You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by fb...@apache.org on 2015/01/24 10:39:00 UTC
[1/5] ambari git commit: AMBARI-8317 AMBARI-8317 Refactor the
OS-dependent Ambari Server Windows components - Part 2
Repository: ambari
Updated Branches:
refs/heads/trunk 85f61a73e -> 244f1879e
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index d11e4fe..a847bd1 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -70,15 +70,24 @@ with patch("platform.linux_distribution", return_value = os_distro_value):
RESOURCES_DIR_PROPERTY, JDBC_RCA_PASSWORD_ALIAS, JDBC_RCA_SCHEMA_PROPERTY, IS_LDAP_CONFIGURED, \
LDAP_MGR_PASSWORD_PROPERTY, LDAP_MGR_PASSWORD_ALIAS, JDBC_PASSWORD_FILENAME, NR_USER_PROPERTY, SECURITY_KEY_IS_PERSISTED, \
SSL_TRUSTSTORE_PASSWORD_PROPERTY, SECURITY_IS_ENCRYPTION_ENABLED, SSL_TRUSTSTORE_PASSWORD_ALIAS, \
- SECURITY_MASTER_KEY_LOCATION, SECURITY_KEYS_DIR
+ SECURITY_MASTER_KEY_LOCATION, SECURITY_KEYS_DIR, LDAP_PRIMARY_URL_PROPERTY, store_password_file, \
+ get_pass_file_path, GET_FQDN_SERVICE_URL, JDBC_USE_INTEGRATED_AUTH_PROPERTY, SECURITY_KEY_ENV_VAR_NAME
+ from ambari_server.serverUtils import is_server_runing, refresh_stack_hash
from ambari_server.serverSetup import check_selinux, check_ambari_user, proceedJDBCProperties, SE_STATUS_DISABLED, SE_MODE_ENFORCING, configure_os_settings, \
download_and_install_jdk, prompt_db_properties, setup, \
- AmbariUserChecks, AmbariUserChecksLinux, AmbariUserChecksWindows, JDKSetup, reset, is_server_runing
+ AmbariUserChecks, AmbariUserChecksLinux, AmbariUserChecksWindows, JDKSetup, reset
from ambari_server.serverUpgrade import upgrade, upgrade_local_repo, change_objects_owner, upgrade_stack, \
run_stack_upgrade, run_metainfo_upgrade, run_schema_upgrade, move_user_custom_actions
- from ambari_server.setupSecurity import get_pass_file_path, store_password_file, read_password, \
- adjust_directory_permissions, get_alias_string
- from ambari_server.userInput import get_YN_input, get_choice_string_input, get_validated_string_input
+ from ambari_server.setupHttps import is_valid_https_port, setup_https, import_cert_and_key_action, get_fqdn, \
+ generate_random_string, get_cert_info, COMMON_NAME_ATTR, is_valid_cert_exp, NOT_AFTER_ATTR, NOT_BEFORE_ATTR, \
+ SSL_DATE_FORMAT, import_cert_and_key, is_valid_cert_host, setup_component_https, \
+ SRVR_ONE_WAY_SSL_PORT_PROPERTY, SRVR_TWO_WAY_SSL_PORT_PROPERTY, GANGLIA_HTTPS
+ from ambari_server.setupSecurity import adjust_directory_permissions, get_alias_string, get_ldap_event_spec_names, sync_ldap, LdapSyncOptions, \
+ configure_ldap_password, setup_ldap, REGEX_HOSTNAME_PORT, REGEX_TRUE_FALSE, REGEX_ANYTHING, setup_master_key, \
+ setup_ambari_krb5_jaas
+ from ambari_server.userInput import get_YN_input, get_choice_string_input, get_validated_string_input, \
+ read_password
+ from ambari_server_main import get_ulimit_open_files, ULIMIT_OPEN_FILES_KEY, ULIMIT_OPEN_FILES_DEFAULT
CURR_AMBARI_VERSION = "2.0.0"
@@ -247,7 +256,7 @@ class TestAmbariServer(TestCase):
self.assertEquals("/etc/ambari/password.dat", result)
pass
-
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup_security")
@patch("optparse.OptionParser")
def test_main_test_setup_security(self, OptionParserMock,
@@ -268,40 +277,41 @@ class TestAmbariServer(TestCase):
self.assertFalse(False, get_silent())
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup_ambari_krb5_jaas")
@patch.object(_ambari_server_, "setup_master_key")
- @patch.object(_ambari_server_, "setup_component_https")
+ @patch("ambari_server.setupHttps.setup_component_https")
@patch.object(_ambari_server_, "setup_https")
@patch.object(_ambari_server_, "get_validated_string_input")
- def test_setup_security(self, get_validated_string_input_mock, setup_https,
- setup_component_https, setup_master_key,
- setup_ambari_krb5_jaas):
+ def test_setup_security(self, get_validated_string_input_mock, setup_https_mock,
+ setup_component_https_mock, setup_master_key_mock,
+ setup_ambari_krb5_jaas_mock):
args = {}
get_validated_string_input_mock.return_value = '1'
_ambari_server_.setup_security(args)
- self.assertTrue(setup_https.called)
+ self.assertTrue(setup_https_mock.called)
get_validated_string_input_mock.return_value = '2'
_ambari_server_.setup_security(args)
- self.assertTrue(setup_component_https.called)
- setup_component_https.assert_called_with("Ganglia", "setup-ganglia-https",
- _ambari_server_.GANGLIA_HTTPS, "ganglia_cert")
+ self.assertTrue(setup_component_https_mock.called)
+ setup_component_https_mock.assert_called_with("Ganglia", "setup-ganglia-https",
+ GANGLIA_HTTPS, "ganglia_cert")
get_validated_string_input_mock.return_value = '3'
_ambari_server_.setup_security(args)
- self.assertTrue(setup_master_key.called)
+ self.assertTrue(setup_master_key_mock.called)
get_validated_string_input_mock.return_value = '4'
_ambari_server_.setup_security(args)
- self.assertTrue(setup_ambari_krb5_jaas.called)
+ self.assertTrue(setup_ambari_krb5_jaas_mock.called)
pass
@patch("re.sub")
@patch("fileinput.FileInput")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "search_file")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.search_file")
@patch("os.path.exists")
def test_setup_ambari_krb5_jaas(self, exists_mock, search_mock,
get_validated_string_input_mock,
@@ -312,7 +322,7 @@ class TestAmbariServer(TestCase):
# Negative case
try:
- _ambari_server_.setup_ambari_krb5_jaas()
+ setup_ambari_krb5_jaas()
self.fail("Should throw exception")
except NonFatalException as fe:
# Expected
@@ -327,7 +337,7 @@ class TestAmbariServer(TestCase):
fileinput_mock.return_value = [ 'keyTab=xyz', 'principal=xyz' ]
- _ambari_server_.setup_ambari_krb5_jaas()
+ setup_ambari_krb5_jaas()
self.assertTrue(fileinput_mock.called)
self.assertTrue(re_sub_mock.called)
@@ -335,6 +345,7 @@ class TestAmbariServer(TestCase):
('pathtokeytab')])
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -360,7 +371,7 @@ class TestAmbariServer(TestCase):
self.assertFalse(False, get_silent())
pass
-
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -386,7 +397,7 @@ class TestAmbariServer(TestCase):
self.assertFalse(False, get_silent())
pass
-
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -412,7 +423,7 @@ class TestAmbariServer(TestCase):
self.assertTrue(get_debug_mode())
pass
-
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -437,6 +448,7 @@ class TestAmbariServer(TestCase):
self.assertTrue(get_debug_mode())
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -466,6 +478,7 @@ class TestAmbariServer(TestCase):
self.assertFalse(False, get_silent())
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -495,18 +508,23 @@ class TestAmbariServer(TestCase):
self.assertFalse(False, get_silent())
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
- @patch.object(_ambari_server_, "stop")
+ @patch.object(_ambari_server_, "is_server_runing")
@patch.object(_ambari_server_, "reset")
@patch("optparse.OptionParser")
- def test_main_test_stop(self, optionParserMock, reset_method, stop_method,
+ def test_main_test_stop(self, optionParserMock, reset_method, is_server_runing_method,
start_method, setup_method):
opm = optionParserMock.return_value
options = MagicMock()
+ del options.exit_message
+
args = ["stop"]
opm.parse_args.return_value = (options, args)
+ is_server_runing_method.return_value = (False, None)
+
options.dbms = None
options.sid_or_sname = "sid"
@@ -514,14 +532,16 @@ class TestAmbariServer(TestCase):
self.assertFalse(setup_method.called)
self.assertFalse(start_method.called)
- self.assertTrue(stop_method.called)
+ self.assertTrue(is_server_runing_method.called)
self.assertFalse(reset_method.called)
self.assertFalse(False, get_verbose())
self.assertFalse(False, get_silent())
- pass
+ self.assertIsNone(options.exit_message)
+ pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
@patch.object(_ambari_server_, "start")
@patch.object(_ambari_server_, "stop")
@@ -823,7 +843,7 @@ class TestAmbariServer(TestCase):
self.assertEqual(0, rcode)
self.assertTrue(run_os_command_mock.called)
self.assertTrue(getYNInput_mock.called)
-
+ pass
@not_for_platform(PLATFORM_WINDOWS)
@patch("ambari_server.serverConfiguration.print_info_msg")
@@ -838,6 +858,7 @@ class TestAmbariServer(TestCase):
result = get_ambari_jars()
self.assertEqual("/usr/lib/ambari-server", result)
self.assertTrue(printInfoMsg_mock.called)
+ pass
@only_for_platform(PLATFORM_WINDOWS)
@patch("ambari_server.serverConfiguration.print_info_msg")
@@ -852,7 +873,7 @@ class TestAmbariServer(TestCase):
result = get_ambari_jars()
self.assertEqual("libs", result)
self.assertTrue(printInfoMsg_mock.called)
-
+ pass
@patch("glob.glob")
@patch("ambari_server.serverConfiguration.print_info_msg")
@@ -865,7 +886,7 @@ class TestAmbariServer(TestCase):
expected = ""
result = get_share_jars()
self.assertEqual(expected, result)
-
+ pass
@patch("glob.glob")
@patch("ambari_server.serverConfiguration.print_info_msg")
@@ -879,7 +900,7 @@ class TestAmbariServer(TestCase):
result = get_ambari_classpath()
self.assertTrue(get_ambari_jars() in result)
self.assertFalse(":" in result)
-
+ pass
@patch("ambari_server.serverConfiguration.print_info_msg")
def test_get_conf_dir(self, printInfoMsg_mock):
@@ -891,7 +912,7 @@ class TestAmbariServer(TestCase):
del os.environ[AMBARI_CONF_VAR]
result = get_conf_dir()
self.assertEqual("/etc/ambari-server/conf", result)
-
+ pass
def test_search_file(self):
path = os.path.dirname(__file__)
@@ -901,7 +922,7 @@ class TestAmbariServer(TestCase):
result = search_file("non_existent_file", path)
self.assertEqual(None, result)
-
+ pass
@patch("ambari_server.serverConfiguration.search_file")
def test_find_properties_file(self, search_file_mock):
@@ -920,7 +941,7 @@ class TestAmbariServer(TestCase):
search_file_mock.return_value = value
result = find_properties_file()
self.assertTrue(result is value)
-
+ pass
@patch("ambari_server.serverConfiguration.find_properties_file")
@patch("__builtin__.open")
@@ -936,7 +957,7 @@ class TestAmbariServer(TestCase):
properties_mock.return_value.__getitem__.return_value = None
user = read_ambari_user()
self.assertEquals(user, None)
-
+ pass
@patch("os.path.exists")
@patch("ambari_server.setupSecurity.set_file_permissions")
@@ -972,7 +993,7 @@ class TestAmbariServer(TestCase):
self.assertEquals(set_file_permissions_mock.call_args_list[1][0][3], False)
finally:
configDefaults.NR_ADJUST_OWNERSHIP_LIST = old_list
-
+ pass
@not_for_platform(PLATFORM_WINDOWS)
@patch("os.path.exists")
@@ -1050,7 +1071,7 @@ class TestAmbariServer(TestCase):
run_os_command_mock.reset_mock()
print_warning_msg_mock.reset_mock()
-
+ pass
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch("ambari_server.serverSetup.get_validated_string_input")
@@ -1089,7 +1110,7 @@ class TestAmbariServer(TestCase):
result = userChecks._create_custom_user()
self.assertTrue(print_warning_msg_mock.called)
self.assertEquals(result, (1, None))
-
+ pass
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch("ambari_server.serverSetup.read_ambari_user")
@@ -1221,18 +1242,19 @@ class TestAmbariServer(TestCase):
self.assertTrue(write_property_mock.call_args[0][1] == "root")
self.assertTrue(adjust_directory_permissions_mock.called)
self.assertEqual(result, 0)
-
+ pass
@patch("ambari_server.serverConfiguration.search_file")
@patch("__builtin__.open")
- @patch("ambari_server.setupSecurity.read_ambari_user")
- @patch("ambari_server.setupSecurity.set_file_permissions")
+ @patch("ambari_server.serverConfiguration.read_ambari_user")
