You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/01/25 18:57:19 UTC

[30/50] [abbrv] ambari git commit: AMBARI-13324 automate creating Flume Keytab and principal (Shi Wang via dili)

AMBARI-13324 automate creating Flume Keytab and principal (Shi Wang via dili)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d77f3a54
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d77f3a54
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d77f3a54

Branch: refs/heads/branch-dev-patch-upgrade
Commit: d77f3a54fcbb79e9a2518a56bb78b0468a8a8b4f
Parents: ad0f4ec
Author: Di Li <di...@apache.org>
Authored: Tue Jan 24 15:19:41 2017 -0500
Committer: Di Li <di...@apache.org>
Committed: Tue Jan 24 15:19:41 2017 -0500

----------------------------------------------------------------------
 .../FLUME/1.4.0.2.0/kerberos.json               | 44 ++++++++++++++++++++
 .../1.4.0.2.0/package/scripts/flume_check.py    |  6 +--
 .../FLUME/1.4.0.2.0/package/scripts/params.py   | 12 +++++-
 .../stacks/2.0.6/FLUME/test_service_check.py    |  1 +
 4 files changed, 59 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json
new file mode 100644
index 0000000..ab46912
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/kerberos.json
@@ -0,0 +1,44 @@
+{
+  "services": [
+    {
+      "name": "FLUME",
+      "components": [
+        {
+          "name": "FLUME_HANDLER",
+          "identities": [
+            {
+              "name": "flume_principal",
+              "principal": {
+                "value": "${flume-env/flume_user}/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "flume-env/flume_principal_name",
+                "local_username": "${flume-env/flume_user}"
+
+              },
+              "keytab": {
+                "file": "${keytab_dir}/flume.service.keytab",
+                "owner": {
+                  "name": "${flume-env/flume_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "flume-env/flume_keytab_path"
+              }
+            }
+          ],
+          "configurations": [
+            {
+              "core-site": {
+                "hadoop.proxyuser.flume.groups": "${hadoop-env/proxyuser_group}",
+                "hadoop.proxyuser.flume.hosts": "*"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
index c5450bb..80f4de2 100644
--- a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
+++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/flume_check.py
@@ -38,11 +38,11 @@ class FlumeServiceCheck(Script):
     import params
     env.set_params(params)
     if params.security_enabled:
-      principal_replaced = params.http_principal.replace("_HOST", params.hostname)
-      Execute(format("{kinit_path_local} -kt {http_keytab} {principal_replaced}"),
-              user=params.smoke_user)
+      Execute(format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal}"),
+              user=params.smokeuser)
 
     Execute(format('env JAVA_HOME={java_home} {flume_bin} version'),
+            user=params.smokeuser,
             logoutput=True,
             tries = 3,
             try_sleep = 20)

http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
index a44b461..b143941 100644
--- a/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/FLUME/1.4.0.2.0/package/scripts/params.py
@@ -22,6 +22,7 @@ from resource_management.libraries.functions import format
 from resource_management.libraries.functions.version import format_stack_version
 from resource_management.libraries.functions.default import default
 from resource_management.libraries.script.script import Script
+from resource_management.libraries.functions import get_kinit_path
 from ambari_commons.ambari_metrics_helper import select_metric_collector_hosts_from_hostnames
 
 if OSCheck.is_windows_family():
@@ -40,7 +41,11 @@ version = default("/commandParams/version", None)
 user_group = config['configurations']['cluster-env']['user_group']
 proxyuser_group =  config['configurations']['hadoop-env']['proxyuser_group']
 
-security_enabled = False
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+if security_enabled :
+    _hostname_lowercase = config['hostname'].lower()
+    flume_jaas_princ = config['configurations']['flume-env']['flume_principal_name']
+    flume_keytab_path = config['configurations']['flume-env']['flume_keytab_path']
 
 stack_version_unformatted = config['hostLevelParams']['stack_version']
 stack_version_formatted = format_stack_version(stack_version_unformatted)
@@ -125,3 +130,8 @@ if not len(default("/clusterHostInfo/zookeeper_hosts", [])) == 0:
   # last port config
   zookeeper_quorum += ':' + zookeeper_clientPort
 
+# smokeuser
+kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None))
+smokeuser = config['configurations']['cluster-env']['smokeuser']
+smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name']
+smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']

http://git-wip-us.apache.org/repos/asf/ambari/blob/d77f3a54/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py b/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
index 152d00c..8f59174 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/FLUME/test_service_check.py
@@ -35,6 +35,7 @@ class TestFlumeCheck(RMFTestCase):
     )
 
     self.assertResourceCalled('Execute', 'env JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /usr/bin/flume-ng version',
+                              user = 'ambari-qa',
                               logoutput = True,
                               tries = 3,
                               try_sleep = 20)