You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ol...@apache.org on 2018/05/15 13:00:53 UTC
[ambari] branch trunk updated: AMBARI-23844. Infra Solr: support
for manage security.json manually. (#1269)
This is an automated email from the ASF dual-hosted git repository.
oleewere pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 368831b AMBARI-23844. Infra Solr: support for manage security.json manually. (#1269)
368831b is described below
commit 368831b609c2a2f3389ae1d27ef807a3175413a5
Author: Olivér Szabó <ol...@gmail.com>
AuthorDate: Tue May 15 15:00:50 2018 +0200
AMBARI-23844. Infra Solr: support for manage security.json manually. (#1269)
---
.../libraries/functions/solr_cloud_util.py | 7 +++++--
.../0.1.0/configuration/infra-solr-security-json.xml | 10 ++++++++++
.../0.1.0/package/scripts/params.py | 3 +++
.../0.1.0/package/scripts/setup_infra_solr.py | 20 ++++++++++----------
4 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py b/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
index 53f8496..cab6fcc 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
@@ -314,12 +314,15 @@ def add_solr_roles(config, roles = [], new_service_principals = [], tries = 30,
solr_port = default_config(config, 'configurations/infra-solr-env/infra_solr_port', '8886')
kinit_path_local = get_kinit_path(default_config(config, '/configurations/kerberos-env/executable_search_paths', None))
infra_solr_custom_security_json_content = None
-
+ infra_solr_security_manually_managed = False
if 'infra-solr-security-json' in config['configurations']:
infra_solr_custom_security_json_content = config['configurations']['infra-solr-security-json']['content']
+ infra_solr_security_manually_managed = config['configurations']['infra-solr-security-json']['infra_solr_security_manually_managed']
Logger.info(format("Adding {roles} roles to {new_service_principals} if infra-solr is installed."))
- if infra_solr_custom_security_json_content and str(infra_solr_custom_security_json_content).strip():
+ if infra_solr_security_manually_managed:
+ Logger.info("security.json file is manually managed, skip adding roles...")
+ elif infra_solr_custom_security_json_content and str(infra_solr_custom_security_json_content).strip():
Logger.info("Custom security.json is not empty for infra-solr, skip adding roles...")
elif security_enabled \
and "infra-solr-env" in config['configurations'] \
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-security-json.xml b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-security-json.xml
index 8d869ba..73b74e1 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-security-json.xml
+++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/configuration/infra-solr-security-json.xml
@@ -125,6 +125,16 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
+ <name>infra_solr_security_manually_managed</name>
+ <value>false</value>
+ <display-name>Manually Managed</display-name>
+ <description>Manage /security.json manually (Service start wont override /security.json)</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
<name>content</name>
<display-name>Custom security.json template</display-name>
<description>
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py
index c1376c8..416d46f 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/params.py
@@ -125,6 +125,9 @@ if "infra-solr-env" in config['configurations']:
zk_quorum = format(default('configurations/infra-solr-env/infra_solr_zookeeper_quorum', zookeeper_quorum))
+if 'infra-solr-security-json' in config['configurations']:
+ infra_solr_security_manually_managed = default("/configurations/infra-solr-security-json/infra_solr_security_manually_managed", False)
+
default_ranger_audit_users = 'nn,hbase,hive,knox,kafka,kms,storm,yarn,nifi'
if security_enabled:
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py
index 5155950..5f9356c 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py
+++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA_SOLR/0.1.0/package/scripts/setup_infra_solr.py
@@ -131,16 +131,16 @@ def setup_solr_znode_env():
jaas_file=jaas_file,
java_opts=java_opts
)
-
- solr_cloud_util.setup_kerberos_plugin(
- zookeeper_quorum=params.zk_quorum,
- solr_znode=params.infra_solr_znode,
- jaas_file=jaas_file,
- java64_home=params.java64_home,
- secure=params.security_enabled,
- security_json_location=security_json_file_location,
- java_opts=java_opts
- )
+ if not params.infra_solr_security_manually_managed:
+ solr_cloud_util.setup_kerberos_plugin(
+ zookeeper_quorum=params.zk_quorum,
+ solr_znode=params.infra_solr_znode,
+ jaas_file=jaas_file,
+ java64_home=params.java64_home,
+ secure=params.security_enabled,
+ security_json_location=security_json_file_location,
+ java_opts=java_opts
+ )
if params.security_enabled:
solr_cloud_util.secure_solr_znode(
--
To stop receiving notification emails like this one, please contact
oleewere@apache.org.