You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by yu...@apache.org on 2015/01/23 18:33:10 UTC
[3/5] ambari git commit: Revert "AMBARI-9296. Service versions do not
need stack maj.min appended any longer (aonishuk)"
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py
new file mode 100644
index 0000000..28fabe5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py
@@ -0,0 +1,161 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Ambari Agent
+
+"""
+
+from resource_management.libraries.functions.version import format_hdp_stack_version, compare_versions
+from resource_management.libraries.functions.default import default
+from resource_management import *
+import status_params
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+
+version = default("/commandParams/version", None)
+
+stack_version_unformatted = str(config['hostLevelParams']['stack_version'])
+hdp_stack_version = format_hdp_stack_version(stack_version_unformatted)
+
+if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
+ knox_bin = '/usr/hdp/current/knox-server/bin/gateway.sh'
+ ldap_bin = '/usr/hdp/current/knox-server/bin/ldap.sh'
+ knox_client_bin = '/usr/hdp/current/knox-server/bin/knoxcli.sh'
+ knox_data_dir = '/usr/hdp/current/knox-server/data'
+ knox_conf_dir = '/usr/hdp/current/knox-server/conf'
+else:
+ knox_bin = '/usr/bin/gateway'
+ ldap_bin = '/usr/lib/knox/bin/ldap.sh'
+ knox_client_bin = '/usr/lib/knox/bin/knoxcli.sh'
+ knox_data_dir = '/usr/lib/knox/data'
+ knox_conf_dir = '/usr/lib/knox/conf'
+
+namenode_hosts = default("/clusterHostInfo/namenode_host", None)
+if type(namenode_hosts) is list:
+ namenode_host = namenode_hosts[0]
+else:
+ namenode_host = namenode_hosts
+
+has_namenode = not namenode_host == None
+namenode_http_port = "50070"
+namenode_rpc_port = "8020"
+
+if has_namenode:
+ if 'dfs.namenode.http-address' in config['configurations']['hdfs-site']:
+ namenode_http_port = get_port_from_url(config['configurations']['hdfs-site']['dfs.namenode.http-address'])
+ if 'dfs.namenode.rpc-address' in config['configurations']['hdfs-site']:
+ namenode_rpc_port = get_port_from_url(config['configurations']['hdfs-site']['dfs.namenode.rpc-address'])
+
+rm_hosts = default("/clusterHostInfo/rm_host", None)
+if type(rm_hosts) is list:
+ rm_host = rm_hosts[0]
+else:
+ rm_host = rm_hosts
+has_rm = not rm_host == None
+
+jt_rpc_port = "8050"
+rm_port = "8080"
+
+if has_rm:
+ if 'yarn.resourcemanager.address' in config['configurations']['yarn-site']:
+ jt_rpc_port = get_port_from_url(config['configurations']['yarn-site']['yarn.resourcemanager.address'])
+
+ if 'yarn.resourcemanager.webapp.address' in config['configurations']['yarn-site']:
+ rm_port = get_port_from_url(config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'])
+
+hive_http_port = default('/configurations/hive-site/hive.server2.thrift.http.port', "10001")
+hive_http_path = default('/configurations/hive-site/hive.server2.thrift.http.path', "cliservice")
+hive_server_hosts = default("/clusterHostInfo/hive_server_host", None)
+if type(hive_server_hosts) is list:
+ hive_server_host = hive_server_hosts[0]
+else:
+ hive_server_host = hive_server_hosts
+
+templeton_port = default('/configurations/webhcat-site/templeton.port', "50111")
+webhcat_server_hosts = default("/clusterHostInfo/webhcat_server_host", None)
+if type(webhcat_server_hosts) is list:
+ webhcat_server_host = webhcat_server_hosts[0]
+else:
+ webhcat_server_host = webhcat_server_hosts
+
+hbase_master_port = default('/configurations/hbase-site/hbase.rest.port', "8080")
+hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", None)
+if type(hbase_master_hosts) is list:
+ hbase_master_host = hbase_master_hosts[0]
+else:
+ hbase_master_host = hbase_master_hosts
+
+oozie_server_hosts = default("/clusterHostInfo/oozie_server", None)
+if type(oozie_server_hosts) is list:
+ oozie_server_host = oozie_server_hosts[0]
+else:
+ oozie_server_host = oozie_server_hosts
+
+has_oozie = not oozie_server_host == None
+oozie_server_port = "11000"
+
+if has_oozie:
+ if 'oozie.base.url' in config['configurations']['oozie-site']:
+ oozie_server_port = get_port_from_url(config['configurations']['oozie-site']['oozie.base.url'])
+
+
+# server configurations
+knox_conf_dir = '/etc/knox/conf'
+knox_data_dir = '/var/lib/knox/data'
+knox_logs_dir = '/var/log/knox'
+knox_pid_dir = status_params.knox_pid_dir
+knox_user = default("/configurations/knox-env/knox_user", "knox")
+knox_group = default("/configurations/knox-env/knox_group", "knox")
+knox_pid_file = status_params.knox_pid_file
+ldap_pid_file = status_params.ldap_pid_file
+knox_master_secret = config['configurations']['knox-env']['knox_master_secret']
+knox_master_secret_path = '/var/lib/knox/data/security/master'
+knox_cert_store_path = '/var/lib/knox/data/security/keystores/gateway.jks'
+knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0]
+knox_host_name_in_cluster = config['hostname']
+knox_host_port = config['configurations']['gateway-site']['gateway.port']
+topology_template = config['configurations']['topology']['content']
+gateway_log4j = config['configurations']['gateway-log4j']['content']
+ldap_log4j = config['configurations']['ldap-log4j']['content']
+users_ldif = config['configurations']['users-ldif']['content']
+java_home = config['hostLevelParams']['java_home']
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+smokeuser = config['configurations']['cluster-env']['smokeuser']
+smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name']
+smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
+kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+if security_enabled:
+ knox_keytab_path = config['configurations']['knox-env']['knox_keytab_path']
+ _hostname_lowercase = config['hostname'].lower()
+ knox_principal_name = config['configurations']['knox-env']['knox_principal_name'].replace('_HOST',_hostname_lowercase)
+
+# ranger host
+ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
+has_ranger_admin = not len(ranger_admin_hosts) == 0
+
+if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
+ # Setting Flag value for ranger hbase plugin
+ enable_ranger_knox = False
+ user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled']
+ if user_input.lower() == 'yes':
+ enable_ranger_knox = True
+ elif user_input.lower() == 'no':
+ enable_ranger_knox = False
+
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py
new file mode 100644
index 0000000..e05262f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+import sys
+
+class KnoxServiceCheck(Script):
+
+ def service_check(self, env):
+ import params
+ env.set_params(params)
