You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sw...@apache.org on 2013/03/26 02:32:24 UTC
svn commit: r1460945 - in /incubator/ambari/trunk: ./
ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/
ambari-agent/src/main/puppet/modules/hdp-hbase/templates/
ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/
ambari-agent/src/mai...
Author: swagle
Date: Tue Mar 26 01:32:24 2013
New Revision: 1460945
URL: http://svn.apache.org/r1460945
Log:
AMBARI-1692. Make changes to agent scripts to support secure HBase and Zk. (swagle)
Added:
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_client_jaas.conf.erb
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_region_server_jaas.conf.erb
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_client_jaas.conf.erb
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_jaas.conf.erb
Modified:
incubator/ambari/trunk/CHANGES.txt
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/params.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb
Modified: incubator/ambari/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/CHANGES.txt?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/CHANGES.txt (original)
+++ incubator/ambari/trunk/CHANGES.txt Tue Mar 26 01:32:24 2013
@@ -12,6 +12,8 @@ Trunk (unreleased changes):
NEW FEATURES
+ AMBARI-1692. Make changes to agent scripts to support secure HBase and Zk. (swagle)
+
AMBARI-1707. Upgrade should check if another upgrade request is active as well as
if any MASTER components have not stopped. (Sumit Mohanty via swagle)
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/init.pp Tue Mar 26 01:32:24 2013
@@ -77,7 +77,19 @@ class hdp-hbase(
hdp-hbase::configfile { ['hbase-env.sh','log4j.properties','hadoop-metrics.properties']:
type => $type
}
+
hdp-hbase::configfile { 'regionservers':}
+
+ if ($security_enabled == true) {
+ if ($type == 'master') {
+ hdp-hbase::configfile { 'hbase_master_jaas.conf' : }
+ } elsif ($type == 'regionserver') {
+ hdp-hbase::configfile { 'hbase_region_server_jaas.conf' : }
+ } else {
+ hdp-hbase::configfile { 'hbase_client_jaas.conf' : }
+ }
+ }
+
Anchor['hdp-hbase::begin'] -> Hdp::Package['hbase'] -> Hdp::User[$hbase_user] -> Hdp::Directory[$config_dir] ->
Hdp-hbase::Configfile<||> -> Anchor['hdp-hbase::end']
}
@@ -88,7 +100,8 @@ define hdp-hbase::configfile(
$mode = undef,
$hbase_master_hosts = undef,
$template_tag = undef,
- $type = undef
+ $type = undef,
+ $conf_dir = $hdp-hbase::params::conf_dir
)
{
if ($name == 'hadoop-metrics.properties') {
@@ -101,7 +114,7 @@ define hdp-hbase::configfile(
$tag = $template_tag
}
- hdp::configfile { "${hdp-hbase::params::conf_dir}/${name}":
+ hdp::configfile { "${conf_dir}/${name}":
component => 'hbase',
owner => $hdp-hbase::params::hbase_user,
mode => $mode,
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/params.pp Tue Mar 26 01:32:24 2013
@@ -83,4 +83,12 @@ class hdp-hbase::params() inherits hdp::
$regionserver_memstore_upperlimit = hdp_default("hadoop/hbase-site/regionserver_memstore_upperlimit","0.4")
+ $hbase_client_jaas_config_file = hdp_default("hadoop/hbase-site/hbase_client_jaas_config_file", ${conf_dir}/hbase_client_jaas.conf)
+ $hbase_master_jaas_config_file = hdp_default("hadoop/hbase-site/hbase_master_jaas_config_file", ${conf_dir}/hbase_master_jaas.conf)
+ $hbase_regionserver_jaas_config_file = hdp_default("hadoop/hbase-site/hbase_regionserver_jaas_config_file", ${conf_dir}/hbase_regionserver_jaas.conf)
+
+ $hbase_master_keytab_path = hdp_default("hadoop/hbase-site/hbase.master.keytab.file", "${keytab_path}/hbase.service.keytab")
+ $hbase_master_principal = hdp_default("hadoop/hbase-site/hbase.master.kerberos.principal", "hbase/_HOST@${kerberos_domain}")
+ $hbase_regionserver_keytab_path = hdp_default("hadoop/hbase-site/hbase.regionserver.keytab.file", "${keytab_path}/hbase.service.keytab")
+ $hbase_regionserver_principal = hdp_default("hadoop/hbase-site/hbase.regionserver.kerberos.principal", "hbase/_HOST@${kerberos_domain}")
}
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase-env.sh.erb Tue Mar 26 01:32:24 2013