+ @patch("ambari_server.serverConfiguration.set_file_permissions")
def test_store_password_file(self, set_file_permissions_mock,
read_ambari_user_mock, open_mock, search_file_mock):
search_file_mock.return_value = "/etc/ambari-server/conf/ambari.properties"
open_mock.return_value = MagicMock()
store_password_file("password", "passfile")
self.assertTrue(set_file_permissions_mock.called)
+ pass
@patch("subprocess.Popen")
@patch.object(OSCheck, "get_os_family")
@@ -1295,19 +1317,20 @@ class TestAmbariServer(TestCase):
p.returncode = 3
self.assertFalse(firewall_obj.check_iptables())
self.assertEqual("err", firewall_obj.stderrdata)
+ pass
- @patch.object(_ambari_server_, "get_validated_filepath_input")
- @patch.object(_ambari_server_, "run_os_command")
- @patch.object(_ambari_server_, "get_truststore_type")
+ @patch("ambari_server.setupHttps.get_validated_filepath_input")
+ @patch("ambari_server.setupHttps.run_os_command")
+ @patch("ambari_server.setupHttps.get_truststore_type")
@patch("__builtin__.open")
- @patch.object(_ambari_server_, "find_properties_file")
- @patch.object(_ambari_server_, "run_component_https_cmd")
- @patch.object(_ambari_server_, "get_delete_cert_command")
- @patch.object(_ambari_server_, "get_truststore_password")
- @patch.object(_ambari_server_, "get_truststore_path")
- @patch.object(_ambari_server_, "get_YN_input")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "find_jdk")
+ @patch("ambari_server.setupHttps.find_properties_file")
+ @patch("ambari_server.setupHttps.run_component_https_cmd")
+ @patch("ambari_server.setupHttps.get_delete_cert_command")
+ @patch("ambari_server.setupHttps.get_truststore_password")
+ @patch("ambari_server.setupHttps.get_truststore_path")
+ @patch("ambari_server.setupHttps.get_YN_input")
+ @patch("ambari_server.setupHttps.get_ambari_properties")
+ @patch("ambari_server.setupHttps.find_jdk")
def test_setup_component_https(self, find_jdk_mock, get_ambari_properties_mock, get_YN_input_mock,
get_truststore_path_mock, get_truststore_password_mock,
get_delete_cert_command_mock, run_component_https_cmd_mock,
@@ -1322,7 +1345,7 @@ class TestAmbariServer(TestCase):
alias = "alias"
#Silent mode
set_silent(True)
- _ambari_server_.setup_component_https(component, command, property, alias)
+ setup_component_https(component, command, property, alias)
self.assertEqual('command is not enabled in silent mode.\n', out.getvalue())
sys.stdout = sys.__stdout__
#Verbouse mode and jdk_path is None
@@ -1332,7 +1355,7 @@ class TestAmbariServer(TestCase):
p.get_property.side_effect = ["true"]
# Dont disable ssl
get_YN_input_mock.side_effect = [False]
- _ambari_server_.setup_component_https(component, command, property, alias)
+ setup_component_https(component, command, property, alias)
self.assertTrue(p.get_property.called)
self.assertTrue(get_YN_input_mock.called)
p.get_property.reset_mock()
@@ -1341,7 +1364,7 @@ class TestAmbariServer(TestCase):
p.get_property.side_effect = ["false"]
# Dont enable ssl
get_YN_input_mock.side_effect = [False]
- _ambari_server_.setup_component_https(component, command, property, alias)
+ setup_component_https(component, command, property, alias)
self.assertTrue(p.get_property.called)
self.assertTrue(get_YN_input_mock.called)
p.get_property.reset_mock()
@@ -1349,7 +1372,7 @@ class TestAmbariServer(TestCase):
# Cant find jdk
find_jdk_mock.return_value = None
try:
- _ambari_server_.setup_component_https(component, command, property, alias)
+ setup_component_https(component, command, property, alias)
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -1363,7 +1386,7 @@ class TestAmbariServer(TestCase):
get_truststore_path_mock.return_value = "/truststore_path"
get_truststore_password_mock.return_value = "/truststore_password"
get_delete_cert_command_mock.return_value = "rm -f"
- _ambari_server_.setup_component_https(component, command, property, alias)
+ setup_component_https(component, command, property, alias)
self.assertTrue(p.process_pair.called)
self.assertTrue(get_truststore_path_mock.called)
@@ -1384,7 +1407,7 @@ class TestAmbariServer(TestCase):
#Verbouse mode and jdk_path is not None (use_https = false) and import cert
p.get_property.side_effect = ["false"]
get_YN_input_mock.side_effect = [True]
- _ambari_server_.setup_component_https(component, command, property, alias)
+ setup_component_https(component, command, property, alias)
self.assertTrue(p.process_pair.called)
self.assertTrue(get_truststore_type_mock.called)
@@ -1408,24 +1431,23 @@ class TestAmbariServer(TestCase):
p.store.reset_mock()
run_os_command_mock.reset_mock()
get_validated_filepath_input_mock.reset_mock()
+ pass
- @patch.object(_ambari_server_, "adjust_directory_permissions")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "find_properties_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_server_runing")
- @patch.object(_ambari_server_, "import_cert_and_key_action")
- @patch.object(_ambari_server_, "get_YN_input")
+ @patch("ambari_server.setupHttps.adjust_directory_permissions")
+ @patch("ambari_server.setupHttps.read_ambari_user")
+ @patch("ambari_server.setupHttps.get_validated_string_input")
+ @patch("ambari_server.setupHttps.find_properties_file")
+ @patch("ambari_server.setupHttps.get_ambari_properties")
+ @patch("ambari_server.setupHttps.import_cert_and_key_action")
+ @patch("ambari_server.setupHttps.get_YN_input")
@patch("__builtin__.open")
- @patch("ambari-server.Properties")
- @patch.object(_ambari_server_, "is_root")
- @patch.object(_ambari_server_, "is_valid_cert_host")
- @patch.object(_ambari_server_, "is_valid_cert_exp")
+ @patch("ambari_server.setupHttps.is_root")
+ @patch("ambari_server.setupHttps.is_valid_cert_host")
+ @patch("ambari_server.setupHttps.is_valid_cert_exp")
def test_setup_https(self, is_valid_cert_exp_mock, is_valid_cert_host_mock, \
- is_root_mock, Properties_mock, open_Mock, get_YN_input_mock, \
+ is_root_mock, open_Mock, get_YN_input_mock, \
import_cert_and_key_action_mock,
- is_server_runing_mock, get_ambari_properties_mock, \
+ get_ambari_properties_mock, \
find_properties_file_mock, \
get_validated_string_input_mock, read_ambari_user_method, \
adjust_directory_permissions_mock):
@@ -1439,7 +1461,7 @@ class TestAmbariServer(TestCase):
# Testing call under non-root
is_root_mock.return_value = False
try:
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -1459,7 +1481,7 @@ class TestAmbariServer(TestCase):
" call('client.api.ssl.port'),\n call('api.ssl')]"
process_pair_expected = "[call('client.api.ssl.port', '4444')]"
set_silent(False)
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.assertTrue(p.process_pair.called)
self.assertTrue(p.get_property.call_count == 4)
@@ -1480,7 +1502,7 @@ class TestAmbariServer(TestCase):
get_property_expected = "[call('security.server.keys_dir'),\n" + \
" call('client.api.ssl.port'),\n call('api.ssl')]"
process_pair_expected = "[call('api.ssl', 'false')]"
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.assertTrue(p.process_pair.called)
self.assertTrue(p.get_property.call_count == 3)
@@ -1502,7 +1524,7 @@ class TestAmbariServer(TestCase):
get_property_expected = "[call('security.server.keys_dir'),\n" + \
" call('client.api.ssl.port'),\n call('api.ssl')]"
process_pair_expected = "[call('client.api.ssl.port', '4444')]"
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.assertTrue(p.process_pair.called)
self.assertTrue(p.get_property.call_count == 3)
@@ -1524,7 +1546,7 @@ class TestAmbariServer(TestCase):
get_property_expected = "[call('security.server.keys_dir'),\n" + \
" call('client.api.ssl.port'),\n call('api.ssl')]"
process_pair_expected = "[]"
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.assertFalse(p.process_pair.called)
self.assertTrue(p.get_property.call_count == 3)
@@ -1546,7 +1568,7 @@ class TestAmbariServer(TestCase):
get_property_expected = "[call('security.server.keys_dir'),\n" + \
" call('client.api.ssl.port'),\n call('api.ssl')]"
process_pair_expected = "[call('client.api.ssl.port', '4444')]"
- self.assertFalse(_ambari_server_.setup_https(args))
+ self.assertFalse(setup_https(args))
self.assertTrue(p.process_pair.called)
self.assertTrue(p.get_property.call_count == 3)
self.assertEqual(str(p.get_property.call_args_list), get_property_expected)
@@ -1562,7 +1584,7 @@ class TestAmbariServer(TestCase):
#Case #6: if silent mode is enabled
set_silent(True)
try:
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.fail("Should throw exception")
except NonFatalException as fe:
self.assertTrue("setup-https is not enabled in silent mode" in fe.reason)
@@ -1577,14 +1599,13 @@ class TestAmbariServer(TestCase):
find_properties_file_mock.return_value = "propertyFile"
p.get_property.side_effect = KeyError("Failed to read property")
try:
- _ambari_server_.setup_https(args)
+ setup_https(args)
self.fail("Should throw exception")
except FatalException as fe:
self.assertTrue("Failed to read property" in fe.reason)
+ pass
-
-
- @patch.object(_ambari_server_, "import_cert_and_key")
+ @patch("ambari_server.setupHttps.import_cert_and_key")
def test_import_cert_and_key_action(self, import_cert_and_key_mock):
import_cert_and_key_mock.return_value = True
properties = MagicMock()
@@ -1593,24 +1614,25 @@ class TestAmbariServer(TestCase):
expect_process_pair = "[call('client.api.ssl.cert_name', 'https.crt'),\n" + \
" call('client.api.ssl.key_name', 'https.key'),\n" + \
" call('api.ssl', 'true')]"
- _ambari_server_.import_cert_and_key_action("key_dir", properties)
+ import_cert_and_key_action("key_dir", properties)
self.assertEqual(str(properties.process_pair.call_args_list), \
expect_process_pair)
+ pass
- @patch.object(_ambari_server_, "remove_file")
- @patch.object(_ambari_server_, "copy_file")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "set_file_permissions")
- @patch.object(_ambari_server_, "import_file_to_keystore")
+ @patch("ambari_server.setupHttps.remove_file")
+ @patch("ambari_server.setupHttps.copy_file")
+ @patch("ambari_server.setupHttps.read_ambari_user")
+ @patch("ambari_server.setupHttps.set_file_permissions")
+ @patch("ambari_server.setupHttps.import_file_to_keystore")
@patch("__builtin__.open")
- @patch.object(_ambari_server_, "run_os_command")
+ @patch("ambari_server.setupHttps.run_os_command")
@patch("os.path.join")
@patch("os.path.isfile")
@patch("__builtin__.raw_input")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "is_valid_cert_host")
- @patch.object(_ambari_server_, "is_valid_cert_exp")
+ @patch("ambari_server.setupHttps.get_validated_string_input")
+ @patch("ambari_server.setupHttps.is_valid_cert_host")
+ @patch("ambari_server.setupHttps.is_valid_cert_exp")
def test_import_cert_and_key(self, is_valid_cert_exp_mock, \
is_valid_cert_host_mock, \
get_validated_string_input_mock, \
@@ -1642,27 +1664,28 @@ class TestAmbariServer(TestCase):
" call('key_file_path'," + \
" 'keystore_cert_key_file_path')]"
- _ambari_server_.import_cert_and_key("key_dir")
+ import_cert_and_key("key_dir")
self.assertTrue(raw_input_mock.call_count == 2)
self.assertTrue(get_validated_string_input_mock.called)
self.assertEqual(os_path_join_mock.call_count, 8)
self.assertTrue(set_file_permissions_mock.call_count == 1)
self.assertEqual(str(import_file_to_keystore_mock.call_args_list), \
expect_import_file_to_keystore)
+ pass
- @patch.object(_ambari_server_, "remove_file")
- @patch.object(_ambari_server_, "copy_file")
- @patch.object(_ambari_server_, "generate_random_string")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "set_file_permissions")
