openssl pkcs12 -export -in {0} -inkey {1} -certfile {0} -out {3} -password pass:{2} -passin pass:{2}"
@@ -170,6 +172,7 @@ AMBARI_CONF_VAR="AMBARI_CONF_DIR"
AMBARI_SERVER_LIB="AMBARI_SERVER_LIB"
JAVA_HOME="JAVA_HOME"
PID_DIR="/var/run/ambari-server"
+BOOTSTRAP_DIR_PROPERTY="bootstrap.dir"
PID_NAME="ambari-server.pid"
AMBARI_PROPERTIES_FILE="ambari.properties"
AMBARI_PROPERTIES_RPMSAVE_FILE="ambari.properties.rpmsave"
@@ -357,24 +360,28 @@ def update_ambari_properties():
return 0
+NR_CONF_DIR = get_conf_dir()
# ownership/permissions mapping
-# path - permissions - user - group
+# path - permissions - user - group - recursive
+# Rules are executed in the same order as they are listed
# {0} in user/group will be replaced by customized ambari-server username
-NR_CONF_DIR = get_conf_dir()
NR_ADJUST_OWNERSHIP_LIST =[
- ( "/etc/ambari-server/conf", "755", "{0}", "{0}" ),
- ( "/etc/ambari-server/conf/ambari.properties", "644", "{0}", "{0}" ),
- ( "/etc/ambari-server/conf/log4j.properties", "644", "root", "root" ),
- ( "/var/lib/ambari-server/keys", "700", "{0}", "{0}" ),
- ( "/var/lib/ambari-server/keys/db", "700", "{0}", "{0}" ),
- ( "/var/lib/ambari-server/keys/db/index.txt", "700", "{0}", "{0}" ),
- ( "/var/lib/ambari-server/keys/db/serial", "700", "{0}", "{0}" ),
- ( "/var/lib/ambari-server/keys/db/newcerts", "700", "{0}", "{0}" ),
- ( "/var/run/ambari-server", "755", "{0}", "{0}" ),
- ( "/var/run/ambari-server/bootstrap", "755", "{0}", "{0}" ),
- ( "/var/log/ambari-server", "755", "{0}", "{0}" ),
- ( "/var/lib/ambari-server/ambari-env.sh", "770", "{0}", "root" ),
+
+ ( "/var/log/ambari-server", "644", "{0}", "{0}", True ),
+ ( "/var/log/ambari-server", "755", "{0}", "{0}", False ),
+ ( "/var/run/ambari-server", "644", "{0}", "{0}" , True),
+ ( "/var/run/ambari-server", "755", "{0}", "{0}" , False),
+ ( "/var/run/ambari-server/bootstrap", "755", "{0}", "{0}", False ),
+ ( "/var/lib/ambari-server/keys", "600", "{0}", "{0}", True ),
+ ( "/var/lib/ambari-server/keys", "700", "{0}", "{0}", False ),
+ ( "/var/lib/ambari-server/keys/db", "700", "{0}", "{0}", False ),
+ ( "/var/lib/ambari-server/keys/db/newcerts", "700", "{0}", "{0}", False ),
+ ( "/var/lib/ambari-server/keys/.ssh", "700", "{0}", "{0}", False ),
+ ( "/etc/ambari-server/conf", "644", "{0}", "{0}", True ),
+ ( "/etc/ambari-server/conf", "755", "{0}", "{0}", False ),
+ ( "/etc/ambari-server/conf/password.dat", "640", "{0}", "{0}", False ),
+
# Also, /etc/ambari-server/conf/password.dat
# is generated later at store_password_file
]
@@ -547,28 +554,39 @@ def read_ambari_user():
def adjust_directory_permissions(ambari_user):
- print "adjusting directory permissions..."
