You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/01/25 18:57:19 UTC
[30/50] [abbrv] ambari git commit: AMBARI-13324 automate creating
Flume Keytab and principal (Shi Wang via dili)
AMBARI-13324 automate creating Flume Keytab and principal (Shi Wang via dili)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d77f3a54
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d77f3a54
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d77f3a54
Branch: refs/heads/branch-dev-patch-upgrade
Commit: d77f3a54fcbb79e9a2518a56bb78b0468a8a8b4f
Parents: ad0f4ec
Author: Di Li <di...@apache.org>
Authored: Tue Jan 24 15:19:41 2017 -0500
Committer: Di Li <di...@apache.org>
Committed: Tue Jan 24 15:19:41 2017 -0500
----------------------------------------------------------------------
.../FLUME/1.4.0.2.0/kerberos.json | 44 ++++++++++++++++++++
.../1.4.0.2.0/package/scripts/flume_check.py | 6 +--
.../FLUME/1.4.0.2.0/package/scripts/params.py | 12 +++++-
.../stacks/2.0.6/FLUME/test_service_check.py | 1 +
4 files changed, 59 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json
new file mode 100644
index 0000000..ab46912
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json
@@ -0,0 +1,44 @@
+{
+ "services": [
+ {
+ "name": "FLUME",
+ "components": [
+ {
+ "name": "FLUME_HANDLER",
+ "identities": [
+ {
+ "name": "flume_principal",
+ "principal": {
+ "value": "${flume-env/flume_user}/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "flume-env/flume_principal_name",
+ "local_username": "${flume-env/flume_user}"
+
+ },
+ "keytab": {
+ "file": "${keytab_dir}/flume.service.keytab",
+ "owner": {
+ "name": "${flume-env/flume_user}",
+ "access": "r"
+ },
+ "group": {
+ "name": "${cluster-env/user_group}",
+ "access": ""
+ },
+ "configuration": "flume-env/flume_keytab_path"
+ }
+ }
+ ],
+ "configurations": [
+ {
+ "core-site": {
+ "hadoop.proxyuser.flume.groups": "${hadoop-env/proxyuser_group}",
+ "hadoop.proxyuser.flume.hosts": "*"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
index c5450bb..80f4de2 100644
--- a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
+++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
@@ -38,11 +38,11 @@ class FlumeServiceCheck(Script):
import params
env.set_params(params)
if params.security_enabled:
- principal_replaced = params.http_principal.replace("_HOST", params.hostname)
- Execute(format("{kinit_path_local} -kt {http_keytab} {principal_replaced}"),
- user=params.smoke_user)
+ Execute(format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal}"),
+ user=params.smokeuser)
Execute(format('env JAVA_HOME={java_home} {flume_bin} version'),
+ user=params.smokeuser,
logoutput=True,
tries = 3,
try_sleep = 20)
http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
index a44b461..b143941 100644
--- a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
@@ -22,6 +22,7 @@ from resource_management.libraries.functions import format
from resource_management.libraries.functions.version import format_stack_version
from resource_management.libraries.functions.default import default
from resource_management.libraries.script.script import Script
+from resource_management.libraries.functions import get_kinit_path
from ambari_commons.ambari_metrics_helper import select_metric_collector_hosts_from_hostnames
if OSCheck.is_windows_family():
@@ -40,7 +41,11 @@ version = default("/commandParams/version", None)
user_group = config['configurations']['cluster-env']['user_group']
proxyuser_group = config['configurations']['hadoop-env']['proxyuser_group']
-security_enabled = False
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+if security_enabled :
+ _hostname_lowercase = config['hostname'].lower()
+ flume_jaas_princ = config['configurations']['flume-env']['flume_principal_name']
+ flume_keytab_path = config['configurations']['flume-env']['flume_keytab_path']
stack_version_unformatted = config['hostLevelParams']['stack_version']
stack_version_formatted = format_stack_version(stack_version_unformatted)
@@ -125,3 +130,8 @@ if not len(default("/clusterHostInfo/zookeeper_hosts", [])) == 0:
# last port config
zookeeper_quorum += ':' + zookeeper_clientPort
+# smokeuser
+kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None))
+smokeuser = config['configurations']['cluster-env']['smokeuser']
+smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name']
+smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py b/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
index 152d00c..8f59174 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
@@ -35,6 +35,7 @@ class TestFlumeCheck(RMFTestCase):
)
self.assertResourceCalled('Execute', 'env JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /usr/bin/flume-ng version',
+ user = 'ambari-qa',
logoutput = True,
tries = 3,
try_sleep = 20)