- @patch.object(_ambari_server_, "import_file_to_keystore")
+ @patch("ambari_server.setupHttps.remove_file")
+ @patch("ambari_server.setupHttps.copy_file")
+ @patch("ambari_server.setupHttps.generate_random_string")
+ @patch("ambari_server.setupHttps.read_ambari_user")
+ @patch("ambari_server.setupHttps.set_file_permissions")
+ @patch("ambari_server.setupHttps.import_file_to_keystore")
@patch("__builtin__.open")
- @patch.object(_ambari_server_, "run_os_command")
+ @patch("ambari_server.setupHttps.run_os_command")
@patch("os.path.join")
- @patch.object(_ambari_server_, "get_validated_filepath_input")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "is_valid_cert_host")
- @patch.object(_ambari_server_, "is_valid_cert_exp")
+ @patch("ambari_server.setupHttps.get_validated_filepath_input")
+ @patch("ambari_server.setupHttps.get_validated_string_input")
+ @patch("ambari_server.setupHttps.is_valid_cert_host")
+ @patch("ambari_server.setupHttps.is_valid_cert_exp")
def test_import_cert_and_key_with_empty_password(self, \
is_valid_cert_exp_mock, is_valid_cert_host_mock,
get_validated_string_input_mock, get_validated_filepath_input_mock, \
@@ -1692,7 +1715,7 @@ class TestAmbariServer(TestCase):
" call('key_file_path.secured'," + \
" 'keystore_cert_key_file_path')]"
- _ambari_server_.import_cert_and_key("key_dir")
+ import_cert_and_key("key_dir")
self.assertEquals(get_validated_filepath_input_mock.call_count, 2)
self.assertTrue(get_validated_string_input_mock.called)
self.assertEquals(os_path_join_mock.call_count, 8)
@@ -1700,17 +1723,18 @@ class TestAmbariServer(TestCase):
self.assertEqual(str(import_file_to_keystore_mock.call_args_list), \
expect_import_file_to_keystore)
self.assertTrue(generate_random_string_mock.called)
+ pass
@patch("__builtin__.open")
- @patch.object(_ambari_server_, "copy_file")
- @patch.object(_ambari_server_, "is_root")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "set_file_permissions")
- @patch.object(_ambari_server_, "import_file_to_keystore")
- @patch.object(_ambari_server_, "run_os_command")
+ @patch("ambari_server.setupHttps.copy_file")
+ @patch("ambari_server.setupHttps.is_root")
+ @patch("ambari_server.setupHttps.read_ambari_user")
+ @patch("ambari_server.setupHttps.set_file_permissions")
+ @patch("ambari_server.setupHttps.import_file_to_keystore")
+ @patch("ambari_server.setupHttps.run_os_command")
@patch("os.path.join")
- @patch.object(_ambari_server_, "get_validated_filepath_input")
- @patch.object(_ambari_server_, "get_validated_string_input")
+ @patch("ambari_server.setupHttps.get_validated_filepath_input")
+ @patch("ambari_server.setupHttps.get_validated_string_input")
def test_import_cert_and_key_with_incorrect_password(self,
get_validated_string_input_mock, \
get_validated_filepath_input_mock, \
@@ -1733,110 +1757,111 @@ class TestAmbariServer(TestCase):
#provided password doesn't match, openssl command returns an error
run_os_command_mock.return_value = (1, "", "Some error message")
- self.assertFalse(_ambari_server_.import_cert_and_key_action(*["key_dir", None]))
- self.assertFalse(_ambari_server_.import_cert_and_key("key_dir"))
+ self.assertFalse(import_cert_and_key_action(*["key_dir", None]))
+ self.assertFalse(import_cert_and_key("key_dir"))
+ pass
def test_is_valid_cert_exp(self):
-
#No data in certInfo
certInfo = {}
- is_valid = _ambari_server_.is_valid_cert_exp(certInfo)
+ is_valid = is_valid_cert_exp(certInfo)
self.assertFalse(is_valid)
#Issued in future
- issuedOn = (datetime.datetime.now() + datetime.timedelta(hours=1000)).strftime(_ambari_server_.SSL_DATE_FORMAT)
- expiresOn = (datetime.datetime.now() + datetime.timedelta(hours=2000)).strftime(_ambari_server_.SSL_DATE_FORMAT)
- certInfo = {_ambari_server_.NOT_BEFORE_ATTR: issuedOn,
- _ambari_server_.NOT_AFTER_ATTR: expiresOn}
- is_valid = _ambari_server_.is_valid_cert_exp(certInfo)
+ issuedOn = (datetime.datetime.now() + datetime.timedelta(hours=1000)).strftime(SSL_DATE_FORMAT)
+ expiresOn = (datetime.datetime.now() + datetime.timedelta(hours=2000)).strftime(SSL_DATE_FORMAT)
+ certInfo = {NOT_BEFORE_ATTR: issuedOn,
+ NOT_AFTER_ATTR: expiresOn}
+ is_valid = is_valid_cert_exp(certInfo)
self.assertFalse(is_valid)
#Was expired
- issuedOn = (datetime.datetime.now() - datetime.timedelta(hours=2000)).strftime(_ambari_server_.SSL_DATE_FORMAT)
- expiresOn = (datetime.datetime.now() - datetime.timedelta(hours=1000)).strftime(_ambari_server_.SSL_DATE_FORMAT)
- certInfo = {_ambari_server_.NOT_BEFORE_ATTR: issuedOn,
- _ambari_server_.NOT_AFTER_ATTR: expiresOn}
- is_valid = _ambari_server_.is_valid_cert_exp(certInfo)
+ issuedOn = (datetime.datetime.now() - datetime.timedelta(hours=2000)).strftime(SSL_DATE_FORMAT)
+ expiresOn = (datetime.datetime.now() - datetime.timedelta(hours=1000)).strftime(SSL_DATE_FORMAT)
+ certInfo = {NOT_BEFORE_ATTR: issuedOn,
+ NOT_AFTER_ATTR: expiresOn}
+ is_valid = is_valid_cert_exp(certInfo)
self.assertFalse(is_valid)
#Valid
- issuedOn = (datetime.datetime.now() - datetime.timedelta(hours=2000)).strftime(_ambari_server_.SSL_DATE_FORMAT)
- expiresOn = (datetime.datetime.now() + datetime.timedelta(hours=1000)).strftime(_ambari_server_.SSL_DATE_FORMAT)
- certInfo = {_ambari_server_.NOT_BEFORE_ATTR: issuedOn,
- _ambari_server_.NOT_AFTER_ATTR: expiresOn}
- is_valid = _ambari_server_.is_valid_cert_exp(certInfo)
+ issuedOn = (datetime.datetime.now() - datetime.timedelta(hours=2000)).strftime(SSL_DATE_FORMAT)
+ expiresOn = (datetime.datetime.now() + datetime.timedelta(hours=1000)).strftime(SSL_DATE_FORMAT)
+ certInfo = {NOT_BEFORE_ATTR: issuedOn,
+ NOT_AFTER_ATTR: expiresOn}
+ is_valid = is_valid_cert_exp(certInfo)
self.assertTrue(is_valid)
+ pass
- @patch.object(_ambari_server_, "get_fqdn")
+ @patch("ambari_server.setupHttps.get_fqdn")
def test_is_valid_cert_host(self, get_fqdn_mock):
#No data in certInfo
certInfo = {}
- is_valid = _ambari_server_.is_valid_cert_host(certInfo)
+ is_valid = is_valid_cert_host(certInfo)
self.assertFalse(is_valid)
#Failed to get FQDN
get_fqdn_mock.return_value = None
- is_valid = _ambari_server_.is_valid_cert_host(certInfo)
+ is_valid = is_valid_cert_host(certInfo)
self.assertFalse(is_valid)
#FQDN and Common name in certificated don't correspond
get_fqdn_mock.return_value = 'host1'
- certInfo = {_ambari_server_.COMMON_NAME_ATTR: 'host2'}
- is_valid = _ambari_server_.is_valid_cert_host(certInfo)
+ certInfo = {COMMON_NAME_ATTR: 'host2'}
+ is_valid = is_valid_cert_host(certInfo)
self.assertFalse(is_valid)
#FQDN and Common name in certificated correspond
get_fqdn_mock.return_value = 'host1'
- certInfo = {_ambari_server_.COMMON_NAME_ATTR: 'host1'}
- is_valid = _ambari_server_.is_valid_cert_host(certInfo)
+ certInfo = {COMMON_NAME_ATTR: 'host1'}
+ is_valid = is_valid_cert_host(certInfo)
self.assertTrue(is_valid)
+ pass
-
- @patch.object(_ambari_server_, "get_ambari_properties")
+ @patch("ambari_server.setupHttps.get_ambari_properties")
def test_is_valid_https_port(self, get_ambari_properties_mock):
#No ambari.properties
get_ambari_properties_mock.return_value = -1
- is_valid = _ambari_server_.is_valid_https_port(1111)
+ is_valid = is_valid_https_port(1111)
self.assertEqual(is_valid, False)
#User entered port used by one way auth
portOneWay = "1111"
portTwoWay = "2222"
validPort = "3333"
- get_ambari_properties_mock.return_value = {_ambari_server_.SRVR_ONE_WAY_SSL_PORT_PROPERTY: portOneWay,
- _ambari_server_.SRVR_TWO_WAY_SSL_PORT_PROPERTY: portTwoWay}
- is_valid = _ambari_server_.is_valid_https_port(portOneWay)
+ get_ambari_properties_mock.return_value = {SRVR_ONE_WAY_SSL_PORT_PROPERTY: portOneWay,
+ SRVR_TWO_WAY_SSL_PORT_PROPERTY: portTwoWay}
+ is_valid = is_valid_https_port(portOneWay)
self.assertEqual(is_valid, False)
#User entered port used by two way auth
- is_valid = _ambari_server_.is_valid_https_port(portTwoWay)
+ is_valid = is_valid_https_port(portTwoWay)
self.assertEqual(is_valid, False)
#User entered valid port
- get_ambari_properties_mock.return_value = {_ambari_server_.SRVR_ONE_WAY_SSL_PORT_PROPERTY: portOneWay,
- _ambari_server_.SRVR_TWO_WAY_SSL_PORT_PROPERTY: portTwoWay}
- is_valid = _ambari_server_.is_valid_https_port(validPort)
+ get_ambari_properties_mock.return_value = {SRVR_ONE_WAY_SSL_PORT_PROPERTY: portOneWay,
+ SRVR_TWO_WAY_SSL_PORT_PROPERTY: portTwoWay}
+ is_valid = is_valid_https_port(validPort)
self.assertEqual(is_valid, True)
+ pass
@patch("socket.getfqdn")
@patch("urllib2.urlopen")
- @patch.object(_ambari_server_, "get_ambari_properties")
+ @patch("ambari_server.setupHttps.get_ambari_properties")
def test_get_fqdn(self, get_ambari_properties_mock, url_open_mock, getfqdn_mock):
-
#No ambari.properties
get_ambari_properties_mock.return_value = -1
- fqdn = _ambari_server_.get_fqdn()
+ fqdn = get_fqdn()
self.assertEqual(fqdn, None)
#Check mbari_server.GET_FQDN_SERVICE_URL property name (AMBARI-2612)
#property name should be server.fqdn.service.url
- self.assertEqual(_ambari_server_.GET_FQDN_SERVICE_URL, "server.fqdn.service.url")
+ self.assertEqual(GET_FQDN_SERVICE_URL, "server.fqdn.service.url")
#Read FQDN from service
p = MagicMock()
- p[_ambari_server_.GET_FQDN_SERVICE_URL] = 'someurl'
+ p[GET_FQDN_SERVICE_URL] = 'someurl'
get_ambari_properties_mock.return_value = p
u = MagicMock()
@@ -1844,57 +1869,49 @@ class TestAmbariServer(TestCase):
u.read.return_value = host
url_open_mock.return_value = u
- fqdn = _ambari_server_.get_fqdn()
+ fqdn = get_fqdn()
self.assertEqual(fqdn, host)
#Failed to read FQDN from service, getting from socket
u.reset_mock()
u.side_effect = Exception("Failed to read FQDN from service")
getfqdn_mock.return_value = host
- fqdn = _ambari_server_.get_fqdn()
+ fqdn = get_fqdn()
self.assertEqual(fqdn, host)
+ pass
-
- @patch("ambari_server.serverConfiguration.find_properties_file")
- def test_get_ulimit_open_files(self, find_properties_file_mock):
-
+ def test_get_ulimit_open_files(self):
# 1 - No ambari.properties
- find_properties_file_mock.return_value = None
- open_files = _ambari_server_.get_fqdn()
- self.assertEqual(open_files, None)
+ p = Properties()
+
+ open_files = get_ulimit_open_files(p)
+ self.assertEqual(open_files, ULIMIT_OPEN_FILES_DEFAULT)
# 2 - With ambari.properties - ok
- tf1 = tempfile.NamedTemporaryFile()
prop_value = 65000
- with open(tf1.name, 'w') as fout:
- fout.write(_ambari_server_.ULIMIT_OPEN_FILES_KEY + '=' + str(prop_value))
- fout.close()
- find_properties_file_mock.return_value = tf1.name
- open_files = _ambari_server_.get_ulimit_open_files()
+ p.process_pair(ULIMIT_OPEN_FILES_KEY, str(prop_value))
+ open_files = get_ulimit_open_files(p)
self.assertEqual(open_files, 65000)
# 2 - With ambari.properties - default
tf1 = tempfile.NamedTemporaryFile()
prop_value = 0
- with open(tf1.name, 'w') as fout:
- fout.write(_ambari_server_.ULIMIT_OPEN_FILES_KEY + '=' + str(prop_value))
- fout.close()
- find_properties_file_mock.return_value = tf1.name
- open_files = _ambari_server_.get_ulimit_open_files()
- self.assertEqual(open_files, _ambari_server_.ULIMIT_OPEN_FILES_DEFAULT)
-
+ p.process_pair(ULIMIT_OPEN_FILES_KEY, str(prop_value))
+ open_files = get_ulimit_open_files(p)
+ self.assertEqual(open_files, ULIMIT_OPEN_FILES_DEFAULT)
+ pass
- @patch.object(_ambari_server_, "run_os_command")
+ @patch("ambari_server.setupHttps.run_os_command")
def test_get_cert_info(self, run_os_command_mock):
# Error running openssl command
path = 'path/to/certificate'
run_os_command_mock.return_value = -1, None, None
- cert_info = _ambari_server_.get_cert_info(path)
+ cert_info = get_cert_info(path)