@@ -74,3 +74,10 @@ export HBASE_PID_DIR=<%=scope.function_h
# Tell HBase whether it should manage it's own instance of Zookeeper or not.
export HBASE_MANAGES_ZK=false
+
+
+<% if scope.function_hdp_template_var("security_enabled") == true %>
+export HBASE_OPTS ="$HBASE_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_client_jaas_config_file")%>"
+export HBASE_MASTER_OPTS ="$HBASE_MASTER_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_jaas_config_file")%>"
+HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_jaas_config_file")%>"
+<% end %>
Added: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_client_jaas.conf.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_client_jaas.conf.erb?rev=1460945&view=auto
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_client_jaas.conf.erb (added)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_client_jaas.conf.erb Tue Mar 26 01:32:24 2013
@@ -0,0 +1,5 @@
+Client {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=false
+useTicketCache=true;
+};
Added: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb?rev=1460945&view=auto
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb (added)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_master_jaas.conf.erb Tue Mar 26 01:32:24 2013
@@ -0,0 +1,8 @@
+Client {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_keytab_path")%>"
+principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_master_principal")%>";
+};
Added: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_region_server_jaas.conf.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_region_server_jaas.conf.erb?rev=1460945&view=auto
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_region_server_jaas.conf.erb (added)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/templates/hbase_region_server_jaas.conf.erb Tue Mar 26 01:32:24 2013
@@ -0,0 +1,8 @@
+Client {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_keytab_path")%>"
+principal="<%=scope.function_hdp_template_var("::hdp-hbase::params::hbase_regionserver_principal")%>";
+};
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/init.pp Tue Mar 26 01:32:24 2013
@@ -85,6 +85,14 @@ class hdp-zookeeper(
}
}
+ if ($security_enabled == true) {
+ if ($type == 'server') {
+ hdp-zookeeper::configfile { 'zookeeper_jaas.conf' : }
+ } else {
+ hdp-zookeeper::configfile { 'zookeeper_client_jaas.conf' : }
+ }
+ }
+
Anchor['hdp-zookeeper::begin'] -> Hdp::Package['zookeeper'] -> Hdp::User[$zk_user] ->
Hdp::Directory_recursive_create[$zk_config_dir] -> Hdp-zookeeper::Configfile<||> -> Anchor['hdp-zookeeper::end']
if ($type == 'server') {
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/params.pp?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/params.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/manifests/params.pp Tue Mar 26 01:32:24 2013
@@ -35,4 +35,9 @@ class hdp-zookeeper::params() inherits h
$syncLimit = hdp_default("syncLimit","5")
$clientPort = hdp_default("clientPort","2181")
+ $zk_keytab_path = hdp_default("hadoop/zk-site/zk.service.keytab","${keytab_path}/zk.keytab.file")
+ $zk_principal = hdp_default("hadoop/zk-site/zk.kerberos.prinicipal", "zk/_HOST@${kerberos_domain}")
+
+ $zk_server_jaas_file = hdp_default("hadoop/zk-site/zk_server_jaas_conf_file", "${conf_dir}/zookeeper_jaas.conf")
+ $zk_client_jaas_file = hdp_default("hadoop/zk-site/zk_client_jaas_conf_file", "${conf_dir}/zookeeper_client_jaas.conf")
}
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zoo.cfg.erb Tue Mar 26 01:32:24 2013
@@ -35,3 +35,10 @@ clientPort=<%=scope.function_hdp_templat
<%(scope.function_hdp_host("zookeeper_hosts")||[]).each_with_index do |host,i|-%>
server.<%=(i+1).to_s%>=<%=host%>:2888:3888
<% end -%>
+
+<% if scope.function_hdp_template_var("security_enabled") == true %>
+authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
+jaasLoginRenew=3600000
+kerberos.removeHostFromPrincipal=true
+kerberos.removeRealmFromPrincipal=true
+<% end %>
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb?rev=1460945&r1=1460944&r2=1460945&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper-env.sh.erb Tue Mar 26 01:32:24 2013
@@ -17,4 +17,9 @@ export ZOO_LOG_DIR=<%=scope.function_hdp
export ZOOPIDFILE=<%=scope.function_hdp_template_var("zk_pid_file")%>
export SERVER_JVMFLAGS=
export JAVA=$JAVA_HOME/bin/java
-export CLASSPATH=$CLASSPATH:/usr/share/zookeeper/*
\ No newline at end of file
+export CLASSPATH=$CLASSPATH:/usr/share/zookeeper/*
+
+<% if scope.function_hdp_template_var("security_enabled") == true %>
+export SERVER_JVMFLAGS ="$SERVER_JVMFLAGS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_server_jaas_file")%>"
+export CLIENT_JVMFLAGS ="$CLIENT_JVMFLAGS -Djava.security.auth.login.config=<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_client_jaas_file")%>"
+<% end %>
\ No newline at end of file
Added: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_client_jaas.conf.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_client_jaas.conf.erb?rev=1460945&view=auto
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_client_jaas.conf.erb (added)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_client_jaas.conf.erb Tue Mar 26 01:32:24 2013
@@ -0,0 +1,5 @@
+Client {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=false
+useTicketCache=true;
+};
Added: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_jaas.conf.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_jaas.conf.erb?rev=1460945&view=auto
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_jaas.conf.erb (added)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-zookeeper/templates/zookeeper_jaas.conf.erb Tue Mar 26 01:32:24 2013
@@ -0,0 +1,8 @@
+Server {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_keytab_path")%>"
+principal="<%=scope.function_hdp_template_var("::hdp-zookeeper::params::zk_principal")%>";
+};