You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/05/20 16:46:51 UTC
[1/2] ambari git commit: Revert "AMBARI-11238. When Kerberizing a
cluster with Ranger HBase plugin enabled,
HBase coprocessor properties in hbase-site are overwritten (and breaks Ranger
HBase plugin) (Emil Anca via rlevas)"
Repository: ambari
Updated Branches:
refs/heads/trunk ce8f5aaa0 -> 91c628dad
Revert "AMBARI-11238. When Kerberizing a cluster with Ranger HBase plugin enabled, HBase coprocessor properties in hbase-site are overwritten (and breaks Ranger HBase plugin) (Emil Anca via rlevas)"
This reverts commit ce8f5aaa0bfbdc48f71140cd89c47d3aa7869dcf.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/990193e9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/990193e9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/990193e9
Branch: refs/heads/trunk
Commit: 990193e97c99917b2c072d0691f634b155306c8e
Parents: ce8f5aa
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed May 20 10:15:52 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed May 20 10:15:52 2015 -0400
----------------------------------------------------------------------
.../common-services/HBASE/0.96.0.2.0/kerberos.json | 4 ++--
.../HBASE/0.96.0.2.0/package/scripts/params_linux.py | 15 ++-------------
2 files changed, 4 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/990193e9/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 5da0846..125a9c9 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -40,8 +40,8 @@
"hbase.security.authentication": "kerberos",
"hbase.security.authorization": "true",
"zookeeper.znode.parent": "/hbase-secure",
- "hbase.coprocessor.master.classes": "{{hbase_coprocessor_master_classes}}",
- "hbase.coprocessor.region.classes": "{{hbase_coprocessor_region_classes}}",
+ "hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController",
+ "hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController",
"hbase.bulkload.staging.dir": "/apps/hbase/staging"
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/990193e9/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index 7d83550..410a690 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -215,8 +215,9 @@ policy_user = config['configurations']['ranger-hbase-plugin-properties']['policy
#For curl command in ranger plugin to get db connector
jdk_location = config['hostLevelParams']['jdk_location']
java_share_dir = '/usr/share/java'
-enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes')
+
if has_ranger_admin:
+ enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes')
xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
repo_config_password = unicode(config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
@@ -274,15 +275,3 @@ if has_ranger_admin:
ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
-
-# Used to dynamically set the hbase-site props that are referenced during Kerbenization
-if security_enabled:
- if not enable_ranger_hbase: # Default props, no ranger plugin
- hbase_coprocessor_master_classes = "org.apache.hadoop.hbase.security.access.AccessController"
- hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController"
- elif xml_configurations_supported: # HDP stack 2.3+ ranger plugin enabled
- hbase_coprocessor_master_classes = "org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor "
- hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor"
- else: # HDP Stack 2.2 and less / ranger plugin enabled
- hbase_coprocessor_master_classes = "com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
- hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
[2/2] ambari git commit: AMBARI-11238. When Kerberizing a cluster
with Ranger HBase plugin enabled,
HBase coprocessor properties in hbase-site are overwritten (and breaks Ranger
HBase plugin) (Emil Anca via rlevas)
Posted by rl...@apache.org.
AMBARI-11238. When Kerberizing a cluster with Ranger HBase plugin enabled, HBase coprocessor properties in hbase-site are overwritten (and breaks Ranger HBase plugin) (Emil Anca via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/91c628da
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/91c628da
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/91c628da
Branch: refs/heads/trunk
Commit: 91c628dade3f96d5a45567def9df6b6acb07d8a5
Parents: 990193e
Author: Emil Anca <ea...@hortonworks.com>
Authored: Wed May 20 10:45:18 2015 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed May 20 10:45:18 2015 -0400
----------------------------------------------------------------------
.../common-services/HBASE/0.96.0.2.0/kerberos.json | 4 ++--
.../HBASE/0.96.0.2.0/package/scripts/params_linux.py | 15 +++++++++++++--
.../test/python/stacks/2.0.6/configs/default.json | 3 +++
.../test/python/stacks/2.0.6/configs/secured.json | 6 +++++-
4 files changed, 23 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/91c628da/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 125a9c9..5da0846 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -40,8 +40,8 @@
"hbase.security.authentication": "kerberos",
"hbase.security.authorization": "true",
"zookeeper.znode.parent": "/hbase-secure",
- "hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController",
- "hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController",
+ "hbase.coprocessor.master.classes": "{{hbase_coprocessor_master_classes}}",
+ "hbase.coprocessor.region.classes": "{{hbase_coprocessor_region_classes}}",
"hbase.bulkload.staging.dir": "/apps/hbase/staging"
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/91c628da/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index 410a690..7d83550 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -215,9 +215,8 @@ policy_user = config['configurations']['ranger-hbase-plugin-properties']['policy
#For curl command in ranger plugin to get db connector
jdk_location = config['hostLevelParams']['jdk_location']
java_share_dir = '/usr/share/java'
-
+enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes')
if has_ranger_admin:
- enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes')
xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
repo_config_password = unicode(config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
@@ -275,3 +274,15 @@ if has_ranger_admin:
ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+# Used to dynamically set the hbase-site props that are referenced during Kerbenization
+if security_enabled:
+ if not enable_ranger_hbase: # Default props, no ranger plugin
+ hbase_coprocessor_master_classes = "org.apache.hadoop.hbase.security.access.AccessController"
+ hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController"
+ elif xml_configurations_supported: # HDP stack 2.3+ ranger plugin enabled
+ hbase_coprocessor_master_classes = "org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor "
+ hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor"
+ else: # HDP Stack 2.2 and less / ranger plugin enabled
+ hbase_coprocessor_master_classes = "com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
+ hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
http://git-wip-us.apache.org/repos/asf/ambari/blob/91c628da/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/default.json b/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
index 485e882..d0c164e 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/default.json
@@ -524,6 +524,9 @@
"hcat_log_dir": "/var/log/webhcat",
"hive_database": "New MySQL Database"
},
+ "ranger-env": {
+ "xml_configurations_supported" : "false"
+ },
"cluster-env": {
"security_enabled": "false",
"hdfs_user_principal" : "",
http://git-wip-us.apache.org/repos/asf/ambari/blob/91c628da/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
index 8616f3d..097097d 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
+++ b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json
@@ -655,7 +655,11 @@
"oozie_data_dir": "/hadoop/oozie/data",
"oozie_log_dir": "/var/log/oozie",
"oozie_keytab": "/etc/security/keytabs/oozie.service.keytab"
- },
+ },
+ "ranger-env": {
+ "xml_configurations_supported" : "false"
+ },
+
"webhcat-env": {
"content": "\n# The file containing the running pid\nPID_FILE={{pid_file}}\n\nTEMPLETON_LOG_DIR={{templeton_log_dir}}/\n\n\nWEBHCAT_LOG_DIR={{templeton_log_dir}}/\n\n# The console error log\nERROR_LOG={{templeton_log_dir}}/webhcat-console-error.log\n\n# The console log\nCONSOLE_LOG={{templeton_log_dir}}/webhcat-console.log\n\n#TEMPLETON_JAR=templeton_jar_name\n\n#HADOOP_PREFIX=hadoop_prefix\n\n#HCAT_PREFIX=hive_prefix\n\n# Set HADOOP_HOME to point to a specific hadoop install directory\nexport HADOOP_HOME=/usr/lib/hadoop"
},