self.assertEqual(cert_info, None)
#Empty result of openssl command
run_os_command_mock.return_value = 0, None, None
- cert_info = _ambari_server_.get_cert_info(path)
+ cert_info = get_cert_info(path)
self.assertEqual(cert_info, None)
#Positive scenario
@@ -1922,14 +1939,14 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
"""
out = out_pattern.format(notAfter=notAfter, notBefore=notBefore, subject=subject)
run_os_command_mock.return_value = 0, out, None
- cert_info = _ambari_server_.get_cert_info(path)
+ cert_info = get_cert_info(path)
self.assertEqual(cert_info['notAfter'], notAfter)
self.assertEqual(cert_info['notBefore'], notBefore)
self.assertEqual(cert_info['subject'], subject)
self.assertEqual(cert_info[attr1_key], attr1_value)
self.assertEqual(cert_info[attr2_key], attr2_value)
self.assertEqual(cert_info[attr3_key], attr3_value)
-
+ pass
@patch("__builtin__.raw_input")
def test_get_validated_string_input(self, raw_input_mock):
@@ -1951,9 +1968,10 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
input = get_validated_string_input(prompt, default_value, None,
description, False, False, validator)
self.assertEqual(inputed_value2, input)
+ pass
-
- @patch("ambari_server.serverSetup.run_os_command")
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
+ @patch("ambari_server.serverUtils.run_os_command")
@patch("__builtin__.open")
@patch("os.path.exists")
def test_is_server_runing(self, os_path_exists_mock, open_mock, \
@@ -1968,9 +1986,10 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
os_path_exists_mock.return_value = False
status, pid = is_server_runing()
self.assertFalse(status)
+ pass
-
- @patch("ambari_server.serverSetup.run_os_command")
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
+ @patch("ambari_server.serverUtils.run_os_command")
@patch("__builtin__.open")
@patch("os.path.exists")
def test_is_server_runing_bad_file(self, os_path_exists_mock, open_mock, \
@@ -1983,7 +2002,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
open_mock.side_effect = IOError('[Errno 13] Permission denied: /var/run/ambari-server/ambari-server.pid')
self.assertRaises(FatalException, is_server_runing)
-
+ pass
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch("os.path.exists")
@@ -2001,7 +2020,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
except FatalException:
failed = True
self.assertTrue(failed)
-
+ pass
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch("os.stat")
@@ -2204,7 +2223,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
except FatalException as fe:
self.assertTrue("Path to java home somewhere or java binary file does not exists" in fe.reason)
pass
-
+ pass
@not_for_platform(PLATFORM_WINDOWS)
@patch("ambari_server.dbConfiguration_linux.run_os_command")
@@ -2217,7 +2236,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
run_os_command_mock.return_value = (1, "wrong", None)
pg_status, retcode, out, err = PGConfig._get_postgre_status()
self.assertEqual(None, pg_status)
-
+ pass
@not_for_platform(PLATFORM_WINDOWS)
@patch("time.sleep")
@@ -2246,7 +2265,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
get_postgre_status_mock.return_value = "stopped", 0, "", ""
pg_status, retcode, out, err = PGConfig._check_postgre_up()
self.assertEqual(4, retcode)
-
+ pass
@patch("platform.linux_distribution")
@patch("platform.system")
@@ -2275,6 +2294,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertEqual(2, write_property_mock.call_count)
self.assertEquals(write_property_mock.call_args_list[0][0][0], "server.os_family")
self.assertEquals(write_property_mock.call_args_list[1][0][0], "server.os_type")
+ pass
@patch("__builtin__.open")
@@ -2294,6 +2314,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
Properties_mock.return_value = p
result = get_JAVA_HOME()
self.assertEqual(expected, result)
+ pass
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
def test_prompt_db_properties_default(self):
@@ -2312,6 +2333,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
prompt_db_properties(args)
self.assertEqual(args.database_index, 0)
+ pass
@not_for_platform(PLATFORM_WINDOWS)
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@@ -3054,55 +3076,81 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
@not_for_platform(PLATFORM_WINDOWS)
@patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
- @patch.object(_ambari_server_, "looking_for_pid")
- @patch.object(_ambari_server_, "wait_for_pid")
- @patch.object(_ambari_server_, "save_main_pid_ex")
- @patch.object(_ambari_server_, "check_exitcode")
+ @patch("sys.stdout.flush")
+ @patch("sys.stdout.write")
+ @patch("ambari_server_main.looking_for_pid")
+ @patch("ambari_server_main.wait_for_pid")
+ @patch("ambari_server_main.save_main_pid_ex")
+ @patch("ambari_server_main.check_exitcode")
@patch("os.makedirs")
- @patch.object(_ambari_server_, "locate_file")
+ @patch("ambari_server_main.locate_file")
@patch.object(_ambari_server_, "is_server_runing")
@patch("os.chown")
- @patch.object(_ambari_server_, "get_master_key_location")
- @patch.object(_ambari_server_, "save_master_key")
- @patch.object(_ambari_server_, "get_is_persisted")
- @patch.object(_ambari_server_, "get_is_secure")
+ @patch("ambari_server.setupSecurity.get_master_key_location")
+ @patch("ambari_server_main.save_master_key")
+ @patch("ambari_server_main.get_is_persisted")
+ @patch("ambari_server_main.get_is_secure")
@patch('os.chmod', autospec=True)
+ @patch("ambari_server.serverConfiguration.write_property")
@patch("ambari_server.serverConfiguration.get_validated_string_input")
@patch("os.environ")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.serverUtils.get_ambari_properties")
@patch("ambari_server.serverSetup.get_ambari_properties")
@patch("ambari_server.serverConfiguration.get_ambari_properties")
- @patch.object(_ambari_server_, "get_ambari_properties")
+ @patch("ambari_server_main.get_ambari_properties")
@patch("os.path.exists")
@patch("__builtin__.open")
@patch("subprocess.Popen")
- @patch.object(_ambari_server_, "print_info_msg")
- @patch.object(_ambari_server_, "search_file")
- @patch.object(_ambari_server_, "find_jdk")
- @patch.object(_ambari_server_, "print_error_msg")
+ @patch("ambari_server.serverConfiguration.search_file")
+ @patch("ambari_server_main.check_database_name_property")
+ @patch("ambari_server_main.find_jdk")
+ @patch("ambari_server_main.print_warning_msg")
+ @patch("ambari_server_main.print_info_msg")
@patch.object(PGConfig, "_check_postgre_up")
- @patch.object(_ambari_server_, "parse_properties_file")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "is_root")
- @patch.object(_ambari_server_, "find_jdbc_driver")
+ @patch("ambari_server_main.read_ambari_user")
+ @patch("ambari_server.dbConfiguration_linux.is_root")
+ @patch("ambari_server_main.is_root")
+ @patch.object(LinuxDBMSConfig, "_find_jdbc_driver")
@patch("getpass.getuser")
@patch("os.chdir")
@patch.object(ResourceFilesKeeper, "perform_housekeeping")
- def test_start(self, perform_housekeeping_mock, chdir_mock, getuser_mock,
- find_jdbc_driver_mock, is_root_mock, read_ambari_user_mock,
- parse_properties_file_mock, check_postgre_up_mock,
- print_error_msg_mock, find_jdk_mock, search_file_mock,
- print_info_msg_mock, popenMock, openMock, pexistsMock,
- get_ambari_properties_mock, get_ambari_properties_2_mock, get_ambari_properties_3_mock, os_environ_mock,
- get_validated_string_input_method, os_chmod_method, get_is_secure_mock, get_is_persisted_mock,
+ def test_start(self, perform_housekeeping_mock, chdir_mock, getuser_mock, find_jdbc_driver_mock,
+ is_root_mock, is_root_2_mock, read_ambari_user_mock,
+ check_postgre_up_mock, print_info_msg_mock, print_warning_msg_mock,
+ find_jdk_mock, check_database_name_property_mock, search_file_mock,
+ popenMock, openMock, pexistsMock,
+ get_ambari_properties_mock, get_ambari_properties_2_mock, get_ambari_properties_3_mock,
+ get_ambari_properties_4_mock, get_ambari_properties_5_mock, os_environ_mock,
+ get_validated_string_input_method, write_property_method,
+ os_chmod_method, get_is_secure_mock, get_is_persisted_mock,
save_master_key_method, get_master_key_location_method,
os_chown_mock, is_server_running_mock, locate_file_mock,
os_makedirs_mock, check_exitcode_mock, save_main_pid_ex_mock,
- wait_for_pid_mock, looking_for_pid_mock):
+ wait_for_pid_mock, looking_for_pid_mock, stdout_write_mock, stdout_flush_mock):
+
+ def reset_mocks():
+ args = MagicMock()
+ del args.dbms
+ del args.database_index
+ del args.database_host
+ del args.database_port
+ del args.database_name
+ del args.database_username
+ del args.database_password
+ del args.persistence_type
+ del args.sid_or_sname
+ del args.jdbc_url
+ del args.debug
+ del args.suspend_start
+
+ return args
+
+ args = reset_mocks()
- args = MagicMock()
locate_file_mock.side_effect = lambda *args: '/bin/su' if args[0] == 'su' else '/bin/sh'
f = MagicMock()
- f.readline.return_value = 42
+ f.readline.return_value = '42'
openMock.return_value = f
looking_for_pid_mock.return_value = [{
@@ -3113,12 +3161,12 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
wait_for_pid_mock.return_value = 1
check_exitcode_mock.return_value = 0
- p = get_ambari_properties_mock.return_value
- p.get_property.return_value = 'False'
- p = get_ambari_properties_2_mock.return_value
- p.get_property.return_value = 'False'
- p = get_ambari_properties_3_mock.return_value
- p.get_property.return_value = 'False'
+ p = Properties()
+ p.process_pair(SECURITY_IS_ENCRYPTION_ENABLED, 'False')
+
+ get_ambari_properties_5_mock.return_value = get_ambari_properties_4_mock.return_value = \
+ get_ambari_properties_3_mock.return_value = get_ambari_properties_2_mock.return_value = \
+ get_ambari_properties_mock.return_value = p
get_is_secure_mock.return_value = False
get_is_persisted_mock.return_value = (False, None)
search_file_mock.return_value = None
@@ -3134,89 +3182,96 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
getpwnam_mock.return_value = pw
try:
- _ambari_server_.start(args)
- self.fail("Should fail with 'Server is running'")
- except FatalException:
- # Expected
- pass
+ _ambari_server_.start(args)
+ self.fail("Should fail with 'Server is running'")
+ except FatalException as e:
+ # Expected
+ self.assertTrue('Ambari Server is already running.' in e.reason)
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
+ is_server_running_mock.return_value = (False, 0)
pexistsMock.return_value = False
# Checking situation when ambari user is not set up
read_ambari_user_mock.return_value = None
try:
- _ambari_server_.start(args)
- self.fail("Should fail with 'Can not detect a system user for Ambari'")
+ _ambari_server_.start(args)
+ self.fail("Should fail with 'Can not detect a system user for Ambari'")
except FatalException as e:
- # Expected
- self.assertTrue('Unable to detect a system user for Ambari Server.' in e.reason)
-
- parse_properties_file_mock.reset_mock()
+ # Expected
+ self.assertTrue('Unable to detect a system user for Ambari Server.' in e.reason)
# Checking start from non-root when current user is not the same as a
# custom user
+ args = reset_mocks()
read_ambari_user_mock.return_value = "dummy-user"
getuser_mock.return_value = "non_custom_user"
- is_root_mock.return_value = False
+ is_root_2_mock.return_value = is_root_mock.return_value = False
try:
- _ambari_server_.start(args)
- self.fail("Should fail with 'Can not start ambari-server as user...'")
+ _ambari_server_.start(args)
+ self.fail("Should fail with 'Can not start ambari-server as user...'")