+ properties = get_ambari_properties()
+ bootstrap_dir = get_value_from_properties(properties, BOOTSTRAP_DIR_PROPERTY)
+ print "Wiping bootstrap dir ({0}) contents...".format(bootstrap_dir)
+ cmd = RECURSIVE_RM_CMD.format(bootstrap_dir)
+ run_os_command(cmd)
+ os.mkdir(bootstrap_dir)
+ print "adjusting permissions and ownership..."
for pack in NR_ADJUST_OWNERSHIP_LIST:
file = pack[0]
mod = pack[1]
user = pack[2].format(ambari_user)
group = pack[3].format(ambari_user)
- set_file_permissions(file, mod, user, group)
+ recursive = pack[4]
+ set_file_permissions(file, mod, user, group, recursive)
-def set_file_permissions(file, mod, user, group):
+def set_file_permissions(file, mod, user, group, recursive):
WARN_MSG = "Command {0} returned exit code {1} with message: {2}"
+ if recursive:
+ params = " -R "
+ else:
+ params = ""
if os.path.exists(file):
- command = NR_CHMOD_CMD.format(mod, file)
+ command = NR_CHMOD_CMD.format(params, mod, file)
retcode, out, err = run_os_command(command)
if retcode != 0 :
print_warning_msg(WARN_MSG.format(command, file, err))
- command = NR_CHOWN_CMD.format(user, group, file)
+ command = NR_CHOWN_CMD.format(params, user, group, file)
retcode, out, err = run_os_command(command)
if retcode != 0 :
print_warning_msg(WARN_MSG.format(command, file, err))
else:
- print_warning_msg("File %s does not exist" % file)
+ print_info_msg("File %s does not exist" % file)
def create_custom_user():
@@ -795,7 +813,7 @@ def store_password_file(password, filena
passFile.write(password)
print_info_msg("Adjusting filesystem permissions")
ambari_user = read_ambari_user()
- set_file_permissions(passFilePath, "660", ambari_user, "root")
+ set_file_permissions(passFilePath, "660", ambari_user, "root", False)
return passFilePath
@@ -2585,11 +2603,11 @@ def import_cert_and_key(security_server_
if retcode == 0:
print 'Successfully imported trusted cerificate and private key'
- set_file_permissions(keystoreFilePath, "660", read_ambari_user(), "root")
+ set_file_permissions(keystoreFilePath, "660", read_ambari_user(), "root", False)
with open(passFilePath, 'w+') as passFile:
passFile.write(pem_password)
pass
- set_file_permissions(passFilePath, "660", read_ambari_user(), "root")
+ set_file_permissions(passFilePath, "660", read_ambari_user(), "root", False)
import_file_to_keystore(import_cert_path, os.path.join(\
security_server_keys_dir, SSL_CERT_FILE_NAME))
import_file_to_keystore(import_key_path, os.path.join(\
@@ -2602,7 +2620,7 @@ def import_cert_and_key(security_server_
def import_file_to_keystore(source, destination):
shutil.copy(source, destination)
- set_file_permissions(destination, "660", read_ambari_user(), "root")
+ set_file_permissions(destination, "660", read_ambari_user(), "root", False)
def get_validated_filepath_input(prompt, description, default=None):
Modified: incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py?rev=1494828&r1=1494827&r2=1494828&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py (original)
+++ incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py Thu Jun 20 01:02:32 2013
@@ -582,25 +582,52 @@ class TestAmbariServer(TestCase):
user = ambari_server.read_ambari_user()
self.assertEquals(user, None)
+
@patch.object(ambari_server, "set_file_permissions")
- def test_adjust_directory_permissions(self, set_file_permissions_mock):
+ @patch.object(ambari_server, "run_os_command")
+ @patch.object(ambari_server, "get_ambari_properties")
+ @patch.object(ambari_server, "get_value_from_properties")
+ @patch.object(ambari_server, "os.mkdir")
+ def test_adjust_directory_permissions(self, mkdir_mock, get_value_from_properties_mock, get_ambari_properties_mock,
+ run_os_command_mock, set_file_permissions_mock):
+ # Testing boostrap dir wipe
+ properties_mock = MagicMock()
+ get_value_from_properties_mock.return_value = "dummy_bootstrap_dir"
+ ambari_server.adjust_directory_permissions("user")
+ self.assertEquals(run_os_command_mock.call_args_list[0][0][0], "rm -rf dummy_bootstrap_dir/*")