+
+ validateKnoxFileName = "validateKnoxStatus.py"
+ validateKnoxFilePath = format("{tmp_dir}/{validateKnoxFileName}")
+ python_executable = sys.executable
+ validateStatusCmd = format("{python_executable} {validateKnoxFilePath} -p {knox_host_port} -n {knox_host_name}")
+ if params.security_enabled:
+ kinit_cmd = format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal};")
+ smoke_cmd = format("{kinit_cmd} {validateStatusCmd}")
+ else:
+ smoke_cmd = validateStatusCmd
+
+ print "Test connectivity to knox server"
+
+
+ File(validateKnoxFilePath,
+ content=StaticFile(validateKnoxFileName),
+ mode=0755
+ )
+
+ Execute(smoke_cmd,
+ tries=3,
+ try_sleep=5,
+ path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin',
+ user=params.smokeuser,
+ timeout=5,
+ logoutput=True
+ )
+
+if __name__ == "__main__":
+ KnoxServiceCheck().execute()
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
new file mode 100644
index 0000000..76185a8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py
@@ -0,0 +1,183 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import sys
+import fileinput
+import subprocess
+import json
+import re
+from resource_management import *
+from resource_management.libraries.functions.ranger_functions import Rangeradmin
+from resource_management.core.logger import Logger
+
+def setup_ranger_knox(env):
+ import params
+ env.set_params(params)
+
+ if params.has_ranger_admin:
+ try:
+ command = 'hdp-select status knox-server'
+ return_code, hdp_output = shell.call(command, timeout=20)
+ except Exception, e:
+ Logger.error(str(e))
+ raise Fail('Unable to execute hdp-select command to retrieve the version.')
+
+ if return_code != 0:
+ raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code)))
+
+ hdp_version = re.sub('knox-server - ', '', hdp_output)
+ match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version)
+
+ if match is None:
+ raise Fail('Failed to get extracted version')
+
+ file_path = '/usr/hdp/'+ hdp_version +'/ranger-knox-plugin/install.properties'
+
+ ranger_knox_dict = ranger_knox_properties(params)
+ knox_repo_data = knox_repo_properties(params)
+
+ write_properties_to_file(file_path, ranger_knox_dict)
+
+ if params.enable_ranger_knox:
+ cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh enable-knox-plugin.sh')
+ ranger_adm_obj = Rangeradmin(url=ranger_knox_dict['POLICY_MGR_URL'])
+ response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_knox_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test')
+
+ if response_code is not None and response_code == 200:
+ repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_knox_dict['REPOSITORY_NAME'], 'knox', 'true', 'admin:admin')
+
+ if repo and repo['name'] == ranger_knox_dict['REPOSITORY_NAME']:
+ Logger.info('Knox Repository exist')
+ else:
+ response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, 'admin:admin')
+ if response is not None:
+ Logger.info('Knox Repository created in Ranger Admin')
+ else:
+ Logger.info('Knox Repository creation failed in Ranger Admin')
+ else:
+ Logger.info('Ranger service is not started on given host')
+ else:
+ cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh disable-knox-plugin.sh')
+
+ Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+ else:
+ Logger.info('Ranger admin not installed')
+
+
+def write_properties_to_file(file_path, value):
+ for key in value:
+ modify_config(file_path, key, value[key])
+
+
+def modify_config(filepath, variable, setting):
+ var_found = False
+ already_set = False
+ V=str(variable)
+ S=str(setting)
+ # use quotes if setting has spaces #
+ if ' ' in S:
+ S = '%s' % S
+
+ for line in fileinput.input(filepath, inplace = 1):
+ # process lines that look like config settings #
+ if not line.lstrip(' ').startswith('#') and '=' in line:
+ _infile_var = str(line.split('=')[0].rstrip(' '))
+ _infile_set = str(line.split('=')[1].lstrip(' ').rstrip())
+ # only change the first matching occurrence #
+ if var_found == False and _infile_var.rstrip(' ') == V:
+ var_found = True
+ # don't change it if it is already set #
+ if _infile_set.lstrip(' ') == S:
+ already_set = True
+ else:
+ line = "%s=%s\n" % (V, S)
+
+ sys.stdout.write(line)
+
+ # Append the variable if it wasn't found #
+ if not var_found:
+ with open(filepath, "a") as f:
+ f.write("%s=%s\n" % (V, S))
+ elif already_set == True:
+ pass
+ else:
+ pass
+
+ return
+
+def ranger_knox_properties(params):
+ ranger_knox_properties = dict()
+
+ ranger_knox_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url']
+ ranger_knox_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR']
+ ranger_knox_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR']
+ ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name']
+ ranger_knox_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user']
+ ranger_knox_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties']['audit_db_password']
+ ranger_knox_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host']
+ ranger_knox_properties['REPOSITORY_NAME'] = params.config['clusterName'] + '_knox'
+
+ ranger_knox_properties['KNOX_HOME'] = params.config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME']
+
+ ranger_knox_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.DB.IS_ENABLED']
+
+ ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED']
+ ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY']
+ ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY']
+ ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY']
+ ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE']
+ ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS']
+ ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS']
+ ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS']
+ ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE']
+ ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS']
+ ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS']
+ ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT']
+
+
+ ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_FILE_PATH']
+ ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_PASSWORD']
+ ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH']
+ ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_PASSWORD']
+
+
+ return ranger_knox_properties
+
+def knox_repo_properties(params):
+
+ knoxHost = params.config['clusterHostInfo']['knox_gateway_hosts'][0]
+ knoxPort = params.config['configurations']['gateway-site']['gateway.port']
+
+ config_dict = dict()
+ config_dict['username'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+ config_dict['password'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME']