except FatalException as e:
- # Expected
- self.assertTrue('Unable to start Ambari Server as user' in e.reason)
- self.assertFalse(parse_properties_file_mock.called)
-
- parse_properties_file_mock.reset_mock()
+ # Expected
+ self.assertTrue('Unable to start Ambari Server as user' in e.reason)
+ #self.assertFalse(parse_properties_file_mock.called)
# Checking "jdk not found"
- is_root_mock.return_value = True
+ args = reset_mocks()
+ is_root_2_mock.return_value = is_root_mock.return_value = True
find_jdk_mock.return_value = None
- is_server_running_mock.return_value = (False, 0)
try:
- _ambari_server_.start(args)
- self.fail("Should fail with 'No JDK found'")
+ _ambari_server_.start(args)
+ self.fail("Should fail with 'No JDK found'")
except FatalException as e:
- # Expected
- self.assertTrue('No JDK found' in e.reason)
+ # Expected
+ self.assertTrue('No JDK found' in e.reason)
+ args = reset_mocks()
find_jdk_mock.return_value = "somewhere"
- parse_properties_file_mock.reset_mock()
-
## Testing workflow under root
- is_root_mock.return_value = True
+ is_root_2_mock.return_value = is_root_mock.return_value = True
# Remote DB
- args.persistence_type = "remote"
- args.dbms = "oracle"
- del args.sid_or_sname
- del args.jdbc_url
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'oracle')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'remote')
# Case when jdbc driver is not used
find_jdbc_driver_mock.return_value = -1
try:
- _ambari_server_.start(args)
- self.fail("Should fail with exception")
+ _ambari_server_.start(args)
+ self.fail("Should fail with exception")
except FatalException as e:
- self.assertTrue('Before starting Ambari Server' in e.reason)
+ self.assertTrue('Before starting Ambari Server' in e.reason)
+
+ args = reset_mocks()
+
+ # Remote DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'oracle')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'remote')
find_jdbc_driver_mock.reset_mock()
find_jdbc_driver_mock.return_value = 0
try:
- _ambari_server_.start(args)
+ _ambari_server_.start(args)
except FatalException as e:
- # Ignored
- pass
+ # Ignored
+ pass
+
+ args = reset_mocks()
+
+ # Remote DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'oracle')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'remote')
# Test exception handling on resource files housekeeping
perform_housekeeping_mock.reset_mock()
perform_housekeeping_mock.side_effect = KeeperException("some_reason")
try:
- _ambari_server_.start(args)
- self.fail("Should fail with exception")
+ _ambari_server_.start(args)
+ self.fail("Should fail with exception")
except FatalException as e:
self.assertTrue('some_reason' in e.reason)
self.assertTrue(perform_housekeeping_mock.called)
@@ -3226,23 +3281,29 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertFalse('Unable to start PostgreSQL server' in e.reason)
self.assertFalse(check_postgre_up_mock.called)
- check_postgre_up_mock.reset_mock()
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
# Local DB
- args.persistence_type = "local"
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'local')
+
+ check_postgre_up_mock.reset_mock()
# case: postgres failed to start
check_postgre_up_mock.return_value = None, 1, "Unable to start PostgreSQL serv", "error"
try:
- _ambari_server_.start(args)
- self.fail("Should fail with 'Unable to start PostgreSQL server'")
+ _ambari_server_.start(args)
+ self.fail("Should fail with 'Unable to start PostgreSQL server'")
except FatalException as e:
- # Expected
- self.assertTrue('Unable to start PostgreSQL server' in e.reason)
- self.assertTrue(check_postgre_up_mock.called)
+ # Expected
+ self.assertTrue('Unable to start PostgreSQL server' in e.reason)
+ self.assertTrue(check_postgre_up_mock.called)
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
+
+ # Local DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'local')
check_postgre_up_mock.return_value = "running", 0, "success", ""
@@ -3253,11 +3314,16 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
popen_arg = popenMock.call_args[0][0]
self.assertTrue(popen_arg[0] == "/bin/sh")
self.assertTrue(perform_housekeeping_mock.called)
+
+ args = reset_mocks()
+
+ # Local DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'local')
+
perform_housekeeping_mock.reset_mock()
popenMock.reset_mock()
- parse_properties_file_mock.reset_mock()
-
# Case: custom user is not "root"
read_ambari_user_mock.return_value = "not-root-user"
_ambari_server_.start(args)
@@ -3266,35 +3332,40 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
popen_arg = popenMock.call_args_list[0][0][0]
self.assertTrue(popen_arg[0] == "/bin/su")
self.assertTrue(perform_housekeeping_mock.called)
- check_postgre_up_mock.reset_mock()
+ args = reset_mocks()
+
+ # Local DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'local')
+
+ check_postgre_up_mock.reset_mock()
popenMock.reset_mock()
- parse_properties_file_mock.reset_mock()
## Testing workflow under non-root
- is_root_mock.return_value = False
+ is_root_2_mock.return_value = is_root_mock.return_value = False
read_ambari_user_mock.return_value = "not-root-user"
getuser_mock.return_value = read_ambari_user_mock.return_value
- parse_properties_file_mock.reset_mock()
-
- # Local DB
- args.persistence_type = "local"
-
_ambari_server_.start(args)
self.assertFalse(check_postgre_up_mock.called)
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
# Remote DB
- args.persistence_type = "remote"
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'remote')
_ambari_server_.start(args)
self.assertFalse(check_postgre_up_mock.called)
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
+
+ # Remote DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'remote')
# Checking call
_ambari_server_.start(args)
@@ -3302,27 +3373,32 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
popen_arg = popenMock.call_args[0][0]
self.assertTrue(popen_arg[0] == "/bin/sh")
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
+
+ # Remote DB
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'remote')
# Test start under wrong user
read_ambari_user_mock.return_value = "not-root-user"
getuser_mock.return_value = "non_custom_user"
try:
- _ambari_server_.start(args)
- self.fail("Can not start ambari-server as user non_custom_user.")
+ _ambari_server_.start(args)
+ self.fail("Can not start ambari-server as user non_custom_user.")
except FatalException as e:
- # Expected
- self.assertTrue('Unable to start Ambari Server as user' in e.reason)
+ # Expected
+ self.assertTrue('Unable to start Ambari Server as user' in e.reason)
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
# Check environ master key is set
popenMock.reset_mock()
os_environ_mock.copy.return_value = {"a": "b",
- _ambari_server_.SECURITY_KEY_ENV_VAR_NAME: "masterkey"}
- args.persistence_type = "local"
+ SECURITY_KEY_ENV_VAR_NAME: "masterkey"}
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'local')
read_ambari_user_mock.return_value = "root"
- is_root_mock.return_value = True
+ is_root_2_mock.return_value = is_root_mock.return_value = True
_ambari_server_.start(args)
@@ -3331,16 +3407,17 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
popen_arg = popenMock.call_args[1]['env']
self.assertEquals(os_environ_mock.copy.return_value, popen_arg)
- parse_properties_file_mock.reset_mock()
+ args = reset_mocks()
# Check environ master key is not set
popenMock.reset_mock()
os_environ_mock.reset_mock()
- p.get_property.return_value = 'True'
+ p.process_pair(SECURITY_IS_ENCRYPTION_ENABLED, 'True')
os_environ_mock.copy.return_value = {"a": "b"}
- args.persistence_type = "local"
+ p.process_pair(JDBC_DATABASE_PROPERTY, 'postgres')
+ p.process_pair(PERSISTENCE_TYPE_PROPERTY, 'local')
read_ambari_user_mock.return_value = "root"
- is_root_mock.return_value = True
+ is_root_2_mock.return_value = is_root_mock.return_value = True
get_validated_string_input_method.return_value = "masterkey"
os_chmod_method.return_value = None
get_is_secure_mock.return_value = True
@@ -3372,25 +3449,29 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
@patch.object(_ambari_server_, "BackupRestore_main")
def test_backup(self, bkrestore_mock):
- _ambari_server_.backup("/some/path/file.zip")
+ args = ["", "/some/path/file.zip"]
+ _ambari_server_.backup(args)
self.assertTrue(bkrestore_mock.called)
pass
@patch.object(_ambari_server_, "BackupRestore_main")
def test_backup_no_path(self, bkrestore_mock):
- _ambari_server_.backup(None)
+ args = [""]
+ _ambari_server_.backup(args)
self.assertTrue(bkrestore_mock.called)
pass
@patch.object(_ambari_server_, "BackupRestore_main")
def test_restore(self, bkrestore_mock):
- _ambari_server_.restore("/some/path/file.zip")
+ args = ["", "/some/path/file.zip"]
+ _ambari_server_.restore(args)
self.assertTrue(bkrestore_mock.called)
pass
@patch.object(_ambari_server_, "BackupRestore_main")
def test_restore_no_path(self, bkrestore_mock):
- _ambari_server_.restore(None)
+ args = [""]
+ _ambari_server_.restore(args)
self.assertTrue(bkrestore_mock.called)
pass
@@ -3399,13 +3480,12 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
@patch("ambari_server.serverUpgrade.run_stack_upgrade")
def test_upgrade_stack(self, run_stack_upgrade_mock,
check_database_name_property_mock, is_root_mock):
- args = MagicMock()
- args.persistence_type = "local"
-
# Testing call under non-root
is_root_mock.return_value = False
+
+ args = ['', 'HDP-2.0']
try:
- upgrade_stack(args, 'HDP-2.0')
+ upgrade_stack(args)
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -3415,7 +3495,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
# Testing calls under root
is_root_mock.return_value = True
run_stack_upgrade_mock.return_value = 0
- upgrade_stack(args, 'HDP-2.0')
+ upgrade_stack(args)
self.assertTrue(run_stack_upgrade_mock.called)
run_stack_upgrade_mock.assert_called_with("HDP", "2.0", None, None)
@@ -4088,6 +4168,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertEqual(4, len(get_choice_string_input_mock.call_args_list[0][0]))
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch.object(_ambari_server_, "setup")
def test_main_db_options(self, setup_mock):
base_args = ["ambari-server.py", "setup"]
@@ -4298,7 +4379,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
for line in properties:
if (line == "agent.fqdn.service.url=URL\n"):
- if (not _ambari_server_.GET_FQDN_SERVICE_URL + "=URL\n" in ambari_properties_content) and (
+ if (not GET_FQDN_SERVICE_URL + "=URL\n" in ambari_properties_content) and (
line in ambari_properties_content):
self.fail()
else:
@@ -4907,19 +4988,19 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
@patch("os.path.exists")
- @patch.object(_ambari_server_, "get_is_secure")
- @patch.object(_ambari_server_, "get_is_persisted")
- @patch.object(_ambari_server_, "remove_password_file")
- @patch.object(_ambari_server_, "save_passwd_for_alias")
- @patch.object(_ambari_server_, "read_master_key")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "get_master_key_location")
- @patch.object(_ambari_server_, "update_properties")
- @patch.object(_ambari_server_, "save_master_key")
- @patch.object(_ambari_server_, "get_YN_input")
- @patch.object(_ambari_server_, "search_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_root")
+ @patch("ambari_server.setupSecurity.get_is_secure")
+ @patch("ambari_server.setupSecurity.get_is_persisted")
+ @patch("ambari_server.setupSecurity.remove_password_file")
+ @patch("ambari_server.setupSecurity.save_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.read_master_key")
+ @patch("ambari_server.setupSecurity.read_ambari_user")
+ @patch("ambari_server.setupSecurity.get_master_key_location")
+ @patch("ambari_server.setupSecurity.update_properties_2")
+ @patch("ambari_server.setupSecurity.save_master_key")
+ @patch("ambari_server.setupSecurity.get_YN_input")
+ @patch("ambari_server.setupSecurity.search_file")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_root")
def test_setup_master_key_not_persist(self, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
@@ -4929,8 +5010,15 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
get_is_persisted_method, get_is_secure_method, exists_mock):
is_root_method.return_value = True
- p = get_ambari_properties_method.return_value
- p.get_property.side_effect = ["fakepasswd", "fakepasswd", "fakepasswd", "fakepasswd"]
+
+ p = Properties()
+ FAKE_PWD_STRING = "fakepasswd"
+ p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(LDAP_MGR_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
+ get_ambari_properties_method.return_value = p
+
read_master_key_method.return_value = "aaa"
get_YN_input_method.return_value = False
read_ambari_user_method.return_value = None
@@ -4939,7 +5027,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
get_is_secure_method.return_value = False
exists_mock.return_value = False
- _ambari_server_.setup_master_key()
+ setup_master_key()
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
@@ -4951,13 +5039,13 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertTrue(remove_password_file_method.called)
result_expected = {JDBC_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
JDBC_RCA_PASSWORD_FILE_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
LDAP_MGR_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(LDAP_MGR_PASSWORD_ALIAS),
+ get_alias_string(LDAP_MGR_PASSWORD_ALIAS),
SSL_TRUSTSTORE_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
+ get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0))
@@ -4967,19 +5055,19 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
pass
- @patch.object(_ambari_server_, "save_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.save_passwd_for_alias")
@patch("os.path.exists")
- @patch.object(_ambari_server_, "get_is_secure")
- @patch.object(_ambari_server_, "get_is_persisted")
- @patch.object(_ambari_server_, "read_master_key")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "get_master_key_location")
- @patch.object(_ambari_server_, "update_properties")
- @patch.object(_ambari_server_, "save_master_key")
- @patch.object(_ambari_server_, "get_YN_input")
+ @patch("ambari_server.setupSecurity.get_is_secure")
+ @patch("ambari_server.setupSecurity.get_is_persisted")
+ @patch("ambari_server.setupSecurity.read_master_key")
+ @patch("ambari_server.setupSecurity.read_ambari_user")
+ @patch("ambari_server.setupSecurity.get_master_key_location")
+ @patch("ambari_server.setupSecurity.update_properties_2")
+ @patch("ambari_server.setupSecurity.save_master_key")
+ @patch("ambari_server.setupSecurity.get_YN_input")
@patch("ambari_server.serverConfiguration.search_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_root")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_root")
def test_setup_master_key_persist(self, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
@@ -4989,8 +5077,12 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
save_passwd_for_alias_method):
is_root_method.return_value = True
- p = get_ambari_properties_method.return_value
