You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2013/08/28 20:53:31 UTC
git commit: AMBARI-3049: Define spnego configs in yarn-site.xml for
secure cluster. (jaimin)
Updated Branches:
refs/heads/trunk 7d968d392 -> 6028540df
AMBARI-3049: Define spnego configs in yarn-site.xml for secure cluster. (jaimin)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/6028540d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/6028540d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/6028540d
Branch: refs/heads/trunk
Commit: 6028540dfbe54e9b113cac3b0f91325901a037a9
Parents: 7d968d3
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Wed Aug 28 11:52:13 2013 -0700
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Wed Aug 28 11:52:40 2013 -0700
----------------------------------------------------------------------
.../app/assets/data/clusters/HDP2/cluster.json | 2 +-
ambari-web/app/assets/data/clusters/info.json | 2 +-
.../main/admin/security/add/step3.js | 23 +++++
ambari-web/app/data/HDP2/secure_mapping.js | 48 +++++++++
ambari-web/app/data/HDP2/secure_properties.js | 100 +++++++++++++++++--
ambari-web/app/messages.js | 3 +
6 files changed, 167 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/assets/data/clusters/HDP2/cluster.json
----------------------------------------------------------------------
diff --git a/ambari-web/app/assets/data/clusters/HDP2/cluster.json b/ambari-web/app/assets/data/clusters/HDP2/cluster.json
index 510a596..e355e40 100644
--- a/ambari-web/app/assets/data/clusters/HDP2/cluster.json
+++ b/ambari-web/app/assets/data/clusters/HDP2/cluster.json
@@ -3,7 +3,7 @@
"Clusters" : {
"cluster_id" : 2,
"cluster_name" : "c1",
- "version" : "HDP-2.0.3",
+ "version" : "HDP-2.0.5",
"desired_configs" : {
"capacity-scheduler" : {
"user" : "admin",
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/assets/data/clusters/info.json
----------------------------------------------------------------------
diff --git a/ambari-web/app/assets/data/clusters/info.json b/ambari-web/app/assets/data/clusters/info.json
index 927589a..30f5c7f 100644
--- a/ambari-web/app/assets/data/clusters/info.json
+++ b/ambari-web/app/assets/data/clusters/info.json
@@ -5,7 +5,7 @@
"href" : "http://ec2-23-20-184-220.compute-1.amazonaws.com:8080/api/v1/clusters/tdk",
"Clusters" : {
"cluster_name" : "tdk",
- "version" : "HDP-1.3.0"
+ "version" : "HDP-2.0.5"
}
}
]
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/controllers/main/admin/security/add/step3.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/main/admin/security/add/step3.js b/ambari-web/app/controllers/main/admin/security/add/step3.js
index 38eac09..50678cc 100644
--- a/ambari-web/app/controllers/main/admin/security/add/step3.js
+++ b/ambari-web/app/controllers/main/admin/security/add/step3.js
@@ -170,6 +170,10 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
acl: '440'
});
}
+ this.setComponentConfig(result,host,'HISTORYSERVER','MAPREDUCE2','jobhistory_http_principal_name','jobhistory_http_keytab',Em.I18n.t('admin.addSecurity.historyServer.user.httpUser'),hadoopGroupId);
+ this.setComponentConfig(result,host,'RESOURCEMANAGER','YARN','resourcemanager_http_principal_name','resourcemanager_http_keytab',Em.I18n.t('admin.addSecurity.rm.user.httpUser'),hadoopGroupId);
+ this.setComponentConfig(result,host,'NODEMANAGER','YARN','nodemanager_http_principal_name','nodemanager_http_keytab',Em.I18n.t('admin.addSecurity.nm.user.httpUser'),hadoopGroupId);
+
host.get('hostComponents').forEach(function(hostComponent){
if(componentsToDisplay.contains(hostComponent.get('componentName'))){
var serviceConfigs = configs.filterProperty('serviceName', hostComponent.get('service.serviceName'));
@@ -234,6 +238,25 @@ App.MainAdminSecurityAddStep3Controller = Em.Controller.extend({
return securityUsers;
},
+ setComponentConfig: function(hostComponents,host,componentName,serviceName,principal,keytab,displayName,groupId) {
+ if (host.get('hostComponents').someProperty('componentName', componentName)) {
+ var result = {};
+ var configs = this.get('content.serviceConfigProperties');
+ var serviceConfigs = configs.filterProperty('serviceName', serviceName);
+ var servicePrincipal = serviceConfigs.findProperty('name', principal);
+ var serviceKeytabPath = serviceConfigs.findProperty('name', keytab).value;
+ result.host = host.get('hostName');
+ result.component = displayName;
+ result.principal = servicePrincipal.value.replace('_HOST', host.get('hostName').toLowerCase()) + servicePrincipal.unit;