+ config_dict['knox.url'] = 'https://' + knoxHost + ':' + str(knoxPort) +'/gateway/admin/api/v1/topologies'
+ config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate']
+
+ repo= dict()
+ repo['isActive'] = "true"
+ repo['config'] = json.dumps(config_dict)
+ repo['description'] = "knox repo"
+ repo['name'] = params.config['clusterName'] + "_knox"
+ repo['repositoryType'] = "Knox"
+ repo['assetType'] = '5'
+
+ data = json.dumps(repo)
+
+ return data
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/status_params.py
new file mode 100644
index 0000000..1bf7427
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/status_params.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management import *
+
+config = Script.get_config()
+
+knox_conf_dir = '/etc/knox/conf'
+knox_pid_dir = config['configurations']['knox-env']['knox_pid_dir']
+knox_pid_file = format("{knox_pid_dir}/gateway.pid")
+ldap_pid_file = format("{knox_pid_dir}/ldap.pid")
+
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+if security_enabled:
+ knox_keytab_path = config['configurations']['knox-env']['knox_keytab_path']
+ knox_principal_name = config['configurations']['knox-env']['knox_principal_name']
+else:
+ knox_keytab_path = None
+ knox_principal_name = None
+hostname = config['hostname'].lower()
+knox_user = default("/configurations/knox-env/knox_user", "knox")
+kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+temp_dir = Script.get_tmp_dir()
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/upgrade.py
new file mode 100644
index 0000000..9976cb2
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/upgrade.py
@@ -0,0 +1,71 @@
+
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+import tarfile
+import tempfile
+
+from resource_management.core.logger import Logger
+from resource_management.core.exceptions import Fail
+
+BACKUP_TEMP_DIR = "knox-upgrade-backup"
+BACKUP_DATA_ARCHIVE = "knox-data-backup.tar"
+BACKUP_CONF_ARCHIVE = "knox-conf-backup.tar"
+
+def backup_data():
+ """
+ Backs up the knox data as part of the upgrade process.
+ :return:
+ """
+ Logger.info('Backing up Knox data directory before upgrade...')
+ directoryMappings = _get_directory_mappings()
+
+ absolute_backup_dir = os.path.join(tempfile.gettempdir(), BACKUP_TEMP_DIR)
+ if not os.path.isdir(absolute_backup_dir):
+ os.makedirs(absolute_backup_dir)
+
+ for directory in directoryMappings:
+ if not os.path.isdir(directory):
+ raise Fail("Unable to backup missing directory {0}".format(directory))
+
+ archive = os.path.join(absolute_backup_dir, directoryMappings[directory])
+ Logger.info('Compressing {0} to {1}'.format(directory, archive))
+
+ if os.path.exists(archive):
+ os.remove(archive)
+
+ tarball = None
+ try:
+ tarball = tarfile.open(archive, "w")
+ tarball.add(directory, arcname=os.path.basename(directory))
+ finally:
+ if tarball:
+ tarball.close()
+
+def _get_directory_mappings():
+ """
+ Gets a dictionary of directory to archive name that represents the
+ directories that need to be backed up and their output tarball archive targets
+ :return: the dictionary of directory to tarball mappings
+ """
+ import params
+
+ return { params.knox_data_dir : BACKUP_DATA_ARCHIVE, params.knox_conf_dir : BACKUP_CONF_ARCHIVE }
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2 b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2
new file mode 100644
index 0000000..fa3237b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/templates/krb5JAASLogin.conf.j2
@@ -0,0 +1,30 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+com.sun.security.jgss.initiate {
+com.sun.security.auth.module.Krb5LoginModule required
+renewTGT=true
+doNotPrompt=true
+useKeyTab=true
+keyTab="{{knox_keytab_path}}"
+principal="{{knox_principal_name}}"
+isInitiator=true
+storeKey=true
+useTicketCache=true
+client=true;
+};
+
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/alerts.json b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/alerts.json
deleted file mode 100644
index e063da7..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/alerts.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
- "KNOX": {
- "service": [],
- "KNOX_GATEWAY": [
- {
- "name": "knox_gateway_process",
- "label": "Know Gateway Process",
- "description": "This host-level alert is triggered if the Knox Gateway cannot be determined to be up.",
- "interval": 1,
- "scope": "HOST",
- "source": {
- "type": "PORT",
- "uri": "{{gateway-site/gateway.port}}",
- "default_port": 8443,
- "reporting": {
- "ok": {
- "text": "TCP OK - {0:.3f}s response on port {1}"
- },
- "warning": {
- "text": "TCP OK - {0:.3f}s response on port {1}",
- "value": 1.5
- },
- "critical": {
- "text": "Connection failed: {0} to {1}:{2}",
- "value": 5.0
- }
- }
- }
- }
- ]
- }
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-log4j.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-log4j.xml
deleted file mode 100644
index 370f786..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-log4j.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false">
-
- <property>
- <name>content</name>
- <value>
-
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-
- app.log.dir=${launcher.dir}/../logs
- app.log.file=${launcher.name}.log
- app.audit.file=${launcher.name}-audit.log
-
- log4j.rootLogger=ERROR, drfa
-
- log4j.logger.org.apache.hadoop.gateway=INFO
- #log4j.logger.org.apache.hadoop.gateway=DEBUG
-
- #log4j.logger.org.eclipse.jetty=DEBUG
- #log4j.logger.org.apache.shiro=DEBUG
- #log4j.logger.org.apache.http=DEBUG
- #log4j.logger.org.apache.http.client=DEBUG
- #log4j.logger.org.apache.http.headers=DEBUG
- #log4j.logger.org.apache.http.wire=DEBUG
-
- log4j.appender.stdout=org.apache.log4j.ConsoleAppender
- log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
- log4j.appender.stdout.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
-
- log4j.appender.drfa=org.apache.log4j.DailyRollingFileAppender
- log4j.appender.drfa.File=${app.log.dir}/${app.log.file}
- log4j.appender.drfa.DatePattern=.yyyy-MM-dd
- log4j.appender.drfa.layout=org.apache.log4j.PatternLayout
- log4j.appender.drfa.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
-
- log4j.logger.audit=INFO, auditfile
- log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender
- log4j.appender.auditfile.File=${app.log.dir}/${app.audit.file}
- log4j.appender.auditfile.Append = true
- log4j.appender.auditfile.DatePattern = '.'yyyy-MM-dd
- log4j.appender.auditfile.layout = org.apache.hadoop.gateway.audit.log4j.layout.AuditLayout
-
- </value>
- <description>
- content for log4j.properties file for Knox.