- p.get_property.side_effect = ["fakepasswd", None, None, None]
+
+ p = Properties()
+ FAKE_PWD_STRING = "fakepasswd"
+ p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ get_ambari_properties_method.return_value = p
+
read_master_key_method.return_value = "aaa"
get_YN_input_method.side_effect = [True, False]
read_ambari_user_method.return_value = None
@@ -4999,7 +5091,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
exists_mock.return_value = False
save_passwd_for_alias_method.return_value = 0
- _ambari_server_.setup_master_key()
+ setup_master_key()
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
@@ -5008,8 +5100,8 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertTrue(save_master_key_method.called)
result_expected = {JDBC_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
- _ambari_server_.SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
@@ -5018,34 +5110,33 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
pass
- @patch.object(_ambari_server_, "read_master_key")
- @patch.object(_ambari_server_, "remove_password_file")
+ @patch("ambari_server.setupSecurity.read_master_key")
+ @patch("ambari_server.setupSecurity.remove_password_file")
@patch("os.path.exists")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "get_master_key_location")
- @patch("ambari-server.Properties")
- @patch.object(_ambari_server_, "save_passwd_for_alias")
- @patch.object(_ambari_server_, "read_passwd_for_alias")
- @patch.object(_ambari_server_, "update_properties")
- @patch.object(_ambari_server_, "save_master_key")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "get_YN_input")
- @patch.object(_ambari_server_, "search_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_root")
+ @patch("ambari_server.setupSecurity.read_ambari_user")
+ @patch("ambari_server.setupSecurity.get_master_key_location")
+ @patch("ambari_server.setupSecurity.save_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.read_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.update_properties_2")
+ @patch("ambari_server.setupSecurity.save_master_key")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_YN_input")
+ @patch("ambari_server.setupSecurity.search_file")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_root")
def test_reset_master_key_persisted(self, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, get_validated_string_input_method,
save_master_key_method, update_properties_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
- Properties_mock, get_master_key_location_method,
+ get_master_key_location_method,
read_ambari_user_method, exists_mock,
remove_password_file_method, read_master_key_method):
# Testing call under non-root
is_root_method.return_value = False
try:
- _ambari_server_.setup_master_key()
+ setup_master_key()
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -5057,10 +5148,14 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
search_file_message.return_value = "filepath"
read_ambari_user_method.return_value = None
- p = get_ambari_properties_method.return_value
- p.get_property.side_effect = ['true', '${alias=fakealias}',
- '${alias=fakealias}',
- '${alias=fakealias}', '${alias=fakealias}']
+
+ p = Properties()
+ FAKE_PWD_STRING = '${alias=fakealias}'
+ p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(LDAP_MGR_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
+ get_ambari_properties_method.return_value = p
get_YN_input_method.side_effect = [True, True]
read_master_key_method.return_value = "aaa"
@@ -5068,7 +5163,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
- _ambari_server_.setup_master_key()
+ setup_master_key()
self.assertTrue(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
@@ -5079,14 +5174,14 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertTrue(3, save_passwd_for_alias_method.call_count)
result_expected = {JDBC_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
JDBC_RCA_PASSWORD_FILE_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
LDAP_MGR_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(LDAP_MGR_PASSWORD_ALIAS),
- _ambari_server_.SSL_TRUSTSTORE_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(_ambari_server_.SSL_TRUSTSTORE_PASSWORD_ALIAS),
- _ambari_server_.SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
+ get_alias_string(LDAP_MGR_PASSWORD_ALIAS),
+ SSL_TRUSTSTORE_PASSWORD_PROPERTY:
+ get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
+ SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
@@ -5095,28 +5190,27 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
pass
- @patch.object(_ambari_server_, "get_is_persisted")
- @patch.object(_ambari_server_, "get_is_secure")
- @patch.object(_ambari_server_, "remove_password_file")
+ @patch("ambari_server.setupSecurity.get_is_persisted")
+ @patch("ambari_server.setupSecurity.get_is_secure")
+ @patch("ambari_server.setupSecurity.remove_password_file")
@patch("os.path.exists")
- @patch.object(_ambari_server_, "read_ambari_user")
- @patch.object(_ambari_server_, "get_master_key_location")
- @patch("ambari-server.Properties")
- @patch.object(_ambari_server_, "save_passwd_for_alias")
- @patch.object(_ambari_server_, "read_passwd_for_alias")
- @patch.object(_ambari_server_, "update_properties")
- @patch.object(_ambari_server_, "save_master_key")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "get_YN_input")
- @patch.object(_ambari_server_, "search_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_root")
+ @patch("ambari_server.setupSecurity.read_ambari_user")
+ @patch("ambari_server.setupSecurity.get_master_key_location")
+ @patch("ambari_server.setupSecurity.save_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.read_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.update_properties_2")
+ @patch("ambari_server.setupSecurity.save_master_key")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
+ @patch("ambari_server.setupSecurity.get_YN_input")
+ @patch("ambari_server.setupSecurity.search_file")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_root")
def test_reset_master_key_not_persisted(self, is_root_method,
get_ambari_properties_method,
search_file_message, get_YN_input_method,
get_validated_string_input_method, save_master_key_method,
update_properties_method, read_passwd_for_alias_method,
- save_passwd_for_alias_method, Properties_mock,
+ save_passwd_for_alias_method,
get_master_key_location_method, read_ambari_user_method,
exists_mock, remove_password_file_method, get_is_secure_method,
get_is_persisted_method):
@@ -5124,9 +5218,14 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
- p = get_ambari_properties_method.return_value
- p.get_property.side_effect = ['${alias=fakealias}', '${alias=fakealias}',
- '${alias=fakealias}', '${alias=fakealias}']
+
+ p = Properties()
+ FAKE_PWD_STRING = '${alias=fakealias}'
+ p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(LDAP_MGR_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
+ p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
+ get_ambari_properties_method.return_value = p
get_YN_input_method.side_effect = [True, False]
get_validated_string_input_method.return_value = "aaa"
@@ -5136,7 +5235,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (True, "filePath")
- _ambari_server_.setup_master_key()
+ setup_master_key()
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
@@ -5148,14 +5247,14 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertFalse(save_master_key_method.called)
result_expected = {JDBC_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
JDBC_RCA_PASSWORD_FILE_PROPERTY:
- _ambari_server_.get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
+ get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
LDAP_MGR_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(LDAP_MGR_PASSWORD_ALIAS),
- _ambari_server_.SSL_TRUSTSTORE_PASSWORD_PROPERTY:
- _ambari_server_.get_alias_string(_ambari_server_.SSL_TRUSTSTORE_PASSWORD_ALIAS),
- _ambari_server_.SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
+ get_alias_string(LDAP_MGR_PASSWORD_ALIAS),
+ SSL_TRUSTSTORE_PASSWORD_PROPERTY:
+ get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
+ SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
sorted_x = sorted(result_expected.iteritems(), key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
@@ -5163,13 +5262,14 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertEquals(sorted_x, sorted_y)
pass
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
@patch("__builtin__.raw_input")
- @patch.object(_ambari_server_, "get_is_secure")
- @patch.object(_ambari_server_, "get_YN_input")
- @patch.object(_ambari_server_, "update_properties")
- @patch.object(_ambari_server_, "search_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_root")
+ @patch("ambari_server.setupSecurity.get_is_secure")
+ @patch("ambari_server.setupSecurity.get_YN_input")
+ @patch("ambari_server.setupSecurity.update_properties_2")
+ @patch("ambari_server.setupSecurity.search_file")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_root")
def test_setup_ldap_invalid_input(self, is_root_method, get_ambari_properties_method,
search_file_message,
update_properties_method,
@@ -5191,11 +5291,11 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
set_silent(False)
get_YN_input_method.return_value = True
- _ambari_server_.setup_ldap()
+ setup_ldap()
ldap_properties_map = \
{
- "authentication.ldap.primaryUrl": "a:3",
+ LDAP_PRIMARY_URL_PROPERTY: "a:3",
"authentication.ldap.secondaryUrl": "b:2",
"authentication.ldap.useSSL": "false",
"authentication.ldap.userObjectClass": "user",
@@ -5220,11 +5320,11 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
raw_input_mock.reset_mock()
raw_input_mock.side_effect = ['a:3', '', 'b:2', 'false', 'user', 'uid', 'group', 'cn', 'member', 'dn', 'base', 'true']
- _ambari_server_.setup_ldap()
+ setup_ldap()
ldap_properties_map = \
{
- "authentication.ldap.primaryUrl": "a:3",
+ LDAP_PRIMARY_URL_PROPERTY: "a:3",
"authentication.ldap.useSSL": "false",
"authentication.ldap.userObjectClass": "user",
"authentication.ldap.usernameAttribute": "uid",
@@ -5247,21 +5347,21 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
sys.stdout = sys.__stdout__
pass
- @patch.object(_ambari_server_, "get_is_secure")
- @patch.object(_ambari_server_, "encrypt_password")
- @patch.object(_ambari_server_, "save_passwd_for_alias")
- @patch.object(_ambari_server_, "get_YN_input")
- @patch.object(_ambari_server_, "update_properties")
- @patch.object(_ambari_server_, "configure_ldap_password")
- @patch.object(_ambari_server_, "get_validated_string_input")
- @patch.object(_ambari_server_, "setup_master_key")
+ @patch.object(OSCheck, "os_distribution", new = MagicMock(return_value = os_distro_value))
+ @patch("ambari_server.setupSecurity.get_is_secure")
+ @patch("ambari_server.setupSecurity.encrypt_password")
+ @patch("ambari_server.setupSecurity.save_passwd_for_alias")
+ @patch("ambari_server.setupSecurity.get_YN_input")
+ @patch("ambari_server.setupSecurity.update_properties_2")
+ @patch("ambari_server.setupSecurity.configure_ldap_password")
+ @patch("ambari_server.setupSecurity.get_validated_string_input")
@patch("ambari_server.serverConfiguration.search_file")
- @patch.object(_ambari_server_, "get_ambari_properties")
- @patch.object(_ambari_server_, "is_root")
- @patch.object(_ambari_server_, "read_password")
+ @patch("ambari_server.setupSecurity.get_ambari_properties")
+ @patch("ambari_server.setupSecurity.is_root")
+ @patch("ambari_server.setupSecurity.read_password")
@patch("os.path.exists")
def test_setup_ldap(self, exists_method, read_password_method, is_root_method, get_ambari_properties_method,
- search_file_message, setup_master_key_method,
+ search_file_message,
get_validated_string_input_method,
configure_ldap_password_method, update_properties_method,
get_YN_input_method, save_passwd_for_alias_method,
@@ -5273,7 +5373,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
# Testing call under non-root
is_root_method.return_value = False
try:
- _ambari_server_.setup_ldap()
+ setup_ldap()
self.fail("Should throw exception")
except FatalException as fe:
# Expected
@@ -5292,9 +5392,8 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
get_ambari_properties_method.return_value = configs
configure_ldap_password_method.return_value = "password"
- setup_master_key_method.return_value = (None, True, True)
save_passwd_for_alias_method.return_value = 0
- encrypt_password_method.return_value = _ambari_server_.get_alias_string(LDAP_MGR_PASSWORD_ALIAS)
+ encrypt_password_method.return_value = get_alias_string(LDAP_MGR_PASSWORD_ALIAS)
def yn_input_side_effect(*args, **kwargs):
if 'T
<TRUNCATED>
[3/5] ambari git commit: AMBARI-8317 AMBARI-8317 Refactor the
OS-dependent Ambari Server Windows components - Part 2
Posted by fb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
index 04dbb61..2f48c2a 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
@@ -30,7 +30,7 @@ import time
from ambari_commons import OSCheck, OSConst
from ambari_commons.logging_utils import get_silent, get_verbose, print_error_msg, print_info_msg, print_warning_msg
from ambari_commons.exceptions import NonFatalException, FatalException
-from ambari_commons.os_utils import copy_files, remove_file, run_os_command, find_in_path
+from ambari_commons.os_utils import copy_files, find_in_path, is_root, remove_file, run_os_command
from ambari_server.dbConfiguration import DBMSConfig, USERNAME_PATTERN, SETUP_DB_CONNECT_ATTEMPTS, \
SETUP_DB_CONNECT_TIMEOUT, STORAGE_TYPE_LOCAL, DEFAULT_USERNAME, DEFAULT_PASSWORD
from ambari_server.serverConfiguration import get_ambari_properties, get_value_from_properties, configDefaults, \
@@ -41,9 +41,8 @@ from ambari_server.serverConfiguration import get_ambari_properties, get_value_f
JDBC_DRIVER_PROPERTY, JDBC_URL_PROPERTY, \
JDBC_RCA_USER_NAME_PROPERTY, JDBC_RCA_PASSWORD_ALIAS, JDBC_RCA_PASSWORD_FILE_PROPERTY, \
JDBC_RCA_DRIVER_PROPERTY, JDBC_RCA_URL_PROPERTY, \
- PERSISTENCE_TYPE_PROPERTY
-from ambari_server.setupSecurity import read_password, store_password_file, encrypt_password
-from ambari_server.userInput import get_YN_input, get_validated_string_input
+ PERSISTENCE_TYPE_PROPERTY, encrypt_password, store_password_file
+from ambari_server.userInput import get_YN_input, get_validated_string_input, read_password
from ambari_server.utils import get_postgre_hba_dir, get_postgre_running_status
ORACLE_DB_ID_TYPES = ["Service Name", "SID"]
@@ -365,6 +364,17 @@ class PGConfig(LinuxDBMSConfig):
#
# Public methods
#
+ def ensure_dbms_is_running(self, options, properties, scmStatus=None):
+ if self._is_local_database():
+ if is_root():
+ (pg_status, retcode, out, err) = PGConfig._check_postgre_up()
+ if not retcode == 0:
+ err = 'Unable to start PostgreSQL server. Status {0}. {1}. Exiting'.format(pg_status, err)
+ raise FatalException(retcode, err)
+ else:
+ print "Unable to check PostgreSQL server status when starting " \
+ "without root privileges."
+ print "Please do not forget to start PostgreSQL server."