+ self.assertTrue(mkdir_mock.called)
+
+ set_file_permissions_mock.reset_mock()
+ # Test recursive calls
+ old_list = ambari_server.NR_ADJUST_OWNERSHIP_LIST
+
+ ambari_server.NR_ADJUST_OWNERSHIP_LIST = [
+ ( "/etc/ambari-server/conf", "755", "{0}", "{0}", True ),
+ ( "/etc/ambari-server/conf/ambari.properties", "644", "{0}", "{0}", False )
+ ]
+
ambari_server.adjust_directory_permissions("user")
self.assertTrue(len(set_file_permissions_mock.call_args_list) ==
len(ambari_server.NR_ADJUST_OWNERSHIP_LIST))
+ self.assertEquals(set_file_permissions_mock.call_args_list[0][0][4], True)
+ self.assertEquals(set_file_permissions_mock.call_args_list[1][0][4], False)
+
+ ambari_server.NR_ADJUST_OWNERSHIP_LIST = old_list
@patch("os.path.exists")
@patch.object(ambari_server, "run_os_command")
@patch.object(ambari_server, "print_warning_msg")
- def test_set_file_permissions(self, print_warning_msg_mock,
+ @patch.object(ambari_server, "print_info_msg")
+ def test_set_file_permissions(self, print_info_msg_mock, print_warning_msg_mock,
run_os_command_mock, exists_mock):
# Testing not existent file scenario
exists_mock.return_value = False
ambari_server.set_file_permissions("dummy-file", "dummy-mod",
- "dummy-user", "dummy-group")
+ "dummy-user", "dummy-group", False)
self.assertFalse(run_os_command_mock.called)
- self.assertTrue(print_warning_msg_mock.called)
+ self.assertTrue(print_info_msg_mock.called)
run_os_command_mock.reset_mock()
print_warning_msg_mock.reset_mock()
@@ -609,7 +636,7 @@ class TestAmbariServer(TestCase):
exists_mock.return_value = True
run_os_command_mock.side_effect = [(0, "", ""), (0, "", "")]
ambari_server.set_file_permissions("dummy-file", "dummy-mod",
- "dummy-user", "dummy-group")
+ "dummy-user", "dummy-group", False)
self.assertTrue(len(run_os_command_mock.call_args_list) == 2)
self.assertFalse(print_warning_msg_mock.called)
@@ -619,7 +646,7 @@ class TestAmbariServer(TestCase):
# Testing first command fail
run_os_command_mock.side_effect = [(1, "", ""), (0, "", "")]
ambari_server.set_file_permissions("dummy-file", "dummy-mod",
- "dummy-user", "dummy-group")
+ "dummy-user", "dummy-group", False)
self.assertTrue(len(run_os_command_mock.call_args_list) == 2)
self.assertTrue(print_warning_msg_mock.called)
@@ -629,13 +656,42 @@ class TestAmbariServer(TestCase):
# Testing second command fail
run_os_command_mock.side_effect = [(0, "", ""), (1, "", "")]
ambari_server.set_file_permissions("dummy-file", "dummy-mod",
- "dummy-user", "dummy-group")
+ "dummy-user", "dummy-group", False)
self.assertTrue(len(run_os_command_mock.call_args_list) == 2)
self.assertTrue(print_warning_msg_mock.called)
run_os_command_mock.reset_mock()
print_warning_msg_mock.reset_mock()
+ # Testing recursive operation
+
+ exists_mock.return_value = True
+ run_os_command_mock.side_effect = [(0, "", ""), (0, "", "")]
+ ambari_server.set_file_permissions("dummy-file", "dummy-mod",
+ "dummy-user", "dummy-group", True)
+ self.assertTrue(len(run_os_command_mock.call_args_list) == 2)
+ self.assertTrue("-R" in run_os_command_mock.call_args_list[0][0][0])
+ self.assertTrue("-R" in run_os_command_mock.call_args_list[1][0][0])
+ self.assertFalse(print_warning_msg_mock.called)
+
+ run_os_command_mock.reset_mock()
+ print_warning_msg_mock.reset_mock()
+
+ # Testing non-recursive operation
+
+ exists_mock.return_value = True
+ run_os_command_mock.side_effect = [(0, "", ""), (0, "", "")]
+ ambari_server.set_file_permissions("dummy-file", "dummy-mod",
+ "dummy-user", "dummy-group", False)
+ self.assertTrue(len(run_os_command_mock.call_args_list) == 2)
+ self.assertFalse("-R" in run_os_command_mock.call_args_list[0][0][0])
+ self.assertFalse("-R" in run_os_command_mock.call_args_list[1][0][0])
+ self.assertFalse(print_warning_msg_mock.called)
+
+ run_os_command_mock.reset_mock()
+ print_warning_msg_mock.reset_mock()
+
+
@patch.object(ambari_server, "get_validated_string_input")
@patch.object(ambari_server, "print_info_msg")