- </description>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-site.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-site.xml
deleted file mode 100644
index 4d4c4ed..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/gateway-site.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-<!-- The default settings for Knox. -->
-<!-- Edit gateway-site.xml to change settings for your local -->
-<!-- install. -->
-
-<configuration supports_final="false">
-
- <property>
- <name>gateway.port</name>
- <value>8443</value>
- <description>The HTTP port for the Gateway.</description>
- </property>
-
- <property>
- <name>gateway.path</name>
- <value>gateway</value>
- <description>The default context path for the gateway.</description>
- </property>
-
- <property>
- <name>gateway.gateway.conf.dir</name>
- <value>deployments</value>
- <description>The directory within GATEWAY_HOME that contains gateway topology files and deployments.</description>
- </property>
-
- <property>
- <name>gateway.hadoop.kerberos.secured</name>
- <value>false</value>
- <description>Boolean flag indicating whether the Hadoop cluster protected by Gateway is secured with Kerberos</description>
- </property>
-
- <property>
- <name>java.security.krb5.conf</name>
- <value>/etc/knox/conf/krb5.conf</value>
- <description>Absolute path to krb5.conf file</description>
- </property>
-
- <property>
- <name>java.security.auth.login.config</name>
- <value>/etc/knox/conf/krb5JAASLogin.conf</value>
- <description>Absolute path to JASS login config file</description>
- </property>
-
- <property>
- <name>sun.security.krb5.debug</name>
- <value>true</value>
- <description>Boolean flag indicating whether to enable debug messages for krb5 authentication</description>
- </property>
-
-</configuration>
-
-
-
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/knox-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/knox-env.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/knox-env.xml
deleted file mode 100644
index bbd3d12..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/knox-env.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false">
- <!-- knox-env.sh -->
-
- <property require-input="true">
- <name>knox_master_secret</name>
- <value></value>
- <property-type>PASSWORD</property-type>
- <description>password to use as the master secret</description>
- </property>
-
- <property>
- <name>knox_user</name>
- <value>knox</value>
- <property-type>USER</property-type>
- <description>Knox Username.</description>
- </property>
-
- <property>
- <name>knox_group</name>
- <value>knox</value>
- <property-type>GROUP</property-type>
- <description>Knox Group.</description>
- </property>
-
- <property>
- <name>knox_pid_dir</name>
- <value>/var/run/knox</value>
- <description>Knox PID dir.</description>
- </property>
-
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ldap-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ldap-log4j.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ldap-log4j.xml
deleted file mode 100644
index a0cf658..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ldap-log4j.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false">
-
- <property>
- <name>content</name>
- <value>
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
-
- app.log.dir=${launcher.dir}/../logs
- app.log.file=${launcher.name}.log
-
- log4j.rootLogger=ERROR, drfa
- log4j.logger.org.apache.directory.server.ldap.LdapServer=INFO
- log4j.logger.org.apache.directory=WARN
-
- log4j.appender.stdout=org.apache.log4j.ConsoleAppender
- log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
- log4j.appender.stdout.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n
-
- log4j.appender.drfa=org.apache.log4j.DailyRollingFileAppender
- log4j.appender.drfa.File=${app.log.dir}/${app.log.file}
- log4j.appender.drfa.DatePattern=.yyyy-MM-dd
- log4j.appender.drfa.layout=org.apache.log4j.PatternLayout
- log4j.appender.drfa.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n
-
- </value>
- <description>
- content for log4j.properties file for the demo LDAP that comes with Knox.