#
# Private implementation
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
index 58fa7c4..742fa8b 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_windows.py
@@ -26,17 +26,16 @@ from ambari_commons.logging_utils import print_info_msg, print_warning_msg
from ambari_commons.os_utils import search_file, run_os_command
from ambari_commons.os_windows import WinServiceController
from ambari_commons.str_utils import compress_backslashes, ensure_double_backslashes
-from ambari_server.dbConfiguration import AMBARI_DATABASE_NAME, DEFAULT_USERNAME, DBMSConfig, DbPropKeys, DbAuthenticationKeys
+from ambari_server.dbConfiguration import AMBARI_DATABASE_NAME, DEFAULT_USERNAME, DEFAULT_PASSWORD, \
+ DBMSConfig, DbPropKeys, DbAuthenticationKeys
from ambari_server.serverConfiguration import JDBC_DRIVER_PROPERTY, JDBC_DRIVER_PATH_PROPERTY, JDBC_URL_PROPERTY, \
JDBC_DATABASE_PROPERTY, JDBC_DATABASE_NAME_PROPERTY, \
JDBC_HOSTNAME_PROPERTY, JDBC_PORT_PROPERTY, JDBC_USE_INTEGRATED_AUTH_PROPERTY, JDBC_USER_NAME_PROPERTY, JDBC_PASSWORD_PROPERTY, \
JDBC_PASSWORD_FILENAME, \
- JDBC_RCA_DRIVER_PROPERTY, JDBC_RCA_URL_PROPERTY, JDBC_RCA_DATABASE_PROPERTY, JDBC_RCA_SCHEMA_PROPERTY, \
- JDBC_RCA_HOSTNAME_PROPERTY, JDBC_RCA_PORT_PROPERTY, JDBC_RCA_USE_INTEGRATED_AUTH_PROPERTY, \
- JDBC_RCA_USER_NAME_PROPERTY, JDBC_RCA_PASSWORD_FILE_PROPERTY, JDBC_RCA_PASSWORD_FILENAME, JDBC_RCA_PASSWORD_ALIAS, \
+ JDBC_RCA_DRIVER_PROPERTY, JDBC_RCA_URL_PROPERTY, JDBC_RCA_HOSTNAME_PROPERTY, JDBC_RCA_PORT_PROPERTY, \
+ JDBC_RCA_USE_INTEGRATED_AUTH_PROPERTY, JDBC_RCA_USER_NAME_PROPERTY, JDBC_RCA_PASSWORD_FILE_PROPERTY, JDBC_RCA_PASSWORD_ALIAS, \
PERSISTENCE_TYPE_PROPERTY, \
- get_value_from_properties, configDefaults
-from ambari_server.setupSecurity import encrypt_password, store_password_file
+ get_value_from_properties, configDefaults, encrypt_password, store_password_file
from ambari_server.userInput import get_validated_string_input
@@ -339,15 +338,10 @@ class SQLServerAmbariDBConfig(SQLServerConfig):
self.env_var_db_owner = 'AMBARIDBOWNER'
# The values from options supersede the values from properties
- if options.init_db_script_file is not None and options.init_db_script_file is not "":
- self.init_script_file = compress_backslashes(options.init_db_script_file)
- else:
- self.init_script_file = "resources" + os.path.sep + "Ambari-DDL-SQLServer-CREATE.sql"
- if options.cleanup_db_script_file is not None and options.cleanup_db_script_file is not "":
- self.drop_tables_script_file = compress_backslashes(options.cleanup_db_script_file)
- else:
- self.drop_tables_script_file = "resources" + os.path.sep + "Ambari-DDL-SQLServer-DROP.sql"
- pass
+ self.init_script_file = compress_backslashes(DBMSConfig._init_member_with_default(options, "init_db_script_file",
+ "resources" + os.path.sep + "Ambari-DDL-SQLServer-CREATE.sql"))
+ self.drop_tables_script_file = compress_backslashes(DBMSConfig._init_member_with_default(options, "cleanup_db_script_file",
+ "resources" + os.path.sep + "Ambari-DDL-SQLServer-DROP.sql"))
def _setup_remote_server(self, properties):
super(SQLServerAmbariDBConfig, self)._setup_remote_server(properties)
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/serverConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverConfiguration.py b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
index 6b3f350..a69af54 100644
--- a/ambari-server/src/main/python/ambari_server/serverConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
@@ -31,7 +31,7 @@ import tempfile
from ambari_commons.exceptions import FatalException
from ambari_commons.os_check import OSCheck, OSConst
from ambari_commons.os_family_impl import OsFamilyImpl
-from ambari_commons.os_utils import run_os_command, search_file
+from ambari_commons.os_utils import run_os_command, search_file, set_file_permissions
from ambari_commons.logging_utils import get_debug_mode, print_info_msg, print_warning_msg, print_error_msg, \
set_debug_mode
from ambari_server.properties import Properties
@@ -48,8 +48,6 @@ PID_NAME = "ambari-server.pid"
# Non-root user setup commands
NR_USER_PROPERTY = "ambari-server.user"
-# constants
-STACK_NAME_VER_SEP = "-"
BLIND_PASSWORD = "*****"
# Common messages
@@ -207,9 +205,10 @@ class ServerConfigDefaults(object):
self.DEFAULT_VIEWS_DIR = ""
#keytool commands
- self.keytool_bin = ""
+ self.keytool_bin_subpath = ""
#Standard messages
+ self.MESSAGE_SERVER_RUNNING_AS_ROOT = ""
self.MESSAGE_ERROR_SETUP_NOT_ROOT = ""
self.MESSAGE_ERROR_RESET_NOT_ROOT = ""
self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = ""
@@ -260,9 +259,10 @@ class ServerConfigDefaultsWindows(ServerConfigDefaults):
self.DEFAULT_VIEWS_DIR = "resources\\views"
#keytool commands
- self.keytool_bin = "keytool.exe"
+ self.keytool_bin_subpath = "bin\\keytool.exe"
#Standard messages
+ self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with 'root' privileges."
self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup must be run with administrator-level privileges"
self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset must be run with administrator-level privileges"
self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with administrator-level privileges"
@@ -325,9 +325,10 @@ class ServerConfigDefaultsLinux(ServerConfigDefaults):
self.DEFAULT_VIEWS_DIR = "/var/lib/ambari-server/resources/views"
#keytool commands
- self.keytool_bin = "keytool"
+ self.keytool_bin_subpath = "bin/keytool"
#Standard messages
+ self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with administrator privileges."
self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup should be run with root-level privileges"
self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset should be run with root-level privileges"
self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with root-level privileges"
@@ -543,6 +544,31 @@ def update_database_name_property(upgrade=False):
raise FatalException(-1, err)
+def encrypt_password(alias, password):
+ properties = get_ambari_properties()
+ if properties == -1:
+ raise FatalException(1, None)
+ return get_encrypted_password(alias, password, properties)
+
+def get_encrypted_password(alias, password, properties):
+ isSecure = get_is_secure(properties)
+ (isPersisted, masterKeyFile) = get_is_persisted(properties)
+ if isSecure:
+ masterKey = None
+ if not masterKeyFile:
+ # Encryption enabled but no master key file found
+ masterKey = get_original_master_key(properties)
+
+ retCode = save_passwd_for_alias(alias, password, masterKey)
+ if retCode != 0:
+ print 'Failed to save secure password!'
+ return password
+ else:
+ return get_alias_string(alias)
+
+ return password
+
+
def is_alias_string(passwdStr):
regex = re.compile("\$\{alias=[\w\.]+\}")
# Match implies string at beginning of word
@@ -552,6 +578,12 @@ def is_alias_string(passwdStr):
else:
return False
+def get_alias_string(alias):
+ return "${alias=" + alias + "}"
+
+def get_alias_from_alias_string(aliasStr):
+ return aliasStr[8:-1]
+
def read_passwd_for_alias(alias, masterKey=""):
if alias:
jdk_path = find_jdk()
@@ -601,6 +633,59 @@ def decrypt_password_for_alias(properties, alias):
else:
return alias
+def save_passwd_for_alias(alias, passwd, masterKey=""):
+ if alias and passwd:
+ jdk_path = find_jdk()
+ if jdk_path is None:
+ print_error_msg("No JDK found, please run the \"setup\" "
+ "command to install a JDK automatically or install any "
+ "JDK manually to " + configDefaults.JDK_INSTALL_DIR)
+ return 1
+
+ if masterKey is None or masterKey == "":
+ masterKey = "None"
+
+ command = SECURITY_PROVIDER_PUT_CMD.format(get_java_exe_path(),
+ get_full_ambari_classpath(), alias, passwd, masterKey)
+ (retcode, stdout, stderr) = run_os_command(command)
+ print_info_msg("Return code from credential provider save passwd: " +
+ str(retcode))
+ return retcode
+ else:
+ print_error_msg("Alias or password is unreadable.")
+
+
+def get_pass_file_path(conf_file, filename):
+ return os.path.join(os.path.dirname(conf_file), filename)
+
+def store_password_file(password, filename):
+ conf_file = find_properties_file()
+ passFilePath = get_pass_file_path(conf_file, filename)
+
+ with open(passFilePath, 'w+') as passFile:
+ passFile.write(password)
+ print_info_msg("Adjusting filesystem permissions")
+ ambari_user = read_ambari_user()
+ set_file_permissions(passFilePath, "660", ambari_user, False)
+
+ #Windows paths need double backslashes, otherwise the Ambari server deserializer will think the single \ are escape markers
+ return passFilePath.replace('\\', '\\\\')
+
+def remove_password_file(filename):
+ conf_file = find_properties_file()
+ passFilePath = os.path.join(os.path.dirname(conf_file),
+ filename)
+
+ if os.path.exists(passFilePath):
+ try:
+ os.remove(passFilePath)
+ except Exception, e:
+ print_warning_msg('Unable to remove password file: ' + str(e))
+ return 1
+ pass
+ return 0
+
+
def get_original_master_key(properties):
input = True
while(input):
@@ -739,8 +824,6 @@ def update_properties(propertyMap):
print_error_msg('Could not read "%s": %s' % (conf_file, e))
return -1
- #for key in propertyMap.keys():
- #properties[key] = propertyMap[key]
for key in propertyMap.keys():
properties.removeOldProp(key)
properties.process_pair(key, str(propertyMap[key]))
@@ -765,7 +848,7 @@ def update_properties_2(properties, propertyMap):
pass
with open(conf_file, 'w') as file:
- properties.store(file)
+ properties.store_ordered(file)
pass
pass
@@ -994,20 +1077,6 @@ def get_java_exe_path():
return java_exe
return
-#
-# JDBC
-#
-
-#Check if required jdbc drivers present
-def find_jdbc_driver(args):
- if args.dbms in JDBC_PATTERNS.keys():
- drivers = []
- drivers.extend(glob.glob(os.path.join(configDefaults.JAVA_SHARE_PATH, JDBC_PATTERNS[args.dbms])))
- if drivers:
- return drivers
- return -1
- return 0
-
#
# Stack upgrade
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/serverSetup.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverSetup.py b/ambari-server/src/main/python/ambari_server/serverSetup.py
index b012fc4..0fbc35c 100644
--- a/ambari-server/src/main/python/ambari_server/serverSetup.py
+++ b/ambari-server/src/main/python/ambari_server/serverSetup.py
@@ -24,7 +24,7 @@ import re
import shutil
import sys
-from ambari_commons.exceptions import FatalException, NonFatalException
+from ambari_commons.exceptions import FatalException
from ambari_commons.firewall import Firewall
from ambari_commons.inet_utils import force_download_file
from ambari_commons.logging_utils import get_silent, print_info_msg, print_warning_msg, print_error_msg
@@ -38,13 +38,16 @@ from ambari_server.serverConfiguration import configDefaults, JDKRelease, \
read_ambari_user, update_properties, validate_jdk, write_property, \
JAVA_HOME, JAVA_HOME_PROPERTY, JCE_NAME_PROPERTY, JDBC_RCA_URL_PROPERTY, JDBC_URL_PROPERTY, \
JDK_NAME_PROPERTY, JDK_RELEASES, NR_USER_PROPERTY, OS_FAMILY, OS_FAMILY_PROPERTY, OS_TYPE, OS_TYPE_PROPERTY, OS_VERSION, \
- RESOURCES_DIR_PROPERTY, SERVICE_PASSWORD_KEY, SERVICE_USERNAME_KEY, VIEWS_DIR_PROPERTY, PID_NAME, get_is_secure, \
+ RESOURCES_DIR_PROPERTY, SERVICE_PASSWORD_KEY, SERVICE_USERNAME_KEY, VIEWS_DIR_PROPERTY, get_is_secure, \
get_is_persisted
+from ambari_server.serverUtils import is_server_runing
from ambari_server.setupSecurity import adjust_directory_permissions
from ambari_server.userInput import get_YN_input, get_validated_string_input
from ambari_server.utils import locate_file
+
+
# selinux commands
GET_SE_LINUX_ST_CMD = locate_file('sestatus', '/usr/sbin')
SE_SETENFORCE_CMD = "setenforce 0"
@@ -937,15 +940,12 @@ def setup(options):
