You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ga...@apache.org on 2016/04/04 06:40:21 UTC

ambari git commit: AMBARI-15648. Ranger KMS server start fails due to missing JCE policies on non-kerberos cluster(Mugdha Varadkar via gborad)

Repository: ambari
Updated Branches:
  refs/heads/trunk 836647a36 -> 62f1982b7


AMBARI-15648. Ranger KMS server start fails due to missing JCE policies on non-kerberos cluster(Mugdha Varadkar via gborad)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/62f1982b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/62f1982b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/62f1982b

Branch: refs/heads/trunk
Commit: 62f1982b79c8b848c1c7ce1b9ae3e0730a3a4496
Parents: 836647a
Author: Gautam Borad <ga...@apache.org>
Authored: Thu Mar 31 18:37:00 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Mon Apr 4 10:09:09 2016 +0530

----------------------------------------------------------------------
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 30 ++++++++++++++++++++
 .../0.5.0.2.3/package/scripts/kms_server.py     |  3 +-
 .../0.5.0.2.3/package/scripts/params.py         |  3 ++
 3 files changed, 35 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/62f1982b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 7b8a646..dd91acf 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -411,6 +411,36 @@ def enable_kms_plugin():
       group = params.kms_group,
       mode = 0640
       )
+
+def setup_kms_jce():
+  import params
+
+  if params.jce_name is not None:
+    Directory(params.jce_source_dir,
+      create_parents = True
+    )
+
+    jce_target = format('{jce_source_dir}/{jce_name}')
+
+    File(jce_target,
+      content = DownloadSource(format('{jdk_location}/{jce_name}')),
+      mode = 0644,
+    )
+
+    File([format("{java_home}/jre/lib/security/local_policy.jar"), format("{java_home}/jre/lib/security/US_export_policy.jar")],
+      action = "delete",
+    )
+
+    unzip_cmd = ("unzip", "-o", "-j", "-q", jce_target, "-d", format("{java_home}/jre/lib/security"))
+
+    Execute(unzip_cmd,
+      only_if = format("test -e {java_home}/jre/lib/security && test -f {jce_target}"),
+      path = ['/bin/','/usr/bin'],
+      sudo = True
+    )
+  else:
+    Logger.warning("Required jce policy zip is not available, need to setup manually")
+
   
 def check_ranger_service():
   import params

http://git-wip-us.apache.org/repos/asf/ambari/blob/62f1982b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py
index 478cf61..d8822c1 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py
@@ -24,7 +24,7 @@ from resource_management.core.exceptions import ComponentIsNotRunning
 from resource_management.libraries.functions.format import format
 from resource_management.core.logger import Logger
 from resource_management.core import shell
-from kms import kms, setup_kms_db, setup_java_patch, enable_kms_plugin
+from kms import kms, setup_kms_db, setup_java_patch, enable_kms_plugin, setup_kms_jce
 from kms_service import kms_service
 import upgrade
 
@@ -55,6 +55,7 @@ class KmsServer(Script):
     env.set_params(params)
     self.configure(env)
     enable_kms_plugin()
+    setup_kms_jce()
     kms_service(action = 'start')
 
   def status(self, env):    

http://git-wip-us.apache.org/repos/asf/ambari/blob/62f1982b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index f935a5a..fc722da 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -200,3 +200,6 @@ check_db_connection_jar_name = "DBConnectionVerification.jar"
 check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
 ranger_kms_jdbc_connection_url = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.url']
 ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.driver']
+
+jce_name = default("/hostLevelParams/jce_name", None)
+jce_source_dir = format('{tmp_dir}/jce_dir')