+ result.keytabfile = stringUtils.getFileFromPath(serviceKeytabPath);
+ result.keytab = stringUtils.getPath(serviceKeytabPath);
+ result.owner = 'root';
+ result.group = groupId;
+ result.acl = '440';
+ hostComponents.push(result);
+ }
+ },
+
changeDisplayName: function (name) {
if (name === 'HiveServer2') {
return 'Hive Metastore and HiveServer2';
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/data/HDP2/secure_mapping.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2/secure_mapping.js b/ambari-web/app/data/HDP2/secure_mapping.js
index 0376f35..e674b91 100644
--- a/ambari-web/app/data/HDP2/secure_mapping.js
+++ b/ambari-web/app/data/HDP2/secure_mapping.js
@@ -178,6 +178,22 @@ module.exports = [
"serviceName": "MAPREDUCE2"
},
{
+ "name": "jobhistoryserver.webapp.spnego-principal",
+ "templateName": ["jobhistory_http_principal_name", "kerberos_domain"],
+ "foreignKey": null,
+ "value": "<templateName[0]>@<templateName[1]>",
+ "filename": "mapred-site.xml",
+ "serviceName": "MAPREDUCE2"
+ },
+ {
+ "name": "jobhistoryserver.webapp.spnego-keytab-file",
+ "templateName": ["jobhistory_http_keytab"],
+ "foreignKey": null,
+ "value": "<templateName[0]>",
+ "filename": "mapred-site.xml",
+ "serviceName": "MAPREDUCE2"
+ },
+ {
"name": "yarn.resourcemanager.principal",
"templateName": ["resourcemanager_principal_name", "kerberos_domain"],
"foreignKey": null,
@@ -210,6 +226,38 @@ module.exports = [
"serviceName": "YARN"
},
{
+ "name": "yarn.resourcemanager.webapp.spnego-principal",
+ "templateName": ["resourcemanager_http_principal_name", "kerberos_domain"],
+ "foreignKey": null,
+ "value": "<templateName[0]>@<templateName[1]>",
+ "filename": "yarn-site.xml",
+ "serviceName": "YARN"
+ },
+ {
+ "name": "yarn.resourcemanager.webapp.spnego-keytab-file",
+ "templateName": ["resourcemanager_http_keytab"],
+ "foreignKey": null,
+ "value": "<templateName[0]>",
+ "filename": "yarn-site.xml",
+ "serviceName": "YARN"
+ },
+ {
+ "name": "yarn.nodemanager.webapp.spnego-principal",
+ "templateName": ["nodemanager_http_principal_name", "kerberos_domain"],
+ "foreignKey": null,
+ "value": "<templateName[0]>@<templateName[1]>",
+ "filename": "yarn-site.xml",
+ "serviceName": "YARN"
+ },
+ {
+ "name": "yarn.nodemanager.webapp.spnego-keytab-file",
+ "templateName": ["nodemanager_http_keytab"],
+ "foreignKey": null,
+ "value": "<templateName[0]>",
+ "filename": "yarn-site.xml",
+ "serviceName": "YARN"
+ },
+ {
"name": "yarn.nodemanager.container-executor.class",
"templateName": ["yarn_nodemanager_container-executor_class"],
"foreignKey": null,
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/data/HDP2/secure_properties.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/data/HDP2/secure_properties.js b/ambari-web/app/data/HDP2/secure_properties.js
index 024fe75..6b41fd7 100644
--- a/ambari-web/app/data/HDP2/secure_properties.js
+++ b/ambari-web/app/data/HDP2/secure_properties.js
@@ -163,7 +163,7 @@ module.exports =
"category": "AMBARI"
},
- //HDFS
+ /**********************************************HDFS***************************************/
{
"id": "puppet var",
"name": "namenode_host",
@@ -393,7 +393,8 @@ module.exports =
"serviceName": "HDFS",
"category": "General"
},
- //MAPREDUCE 2
+
+ /**********************************************MAPREDUCE2***************************************/
{
"id": "puppet var",
"name": "jobhistoryserver_host",
@@ -435,7 +436,34 @@ module.exports =
"category": "JobHistoryServer",
"component": "HISTORYSERVER"
},
- //YARN
+ {
+ "id": "puppet var",
+ "name": "jobhistory_http_principal_name",
+ "displayName": "Web principal name",
+ "value": "",
+ "defaultValue": "HTTP/_HOST",
+ "description": "Principal name for spnego access to Job History Server. _HOST will get automatically replaced with actual hostname at an instance of Job History Server",
+ "displayType": "principal",
+ "isVisible": true,
+ "isOverridable": false,
+ "serviceName": "MAPREDUCE2",
+ "category": "JobHistoryServer"
+ },
+ {
+ "id": "puppet var",
+ "name": "jobhistory_http_keytab",
+ "displayName": "Path to spnego keytab file",
+ "value": "",
+ "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
+ "description": "Path to spnego keytab file for Job History Server",
+ "displayType": "directory",
+ "isVisible": true,
+ "isOverridable": false,
+ "serviceName": "MAPREDUCE2",
+ "category": "JobHistoryServer"
+ },
+