- </description>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ranger-knox-plugin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ranger-knox-plugin-properties.xml
deleted file mode 100644
index b744658..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/ranger-knox-plugin-properties.xml
+++ /dev/null
@@ -1,156 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_final="true">
-
- <property>
- <name>common.name.for.certificate</name>
- <value>-</value>
- <description>Used for repository creation on ranger admin</description>
- </property>
-
- <property>
- <name>ranger-knox-plugin-enabled</name>
- <value>No</value>
- <description>Enable ranger knox plugin ?</description>
- </property>
-
- <property>
- <name>REPOSITORY_CONFIG_USERNAME</name>
- <value>admin</value>
- <description>Used for repository creation on ranger admin</description>
- </property>
-
- <property>
- <name>REPOSITORY_CONFIG_PASSWORD</name>
- <value>admin-password</value>
- <property-type>PASSWORD</property-type>
- <description>Used for repository creation on ranger admin</description>
- </property>
-
- <property>
- <name>KNOX_HOME</name>
- <value>/usr/hdp/current/knox-server</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.DB.IS_ENABLED</name>
- <value>true</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.IS_ENABLED</name>
- <value>false</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name>
- <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name>
- <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name>
- <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.DESTINTATION_FILE</name>
- <value>%hostname%-audit.log</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name>
- <value>900</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name>
- <value>86400</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name>
- <value>60</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name>
- <value>%time:yyyyMMdd-HHmm.ss%.log</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name>
- <value>60</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name>
- <value>600</value>
- <description></description>
- </property>
-
- <property>
- <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name>
- <value>10</value>
- <description></description>
- </property>
-
- <property>
- <name>SSL_KEYSTORE_FILE_PATH</name>
- <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value>
- <description></description>
- </property>
-
- <property>
- <name>SSL_KEYSTORE_PASSWORD</name>
- <value>myKeyFilePassword</value>
- <description></description>
- </property>
-
- <property>
- <name>SSL_TRUSTSTORE_FILE_PATH</name>
- <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value>
- <description></description>
- </property>
-
- <property>
- <name>SSL_TRUSTSTORE_PASSWORD</name>
- <value>changeit</value>
- <description></description>
- </property>
-
-</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/topology.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/topology.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/topology.xml
deleted file mode 100644
index db16a21..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/topology.xml
+++ /dev/null
@@ -1,116 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false" supports_adding_forbidden="true">
- <!-- topology file -->
-
- <property>
- <name>content</name>
- <value>
- <topology>
-
- <gateway>
-
- <provider>
- <role>authentication</role>
- <name>ShiroProvider</name>
- <enabled>true</enabled>
- <param>
- <name>sessionTimeout</name>
- <value>30</value>
- </param>
- <param>
- <name>main.ldapRealm</name>
- <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
- </param>
- <param>
- <name>main.ldapRealm.userDnTemplate</name>
- <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
- </param>
- <param>
- <name>main.ldapRealm.contextFactory.url</name>
- <value>ldap://{{knox_host_name}}:33389</value>
- </param>
- <param>
- <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
- <value>simple</value>
- </param>
- <param>
- <name>urls./**</name>
- <value>authcBasic</value>
- </param>
- </provider>
-
- <provider>
- <role>identity-assertion</role>
- <name>Default</name>
- <enabled>true</enabled>
- </provider>
-
- </gateway>
-
- <service>
- <role>NAMENODE</role>
- <url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>
- </service>
-
- <service>
- <role>JOBTRACKER</role>
- <url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>
- </service>
-
- <service>
- <role>WEBHDFS</role>
- <url>http://{{namenode_host}}:{{namenode_http_port}}/webhdfs</url>
- </service>
-
- <service>
- <role>WEBHCAT</role>
- <url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>
- </service>
-
- <service>
- <role>OOZIE</role>
- <url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>
- </service>
-
- <service>
- <role>WEBHBASE</role>
- <url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>
- </service>
-
- <service>
- <role>HIVE</role>
- <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
- </service>
-
- <service>
- <role>RESOURCEMANAGER</role>
- <url>http://{{rm_host}}:{{rm_port}}/ws</url>
- </service>
- </topology>
- </value>
- <description>
- The configuration specifies the Hadoop cluster services Knox will provide access to.
- </description>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/users-ldif.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/users-ldif.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/users-ldif.xml
deleted file mode 100644
index ace4858..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/configuration/users-ldif.xml
+++ /dev/null
@@ -1,135 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false" supports_adding_forbidden="true">
-
- <property>
- <name>content</name>
- <value>
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-version: 1
-
-# Please replace with site specific values
-dn: dc=hadoop,dc=apache,dc=org
-objectclass: organization
-objectclass: dcObject
-o: Hadoop
-dc: hadoop
-
-# Entry for a sample people container
-# Please replace with site specific values
-dn: ou=people,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass:organizationalUnit
-ou: people
-
-# Entry for a sample end user
-# Please replace with site specific values
-dn: uid=guest,ou=people,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass:person
-objectclass:organizationalPerson
-objectclass:inetOrgPerson
-cn: Guest
-sn: User
-uid: guest
-userPassword:guest-password
-
-# entry for sample user admin
-dn: uid=admin,ou=people,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass:person
-objectclass:organizationalPerson
-objectclass:inetOrgPerson
-cn: Admin
-sn: Admin
-uid: admin
-userPassword:admin-password
-
-# entry for sample user sam
-dn: uid=sam,ou=people,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass:person
-objectclass:organizationalPerson
-objectclass:inetOrgPerson
-cn: sam
-sn: sam
-uid: sam
-userPassword:sam-password
-
-# entry for sample user tom
-dn: uid=tom,ou=people,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass:person
-objectclass:organizationalPerson
-objectclass:inetOrgPerson
-cn: tom
-sn: tom
-uid: tom
-userPassword:tom-password
-
-# create FIRST Level groups branch
-dn: ou=groups,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass:organizationalUnit
-ou: groups
-description: generic groups branch
-
-# create the analyst group under groups
-dn: cn=analyst,ou=groups,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass: groupofnames
-cn: analyst
-description:analyst group
-member: uid=sam,ou=people,dc=hadoop,dc=apache,dc=org
-member: uid=tom,ou=people,dc=hadoop,dc=apache,dc=org
-
-
-# create the scientist group under groups
-dn: cn=scientist,ou=groups,dc=hadoop,dc=apache,dc=org
-objectclass:top
-objectclass: groupofnames
-cn: scientist
-description: scientist group
-member: uid=sam,ou=people,dc=hadoop,dc=apache,dc=org
-
- </value>
- <description>
- content for users-ldif file for the demo LDAP that comes with Knox.
