You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jl...@apache.org on 2017/07/23 23:33:58 UTC
[25/50] [abbrv] ambari git commit: AMBARI-21501. Make HSI's
'hive.llap.zk.sm.keytab' and 'hive.service.keytab' group readable.
AMBARI-21501. Make HSI's 'hive.llap.zk.sm.keytab' and 'hive.service.keytab' group readable.
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f450eba5
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f450eba5
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f450eba5
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: f450eba5c23c0d35ab9181d531d9e1ef84cbf3e8
Parents: 01d60f4
Author: Swapan Shridhar <ss...@hortonworks.com>
Authored: Mon Jul 17 15:04:37 2017 -0700
Committer: Swapan Shridhar <ss...@hortonworks.com>
Committed: Mon Jul 17 15:04:37 2017 -0700
----------------------------------------------------------------------
.../stacks/HDP/2.6/services/HIVE/kerberos.json | 151 -------------------
.../stacks/HDP/2.6/services/YARN/kerberos.json | 2 +-
2 files changed, 1 insertion(+), 152 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/f450eba5/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json
deleted file mode 100644
index b6e57e1..0000000
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json
+++ /dev/null
@@ -1,151 +0,0 @@
-{
- "services": [
- {
- "name": "HIVE",
- "identities": [
- {
- "name": "/spnego"
- },
- {
- "name": "/smokeuser"
- }
- ],
- "configurations": [
- {
- "hive-site": {
- "hive.metastore.sasl.enabled": "true",
- "hive.server2.authentication": "KERBEROS"
- }
- },
- {
- "ranger-hive-audit": {
- "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
- "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
- "xasecure.audit.jaas.Client.option.useKeyTab": "true",
- "xasecure.audit.jaas.Client.option.storeKey": "false",
- "xasecure.audit.jaas.Client.option.serviceName": "solr",
- "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
- }
- }
- ],
- "components": [
- {
- "name": "HIVE_METASTORE",
- "identities": [
- {
- "name": "/HIVE/HIVE_SERVER/hive_server_hive",
- "principal": {
- "configuration": "hive-site/hive.metastore.kerberos.principal"
- },
- "keytab": {
- "configuration": "hive-site/hive.metastore.kerberos.keytab.file"
- }
- }
- ]
- },
- {
- "name": "HIVE_SERVER",
- "identities": [
- {
- "name": "/HDFS/NAMENODE/hdfs"
- },
- {
- "name": "hive_server_hive",
- "principal": {
- "value": "hive/_HOST@${realm}",
- "type": "service",
- "configuration": "hive-site/hive.server2.authentication.kerberos.principal",
- "local_username": "${hive-env/hive_user}"
- },
- "keytab": {
- "file": "${keytab_dir}/hive.service.keytab",
- "owner": {
- "name": "${hive-env/hive_user}",
- "access": "r"
- },
- "group": {
- "name": "${cluster-env/user_group}",
- "access": ""
- },
- "configuration": "hive-site/hive.server2.authentication.kerberos.keytab"
- }
- },
- {
- "name": "atlas_kafka",
- "reference": "/HIVE/HIVE_SERVER/hive_server_hive",
- "principal": {
- "configuration": "hive-atlas-application.properties/atlas.jaas.KafkaClient.option.principal"
- },
- "keytab": {
- "configuration": "hive-atlas-application.properties/atlas.jaas.KafkaClient.option.keyTab"
- }
- },
- {
- "name": "/spnego",
- "principal": {
- "configuration": "hive-site/hive.server2.authentication.spnego.principal"
- },
- "keytab": {
- "configuration": "hive-site/hive.server2.authentication.spnego.keytab"
- }
- },
- {
- "name": "ranger_audit",
- "reference": "/HIVE/HIVE_SERVER/hive_server_hive",
- "principal": {
- "configuration": "ranger-hive-audit/xasecure.audit.jaas.Client.option.principal"
- },
- "keytab": {
- "configuration": "ranger-hive-audit/xasecure.audit.jaas.Client.option.keyTab"
- }
- }
- ]
- },
- {
- "name": "HIVE_SERVER_INTERACTIVE",
- "identities": [
- {
- "name": "/HDFS/NAMENODE/hdfs"
- },
- {
- "name": "/HIVE/HIVE_SERVER/hive_server_hive"
- },
- {
- "name": "/HIVE/HIVE_SERVER/spnego"
- },
- {
- "name": "/YARN/NODEMANAGER/llap_zk_hive"
- }
- ]
- },
- {
- "name": "WEBHCAT_SERVER",
- "identities": [
- {
- "name": "/spnego",
- "principal": {
- "configuration": "webhcat-site/templeton.kerberos.principal"
- },
- "keytab": {
- "configuration": "webhcat-site/templeton.kerberos.keytab"
- }
- }
- ],
- "configurations": [
- {
- "core-site": {
- "hadoop.proxyuser.HTTP.hosts": "${clusterHostInfo/webhcat_server_host|append(core-site/hadoop.proxyuser.HTTP.hosts, \\\\,, true)}"
- }
- },
- {
- "webhcat-site": {
- "templeton.kerberos.secret": "secret",
- "templeton.hive.properties": "hive.metastore.local=false,hive.metastore.uris=${clusterHostInfo/hive_metastore_host|each(thrift://%s:9083, \\\\,, \\s*\\,\\s*)},hive.metastore.sasl.enabled=true,hive.metastore.execute.setugi=true,hive.metastore.warehouse.dir=/apps/hive/warehouse,hive.exec.mode.local.auto=false,hive.metastore.kerberos.principal=hive/_HOST@${realm}"
- }
- }
- ]
- }
- ]
- }
- ]
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/f450eba5/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
index 60d50eb..b1501b8 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
@@ -117,7 +117,7 @@
},
"group": {
"name": "${cluster-env/user_group}",
- "access": ""
+ "access": "r"
},
"configuration": "hive-interactive-site/hive.llap.zk.sm.keytab.file"
},