+ /**********************************************YARN***************************************/
{
"id": "puppet var",
"name": "resourcemanager_host",
@@ -479,6 +507,32 @@ module.exports =
},
{
"id": "puppet var",
+ "name": "resourcemanager_http_principal_name",
+ "displayName": "Web principal name",
+ "value": "",
+ "defaultValue": "HTTP/_HOST",
+ "description": "Principal name for spnego access to ResourceManager. _HOST will get automatically replaced with actual hostname at an instance of ResourceManager",
+ "displayType": "principal",
+ "isVisible": true,
+ "isOverridable": false,
+ "serviceName": "YARN",
+ "category": "ResourceManager"
+ },
+ {
+ "id": "puppet var",
+ "name": "resourcemanager_http_keytab",
+ "displayName": "Path to spnego keytab file",
+ "value": "",
+ "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
+ "description": "Path to spnego keytab file for ResourceManager",
+ "displayType": "directory",
+ "isVisible": true,
+ "isOverridable": false,
+ "serviceName": "YARN",
+ "category": "ResourceManager"
+ },
+ {
+ "id": "puppet var",
"name": "nodemanager_host",
"displayName": "NodeManager",
"value": "",
@@ -520,6 +574,32 @@ module.exports =
},
{
"id": "puppet var",
+ "name": "nodemanager_http_principal_name",
+ "displayName": "Web principal name",
+ "value": "",
+ "defaultValue": "HTTP/_HOST",
+ "description": "Principal name for spnego access to NodeManager. _HOST will get automatically replaced with actual hostname at all instances of NodeManager",
+ "displayType": "principal",
+ "isVisible": true,
+ "isOverridable": false,
+ "serviceName": "YARN",
+ "category": "NodeManager"
+ },
+ {
+ "id": "puppet var",
+ "name": "nodemanager_http_keytab",
+ "displayName": "Path to keytab file",
+ "value": "",
+ "defaultValue": "/etc/security/keytabs/spnego.service.keytab",
+ "description": "Path to spnego keytab file for NodeManager",
+ "displayType": "directory",
+ "isVisible": true,
+ "isOverridable": false,
+ "serviceName": "YARN",
+ "category": "NodeManager"
+ },
+ {
+ "id": "puppet var",
"name": "yarn_nodemanager_container-executor_class",
"displayName": "yarn.nodemanager.container-executor.class",
"value": "",
@@ -532,7 +612,7 @@ module.exports =
"category": "NodeManager"
},
- //WEBHCAT
+ /**********************************************WEBHCAT***************************************/
{
"id": "puppet var",
"name": "webhcatserver_host",
@@ -572,7 +652,8 @@ module.exports =
"serviceName": "WEBHCAT",
"category": "WebHCat Server"
},
- //HBASE
+
+ /**********************************************HBASE***************************************/
{
"id": "puppet var",
"name": "hbasemaster_host",
@@ -656,7 +737,7 @@ module.exports =
"components": ["HBASE_REGIONSERVER"]
},
- //HIVE
+ /**********************************************HIVE***************************************/
{
"id": "puppet var",
"name": "hive_metastore",
@@ -699,7 +780,7 @@ module.exports =
"component": "HIVE_SERVER"
},
- //OOZIE
+ /**********************************************OOZIE***************************************/
{
"id": "puppet var",
"name": "oozie_servername",
@@ -768,7 +849,7 @@ module.exports =
"category": "Oozie Server"
},
- //ZooKeeper
+ /**********************************************ZOOKEEPER***************************************/
{
"id": "puppet var",
"name": "zookeeperserver_hosts",
@@ -810,7 +891,8 @@ module.exports =
"category": "ZooKeeper Server",
"component": "ZOOKEEPER_SERVER"
},
- //NAGIOS
+
+ /**********************************************NAGIOS***************************************/
{
"id": "puppet var",
"name": "nagios_server",
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6028540d/ambari-web/app/messages.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js
index 8c93fef..54ddc2f 100644
--- a/ambari-web/app/messages.js
+++ b/ambari-web/app/messages.js
@@ -767,6 +767,9 @@ Em.I18n.translations = {
'admin.addSecurity.user.hdfsUser': 'HDFS User',
'admin.addSecurity.user.hbaseUser': 'HBase User',
'admin.addSecurity.hdfs.user.httpUser': 'HDFS SPNEGO User',
+ 'admin.addSecurity.rm.user.httpUser': 'ResourceManager SPNEGO User',
+ 'admin.addSecurity.nm.user.httpUser': 'NodeManager SPNEGO User',
+ 'admin.addSecurity.historyServer.user.httpUser': 'History server SPNEGO User',
'admin.addSecurity.webhcat.user.httpUser': 'WebHCat SPNEGO User',
'admin.addSecurity.oozie.user.httpUser': 'Oozie SPNEGO User',
'admin.addSecurity.enable.onClose': 'You are in the process of enabling security on your cluster. ' +