- </description>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/metainfo.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/metainfo.xml
deleted file mode 100644
index 0e91081..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/metainfo.xml
+++ /dev/null
@@ -1,88 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<metainfo>
- <schemaVersion>2.0</schemaVersion>
- <services>
- <service>
- <name>KNOX</name>
- <displayName>Knox</displayName>
- <comment>Provides a single point of authentication and access for Apache Hadoop services in a cluster</comment>
- <version>0.5.0</version>
- <components>
- <component>
- <name>KNOX_GATEWAY</name>
- <displayName>Knox Gateway</displayName>
- <category>MASTER</category>
- <cardinality>1+</cardinality>
- <commandScript>
- <script>scripts/knox_gateway.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>1200</timeout>
- </commandScript>
- <customCommands>
- <customCommand>
- <name>STARTDEMOLDAP</name>
- <commandScript>
- <script>scripts/demo_ldap.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>600</timeout>
- </commandScript>
- </customCommand>
- <customCommand>
- <name>STOPDEMOLDAP</name>
- <commandScript>
- <script>scripts/demo_ldap.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>600</timeout>
- </commandScript>
- </customCommand>
- </customCommands>
- </component>
- </components>
- <osSpecifics>
- <osSpecific>
- <osFamily>redhat5,redhat6,suse11</osFamily>
- <packages>
- <package>
- <name>knox_2_2_*</name>
- </package>
- </packages>
- </osSpecific>
- <osSpecific>
- <osFamily>ubuntu12</osFamily>
- <packages>
- <package>
- <name>knox-2-2-.*</name>
- </package>
- </packages>
- </osSpecific>
- </osSpecifics>
- <commandScript>
- <script>scripts/service_check.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>300</timeout>
- </commandScript>
- <configuration-dependencies>
- <config-type>gateway-site</config-type>
- <config-type>gateway-log4j</config-type>
- <config-type>topology</config-type>
- <config-type>ranger-knox-plugin-properties</config-type>
- </configuration-dependencies>
- </service>
- </services>
-</metainfo>
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/files/validateKnoxStatus.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/files/validateKnoxStatus.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/files/validateKnoxStatus.py
deleted file mode 100644
index 257abfb..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/files/validateKnoxStatus.py
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-import optparse
-import socket
-
-#
-# Main.
-#
-def main():
- parser = optparse.OptionParser(usage="usage: %prog [options]")
- parser.add_option("-p", "--port", dest="port", help="Port for Knox process")
- parser.add_option("-n", "--hostname", dest="hostname", help="Hostname of Knox Gateway component")
-
- (options, args) = parser.parse_args()
- timeout_seconds = 5
- try:
- s = socket.create_connection((options.hostname, int(options.port)),timeout=timeout_seconds)
- print "Successfully connected to %s on port %s" % (options.hostname, options.port)
- s.close()
- except socket.error, e:
- print "Connection to %s on port %s failed: %s" % (options.hostname, options.port, e)
- exit(1)
-
-if __name__ == "__main__":
- main()
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox.py
deleted file mode 100644
index 7d7d20c..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox.py
+++ /dev/null
@@ -1,85 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management import *
-
-
-def knox():
- import params
-
- Directory(params.knox_conf_dir,
- owner = params.knox_user,
- group = params.knox_group,
- recursive = True
- )
-
-
- XmlConfig("gateway-site.xml",
- conf_dir=params.knox_conf_dir,
- configurations=params.config['configurations']['gateway-site'],
- configuration_attributes=params.config['configuration_attributes']['gateway-site'],
- owner=params.knox_user,
- group=params.knox_group,
- )
-
- File(format("{params.knox_conf_dir}/gateway-log4j.properties"),
- mode=0644,
- group=params.knox_group,
- owner=params.knox_user,
- content=params.gateway_log4j
- )
-
- File(format("{params.knox_conf_dir}/topologies/default.xml"),
- group=params.knox_group,
- owner=params.knox_user,
- content=InlineTemplate(params.topology_template)
- )
- if params.security_enabled:
- TemplateConfig( format("{knox_conf_dir}/krb5JAASLogin.conf"),
- owner = params.knox_user,
- template_tag = None
- )
-
- dirs_to_chown = (params.knox_data_dir, params.knox_logs_dir, params.knox_logs_dir, params.knox_pid_dir, params.knox_conf_dir)
- cmd = ('chown','-R',format('{knox_user}:{knox_group}'))+dirs_to_chown
- Execute(cmd,
- sudo = True,
- )
-
- #File([params.knox_data_dir, params.knox_logs_dir, params.knox_logs_dir, params.knox_pid_dir, params.knox_conf_dir],
- # owner = params.knox_user,
- # group = params.knox_group
- #)
-
- cmd = format('{knox_client_bin} create-master --master {knox_master_secret!p}')
- master_secret_exist = as_user(format('test -f {knox_master_secret_path}'), params.knox_user)
-
- Execute(cmd,
- user=params.knox_user,
- environment={'JAVA_HOME': params.java_home},
- not_if=master_secret_exist,
- )
-
- cmd = format('{knox_client_bin} create-cert --hostname {knox_host_name_in_cluster}')
- Execute(cmd,
- user=params.knox_user,
- environment={'JAVA_HOME': params.java_home},
- not_if=master_secret_exist,
- )
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox_gateway.py
deleted file mode 100644
index 8593c5a..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/knox_gateway.py
+++ /dev/null
@@ -1,183 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management import *
-from resource_management.libraries.functions.security_commons import build_expectations, \
- cached_kinit_executor, validate_security_config_properties, get_params_from_filesystem, \
- FILE_TYPE_XML
-import sys
-import upgrade
-
-from knox import knox
-from ldap import ldap
-from setup_ranger_knox import setup_ranger_knox
-
-class KnoxGateway(Script):
-
- def get_stack_to_component(self):
- return {"HDP": "knox-server"}
-
- def install(self, env):
- self.install_packages(env)
- import params
- env.set_params(params)
-
- File(format('{knox_conf_dir}/topologies/sandbox.xml'),
- action = "delete",
- )
-
- def configure(self, env):
- import params
- env.set_params(params)
- knox()
- ldap()
-
- def pre_rolling_restart(self, env):
- import params
- env.set_params(params)
-
- if params.version and compare_versions(format_hdp_stack_version(params.version), '2.2.0.0') >= 0:
- upgrade.backup_data()
- Execute(format("hdp-select set knox-server {version}"))
-
-
- def start(self, env, rolling_restart=False):
- import params
- env.set_params(params)
- self.configure(env)
- daemon_cmd = format('{knox_bin} start')
- no_op_test = format('ls {knox_pid_file} >/dev/null 2>&1 && ps -p `cat {knox_pid_file}` >/dev/null 2>&1')
- setup_ranger_knox(env)
- Execute(daemon_cmd,
- user=params.knox_user,
- environment={'JAVA_HOME': params.java_home},
- not_if=no_op_test
- )
-
- def stop(self, env, rolling_restart=False):
- import params
- env.set_params(params)
- self.configure(env)
- daemon_cmd = format('{knox_bin} stop')
- Execute(daemon_cmd,
- environment={'JAVA_HOME': params.java_home},
- user=params.knox_user,
- )
- Execute (format("rm -f {knox_pid_file}"))
-
-
- def status(self, env):
- import status_params
- env.set_params(status_params)
- check_process_status(status_params.knox_pid_file)
-
-
- def configureldap(self, env):
- import params
- env.set_params(params)
- ldap()
-
- def startdemoldap(self, env):
- import params
- env.set_params(params)
- self.configureldap(env)
- daemon_cmd = format('{ldap_bin} start')
- no_op_test = format('ls {ldap_pid_file} >/dev/null 2>&1 && ps -p `cat {ldap_pid_file}` >/dev/null 2>&1')
- Execute(daemon_cmd,
- user=params.knox_user,
- environment={'JAVA_HOME': params.java_home},
- not_if=no_op_test
- )
-
- def stopdemoldap(self, env):
- import params
- env.set_params(params)
- self.configureldap(env)
- daemon_cmd = format('{ldap_bin} stop')
- Execute(daemon_cmd,
- environment={'JAVA_HOME': params.java_home},
- user=params.knox_user,
- )
- Execute (format("rm -f {ldap_pid_file}"))
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations = {}
- expectations.update(build_expectations(
- 'krb5JAASLogin',
- None,
- ['keytab', 'principal'],
- None
- ))
- expectations.update(build_expectations(
- 'gateway-site',
- {
- "gateway.hadoop.kerberos.secured" : "true"
- },
- None,
- None
- ))
-
- security_params = {
- "krb5JAASLogin":
- {
- 'keytab': status_params.knox_keytab_path,
- 'principal': status_params.knox_principal_name
- }
- }
- security_params.update(get_params_from_filesystem(status_params.knox_conf_dir,
- {"gateway-site.xml" : FILE_TYPE_XML}))
-
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'krb5JAASLogin' not in security_params
- or 'keytab' not in security_params['krb5JAASLogin']
- or 'principal' not in security_params['krb5JAASLogin']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file and principal are not set."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.knox_user,
- security_params['krb5JAASLogin']['keytab'],
- security_params['krb5JAASLogin']['principal'],
- status_params.hostname,
- status_params.temp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
-
-if __name__ == "__main__":
- KnoxGateway().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/ldap.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/ldap.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/ldap.py
deleted file mode 100644
index 2ff8297..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/ldap.py
+++ /dev/null
@@ -1,39 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management import *
-
-
-def ldap():
- import params
-
- File(format("{params.knox_conf_dir}/ldap-log4j.properties"),
- mode=0644,
- group=params.knox_group,
- owner=params.knox_user,
- content=params.ldap_log4j
- )
-
- File(format("{params.knox_conf_dir}/users.ldif"),
- mode=0644,
- group=params.knox_group,
- owner=params.knox_user,
- content=params.users_ldif
- )
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/params.py
deleted file mode 100644
index 28fabe5..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/params.py
+++ /dev/null
@@ -1,161 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-Ambari Agent
-
-"""
-
-from resource_management.libraries.functions.version import format_hdp_stack_version, compare_versions
-from resource_management.libraries.functions.default import default
-from resource_management import *
-import status_params
-
-config = Script.get_config()
-tmp_dir = Script.get_tmp_dir()
-
-stack_name = default("/hostLevelParams/stack_name", None)
-
-version = default("/commandParams/version", None)
-
-stack_version_unformatted = str(config['hostLevelParams']['stack_version'])
-hdp_stack_version = format_hdp_stack_version(stack_version_unformatted)
-
-if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
- knox_bin = '/usr/hdp/current/knox-server/bin/gateway.sh'
- ldap_bin = '/usr/hdp/current/knox-server/bin/ldap.sh'
- knox_client_bin = '/usr/hdp/current/knox-server/bin/knoxcli.sh'
- knox_data_dir = '/usr/hdp/current/knox-server/data'
- knox_conf_dir = '/usr/hdp/current/knox-server/conf'
-else:
- knox_bin = '/usr/bin/gateway'
- ldap_bin = '/usr/lib/knox/bin/ldap.sh'
- knox_client_bin = '/usr/lib/knox/bin/knoxcli.sh'
- knox_data_dir = '/usr/lib/knox/data'
- knox_conf_dir = '/usr/lib/knox/conf'
-
-namenode_hosts = default("/clusterHostInfo/namenode_host", None)
-if type(namenode_hosts) is list:
- namenode_host = namenode_hosts[0]
-else:
- namenode_host = namenode_hosts
-
-has_namenode = not namenode_host == None
-namenode_http_port = "50070"
-namenode_rpc_port = "8020"
-
-if has_namenode:
- if 'dfs.namenode.http-address' in config['configurations']['hdfs-site']:
- namenode_http_port = get_port_from_url(config['configurations']['hdfs-site']['dfs.namenode.http-address'])
- if 'dfs.namenode.rpc-address' in config['configurations']['hdfs-site']:
- namenode_rpc_port = get_port_from_url(config['configurations']['hdfs-site']['dfs.namenode.rpc-address'])
-
-rm_hosts = default("/clusterHostInfo/rm_host", None)
-if type(rm_hosts) is list:
- rm_host = rm_hosts[0]
-else:
- rm_host = rm_hosts
-has_rm = not rm_host == None
-
-jt_rpc_port = "8050"
-rm_port = "8080"
-
-if has_rm:
- if 'yarn.resourcemanager.address' in config['configurations']['yarn-site']:
- jt_rpc_port = get_port_from_url(config['configurations']['yarn-site']['yarn.resourcemanager.address'])
-
- if 'yarn.resourcemanager.webapp.address' in config['configurations']['yarn-site']:
- rm_port = get_port_from_url(config['configurations']['yarn-site']['yarn.resourcemanager.webapp.address'])
-
-hive_http_port = default('/configurations/hive-site/hive.server2.thrift.http.port', "10001")
-hive_http_path = default('/configurations/hive-site/hive.server2.thrift.http.path', "cliservice")
-hive_server_hosts = default("/clusterHostInfo/hive_server_host", None)
-if type(hive_server_hosts) is list:
- hive_server_host = hive_server_hosts[0]
-else:
- hive_server_host = hive_server_hosts
-
-templeton_port = default('/configurations/webhcat-site/templeton.port', "50111")
-webhcat_server_hosts = default("/clusterHostInfo/webhcat_server_host", None)
-if type(webhcat_server_hosts) is list:
- webhcat_server_host = webhcat_server_hosts[0]
-else:
- webhcat_server_host = webhcat_server_hosts
-
-hbase_master_port = default('/configurations/hbase-site/hbase.rest.port', "8080")
-hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", None)
-if type(hbase_master_hosts) is list:
- hbase_master_host = hbase_master_hosts[0]
-else:
- hbase_master_host = hbase_master_hosts
-
-oozie_server_hosts = default("/clusterHostInfo/oozie_server", None)
-if type(oozie_server_hosts) is list:
- oozie_server_host = oozie_server_hosts[0]
-else:
- oozie_server_host = oozie_server_hosts
-
-has_oozie = not oozie_server_host == None
-oozie_server_port = "11000"
-
-if has_oozie:
- if 'oozie.base.url' in config['configurations']['oozie-site']:
- oozie_server_port = get_port_from_url(config['configurations']['oozie-site']['oozie.base.url'])
-
-
-# server configurations
-knox_conf_dir = '/etc/knox/conf'
-knox_data_dir = '/var/lib/knox/data'
-knox_logs_dir = '/var/log/knox'
-knox_pid_dir = status_params.knox_pid_dir
-knox_user = default("/configurations/knox-env/knox_user", "knox")
-knox_group = default("/configurations/knox-env/knox_group", "knox")
-knox_pid_file = status_params.knox_pid_file
-ldap_pid_file = status_params.ldap_pid_file
-knox_master_secret = config['configurations']['knox-env']['knox_master_secret']
-knox_master_secret_path = '/var/lib/knox/data/security/master'
-knox_cert_store_path = '/var/lib/knox/data/security/keystores/gateway.jks'
-knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0]
-knox_host_name_in_cluster = config['hostname']
-knox_host_port = config['configurations']['gateway-site']['gateway.port']
-topology_template = config['configurations']['topology']['content']
-gateway_log4j = config['configurations']['gateway-log4j']['content']
-ldap_log4j = config['configurations']['ldap-log4j']['content']
-users_ldif = config['configurations']['users-ldif']['content']
-java_home = config['hostLevelParams']['java_home']
-security_enabled = config['configurations']['cluster-env']['security_enabled']
-smokeuser = config['configurations']['cluster-env']['smokeuser']
-smokeuser_principal = config['configurations']['cluster-env']['smokeuser_principal_name']
-smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab']
-kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
-if security_enabled:
- knox_keytab_path = config['configurations']['knox-env']['knox_keytab_path']
- _hostname_lowercase = config['hostname'].lower()
- knox_principal_name = config['configurations']['knox-env']['knox_principal_name'].replace('_HOST',_hostname_lowercase)
-
-# ranger host
-ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", [])
-has_ranger_admin = not len(ranger_admin_hosts) == 0
-
-if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0:
- # Setting Flag value for ranger hbase plugin
- enable_ranger_knox = False
- user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled']
- if user_input.lower() == 'yes':
- enable_ranger_knox = True
- elif user_input.lower() == 'no':
- enable_ranger_knox = False
-
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/a1e130fa/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/service_check.py
deleted file mode 100644
index e05262f..0000000
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0/package/scripts/service_check.py
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management import *
-import sys
-
-class KnoxServiceCheck(Script):
-
- def service_check(self, env):
- import params
- env.set_params(params)
-
- validateKnoxFileName = "validateKnoxStatus.py"
- validateKnoxFilePath = format("{tmp_dir}/{validateKnoxFileName}")
- python_executable = sys.executable
- validateStatusCmd = format("{python_executable} {validateKnoxFilePath} -p {knox_host_port} -n {knox_host_name}")
- if params.security_enabled:
- kinit_cmd = format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal};")
- smoke_cmd = format("{kinit_cmd} {validateStatusCmd}")
- else:
- smoke_cmd = validateStatusCmd
-
- print "Test connectivity to knox server"
-
-
- File(validateKnoxFilePath,
- content=StaticFile(validateKnoxFileName),
- mode=0755
- )
-
- Execute(smoke_cmd,
- tries=3,
- try_sleep=5,
- path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin',
- user=params.smokeuser,
- timeout=5,
- logoutput=True
- )
-
-if __name__ == "__main__":
- KnoxServiceCheck().execute()
\ No newline at end of file