#
# Resets the Ambari Server.
#
-def reset(options, serviceClass=None):
+def reset(options):
if not is_root():
err = configDefaults.MESSAGE_ERROR_RESET_NOT_ROOT
raise FatalException(4, err)
- if serviceClass:
- status, stateDesc = is_server_running(serviceClass)
- else:
- status, stateDesc = is_server_runing()
+ status, stateDesc = is_server_runing()
if status:
err = 'Ambari-server must be stopped to reset'
raise FatalException(1, err)
@@ -970,44 +970,3 @@ def reset(options, serviceClass=None):
_reset_database(options)
pass
-
-
-def is_server_running(serviceClass):
- from ambari_commons.os_windows import SERVICE_STATUS_STARTING, SERVICE_STATUS_RUNNING, SERVICE_STATUS_STOPPING, \
- SERVICE_STATUS_STOPPED, SERVICE_STATUS_NOT_INSTALLED
-
- statusStr = serviceClass.QueryStatus()
- if statusStr in(SERVICE_STATUS_STARTING, SERVICE_STATUS_RUNNING, SERVICE_STATUS_STOPPING):
- return True, ""
- elif statusStr == SERVICE_STATUS_STOPPED:
- return False, SERVICE_STATUS_STOPPED
- elif statusStr == SERVICE_STATUS_NOT_INSTALLED:
- return False, SERVICE_STATUS_NOT_INSTALLED
- else:
- return False, None
-
-def is_server_runing():
- pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME)
-
- if os.path.exists(pid_file_path):
- try:
- f = open(pid_file_path, "r")
- except IOError, ex:
- raise FatalException(1, str(ex))
-
- pid = f.readline().strip()
-
- if not pid.isdigit():
- err = "%s is corrupt. Removing" % (pid_file_path)
- f.close()
- run_os_command("rm -f " + pid_file_path)
- raise NonFatalException(err)
-
- f.close()
- retcode, out, err = run_os_command("ps -p " + pid)
- if retcode == 0:
- return True, int(pid)
- else:
- return False, None
- else:
- return False, None
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/serverUpgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverUpgrade.py b/ambari-server/src/main/python/ambari_server/serverUpgrade.py
index 1d9735a..cb98735 100644
--- a/ambari-server/src/main/python/ambari_server/serverUpgrade.py
+++ b/ambari-server/src/main/python/ambari_server/serverUpgrade.py
@@ -34,10 +34,9 @@ from ambari_server.serverConfiguration import configDefaults, \
AMBARI_PROPERTIES_FILE, IS_LDAP_CONFIGURED, LDAP_PRIMARY_URL_PROPERTY, RESOURCES_DIR_PROPERTY, \
SETUP_OR_UPGRADE_MSG
from ambari_server.setupSecurity import adjust_directory_permissions
-
-# constants
from ambari_server.utils import compare_versions
+# constants
STACK_NAME_VER_SEP = "-"
SCHEMA_UPGRADE_HELPER_CMD = "{0} -cp {1} " + \
@@ -53,13 +52,29 @@ STACK_UPGRADE_HELPER_CMD = "{0} -cp {1} " + \
# Stack upgrade
#
-def upgrade_stack(args, stack_id, repo_url=None, repo_url_os=None):
+def upgrade_stack(args):
if not is_root():
err = 'Ambari-server upgradestack should be run with ' \
'root-level privileges'
raise FatalException(4, err)
check_database_name_property()
+ try:
+ stack_id = args[1]
+ except IndexError:
+ #stack_id is mandatory
+ raise FatalException("Invalid number of stack upgrade arguments")
+
+ try:
+ repo_url = args[2]
+ except IndexError:
+ repo_url = None
+
+ try:
+ repo_url_os = args[3]
+ except IndexError:
+ repo_url_os = None
+
stack_name, stack_version = stack_id.split(STACK_NAME_VER_SEP)
retcode = run_stack_upgrade(stack_name, stack_version, repo_url, repo_url_os)
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/serverUtils.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverUtils.py b/ambari-server/src/main/python/ambari_server/serverUtils.py
new file mode 100644
index 0000000..539f8f5
--- /dev/null
+++ b/ambari-server/src/main/python/ambari_server/serverUtils.py
@@ -0,0 +1,92 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+
+import os
+from ambari_commons.exceptions import FatalException, NonFatalException
+from ambari_commons.logging_utils import get_verbose
+from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
+from ambari_commons.os_check import OSConst
+from ambari_commons.os_utils import run_os_command
+from ambari_server.resourceFilesKeeper import ResourceFilesKeeper, KeeperException
+from ambari_server.serverConfiguration import configDefaults, PID_NAME, get_ambari_properties, get_stack_location
+
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def is_server_runing():
+ pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME)
+
+ if os.path.exists(pid_file_path):
+ try:
+ f = open(pid_file_path, "r")
+ except IOError, ex:
+ raise FatalException(1, str(ex))
+
+ pid = f.readline().strip()
+
+ if not pid.isdigit():
+ err = "%s is corrupt. Removing" % (pid_file_path)
+ f.close()
+ run_os_command("rm -f " + pid_file_path)
+ raise NonFatalException(err)
+
+ f.close()
+ retcode, out, err = run_os_command("ps -p " + pid)
+ if retcode == 0:
+ return True, int(pid)
+ else:
+ return False, None
+ else:
+ return False, None
+
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def is_server_runing():
+ from ambari_commons.os_windows import SERVICE_STATUS_STARTING, SERVICE_STATUS_RUNNING, SERVICE_STATUS_STOPPING, \
+ SERVICE_STATUS_STOPPED, SERVICE_STATUS_NOT_INSTALLED
+ from ambari_windows_service import AmbariServerService
+
+ statusStr = AmbariServerService.QueryStatus()
+ if statusStr in(SERVICE_STATUS_STARTING, SERVICE_STATUS_RUNNING, SERVICE_STATUS_STOPPING):
+ return True, ""
+ elif statusStr == SERVICE_STATUS_STOPPED:
+ return False, SERVICE_STATUS_STOPPED
+ elif statusStr == SERVICE_STATUS_NOT_INSTALLED:
+ return False, SERVICE_STATUS_NOT_INSTALLED
+ else:
+ return False, None
+
+
+#
+# Performs HDP stack housekeeping
+#
+def refresh_stack_hash(properties):
+ stack_location = get_stack_location(properties)
+ # Hack: we determine resource dir as a parent dir for stack_location
+ resources_location = os.path.dirname(stack_location)
+ resource_files_keeper = ResourceFilesKeeper(resources_location)
+
+ try:
+ print "Organizing resource files at {0}...".format(resources_location,
+ verbose=get_verbose())
+ resource_files_keeper.perform_housekeeping()
+ except KeeperException, ex:
+ msg = "Can not organize resource files at {0}: {1}".format(
+ resources_location, str(ex))
+ raise FatalException(-1, msg)
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/setupActions.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupActions.py b/ambari-server/src/main/python/ambari_server/setupActions.py
index 5ca5cce..90b9897 100644
--- a/ambari-server/src/main/python/ambari_server/setupActions.py
+++ b/ambari-server/src/main/python/ambari_server/setupActions.py
@@ -36,6 +36,3 @@ ENCRYPT_PASSWORDS_ACTION = "encrypt-passwords"
SETUP_SECURITY_ACTION = "setup-security"
BACKUP_ACTION = "backup"
RESTORE_ACTION = "restore"
-
-ACTION_REQUIRE_RESTART = [RESET_ACTION, UPGRADE_ACTION, UPGRADE_STACK_ACTION,
- SETUP_SECURITY_ACTION, LDAP_SETUP_ACTION]
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/setupHttps.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupHttps.py b/ambari-server/src/main/python/ambari_server/setupHttps.py
new file mode 100644
index 0000000..6ec9978
--- /dev/null
+++ b/ambari-server/src/main/python/ambari_server/setupHttps.py
@@ -0,0 +1,504 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+
+import os
+import random
+import re
+import shutil
+import socket
+import string
+import datetime
+import tempfile
+import urllib2
+from ambari_commons.exceptions import FatalException, NonFatalException
+from ambari_commons.logging_utils import get_silent, print_warning_msg, print_error_msg
+from ambari_commons.os_utils import is_root, run_os_command, copy_file, set_file_permissions, remove_file
+from ambari_server.serverConfiguration import get_ambari_properties, find_properties_file, read_ambari_user, \
+ SSL_TRUSTSTORE_PASSWORD_PROPERTY, get_is_secure, decrypt_password_for_alias, SSL_TRUSTSTORE_PASSWORD_ALIAS, \
+ SSL_TRUSTSTORE_PATH_PROPERTY, get_value_from_properties, SSL_TRUSTSTORE_TYPE_PROPERTY, find_jdk, configDefaults, \
+ get_encrypted_password, GET_FQDN_SERVICE_URL
+from ambari_server.setupSecurity import adjust_directory_permissions
+from ambari_server.userInput import get_YN_input, get_validated_string_input, read_password, get_prompt_default, \
+ get_validated_filepath_input
+
+#keytool commands
+KEYTOOL_IMPORT_CERT_CMD = "{0}" + os.sep + "bin" + os.sep + "keytool -import -alias '{1}' -storetype '{2}' -file '{3}' -storepass '{4}' -noprompt"
+KEYTOOL_DELETE_CERT_CMD = "{0}" + os.sep + "bin" + os.sep + "keytool -delete -alias '{1}' -storepass '{2}' -noprompt"
+KEYTOOL_KEYSTORE = " -keystore '{0}'"
+
+SSL_PASSWORD_FILE = "pass.txt"
+SSL_PASSIN_FILE = "passin.txt"
+
+# openssl command
+VALIDATE_KEYSTORE_CMD = "openssl pkcs12 -info -in '{0}' -password file:'{1}' -passout file:'{2}'"
+EXPRT_KSTR_CMD = "openssl pkcs12 -export -in '{0}' -inkey '{1}' -certfile '{0}' -out '{4}' -password file:'{2}' -passin file:'{3}'"
+CHANGE_KEY_PWD_CND = 'openssl rsa -in {0} -des3 -out {0}.secured -passout pass:{1}'
+GET_CRT_INFO_CMD = 'openssl x509 -dates -subject -in {0}'
+
+#keytool commands
+KEYTOOL_IMPORT_CERT_CMD = "{0} -import -alias '{1}' -storetype '{2}' -file '{3}' -storepass '{4}' -noprompt"
+KEYTOOL_DELETE_CERT_CMD = "{0} -delete -alias '{1}' -storepass '{2}' -noprompt"
+KEYTOOL_KEYSTORE = " -keystore '{0}'"
+
+SSL_KEY_DIR = 'security.server.keys_dir'
+SSL_API_PORT = 'client.api.ssl.port'
+SSL_API = 'api.ssl'
+SSL_SERVER_CERT_NAME = 'client.api.ssl.cert_name'
+SSL_SERVER_KEY_NAME = 'client.api.ssl.key_name'
+SSL_CERT_FILE_NAME = "https.crt"
+SSL_KEY_FILE_NAME = "https.key"
+SSL_KEYSTORE_FILE_NAME = "https.keystore.p12"
+SSL_KEY_PASSWORD_FILE_NAME = "https.pass.txt"
+SSL_KEY_PASSWORD_LENGTH = 50
+DEFAULT_SSL_API_PORT = 8443
+SSL_DATE_FORMAT = '%b %d %H:%M:%S %Y GMT'
+
+#SSL certificate metainfo
+COMMON_NAME_ATTR = 'CN'
+NOT_BEFORE_ATTR = 'notBefore'
+NOT_AFTER_ATTR = 'notAfter'
+
+SRVR_TWO_WAY_SSL_PORT_PROPERTY = "security.server.two_way_ssl.port"
+SRVR_TWO_WAY_SSL_PORT = "8441"
+
+SRVR_ONE_WAY_SSL_PORT_PROPERTY = "security.server.one_way_ssl.port"
+SRVR_ONE_WAY_SSL_PORT = "8440"
+
+GANGLIA_HTTPS = 'ganglia.https'
+
+
+def get_truststore_path(properties):
+ truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
+ if not truststore_path:
+ SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
+
+ while not truststore_path:
+ truststore_path = get_validated_string_input(
+ "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
+ SSL_TRUSTSTORE_PATH_DEFAULT,
+ ".*", False, False)
+
+ if truststore_path:
+ properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path)
+
+ return truststore_path
+
+def get_truststore_type(properties):
+ truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
+ if not truststore_type:
+ SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
+
+ truststore_type = get_validated_string_input(
+ "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
+ SSL_TRUSTSTORE_TYPE_DEFAULT,
+ "^(jks|jceks|pkcs12)?$", "Wrong type", False)
+
+ if truststore_type:
+ properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type)
+
+ return truststore_type
+
+def get_truststore_password(properties):
+ truststore_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
+ isSecure = get_is_secure(properties)
+ if truststore_password:
+ if isSecure:
+ truststore_password = decrypt_password_for_alias(properties, SSL_TRUSTSTORE_PASSWORD_ALIAS)
+ else:
+ truststore_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
+ if truststore_password:
+ encrypted_password = get_encrypted_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, truststore_password, properties)
+ properties.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, encrypted_password)
+
+ return truststore_password
+
+def get_keytool_path(jdk_path):
+ return os.path.join(jdk_path, configDefaults.keytool_bin_subpath)
+
+def get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password):
+ cmd = KEYTOOL_IMPORT_CERT_CMD.format(get_keytool_path(jdk_path), alias, truststore_type, import_cert_path, truststore_password)
+ if truststore_path:
+ cmd += KEYTOOL_KEYSTORE.format(truststore_path)
+ return cmd
+
+def get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password):
+ cmd = KEYTOOL_DELETE_CERT_CMD.format(get_keytool_path(jdk_path), alias, truststore_password)
+ if truststore_path:
+ cmd += KEYTOOL_KEYSTORE.format(truststore_path)
+ return cmd
+
+
+def import_cert_and_key(security_server_keys_dir):
+ import_cert_path = get_validated_filepath_input( \
+ "Enter path to Certificate: ", \
+ "Certificate not found")
+ import_key_path = get_validated_filepath_input( \
+ "Enter path to Private Key: ", "Private Key not found")
+ pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True)
+
+ certInfoDict = get_cert_info(import_cert_path)
+
+ if not certInfoDict:
+ print_warning_msg('Unable to get Certificate information')
+ else:
+ #Validate common name of certificate
+ if not is_valid_cert_host(certInfoDict):
+ print_warning_msg('Unable to validate Certificate hostname')
+
+ #Validate issue and expirations dates of certificate
+ if not is_valid_cert_exp(certInfoDict):
+ print_warning_msg('Unable to validate Certificate issue and expiration dates')
+
+ #jetty requires private key files with non-empty key passwords
+ retcode = 0
+ err = ''
+ if not pem_password:
+ print 'Generating random password for HTTPS keystore...done.'
+ pem_password = generate_random_string()
+ retcode, out, err = run_os_command(CHANGE_KEY_PWD_CND.format(
+ import_key_path, pem_password))
+ import_key_path += '.secured'
+
+ if retcode == 0:
+ keystoreFilePath = os.path.join(security_server_keys_dir, \
+ SSL_KEYSTORE_FILE_NAME)
+ keystoreFilePathTmp = os.path.join(tempfile.gettempdir(), \
+ SSL_KEYSTORE_FILE_NAME)
+ passFilePath = os.path.join(security_server_keys_dir, \
+ SSL_KEY_PASSWORD_FILE_NAME)
+ passFilePathTmp = os.path.join(tempfile.gettempdir(), \
+ SSL_KEY_PASSWORD_FILE_NAME)
+ passinFilePath = os.path.join(tempfile.gettempdir(), \
+ SSL_PASSIN_FILE)
+ passwordFilePath = os.path.join(tempfile.gettempdir(), \
+ SSL_PASSWORD_FILE)
+
+ with open(passFilePathTmp, 'w+') as passFile:
+ passFile.write(pem_password)
+ passFile.close
+ pass
+
+ set_file_permissions(passFilePath, "660", read_ambari_user(), False)
+
+ copy_file(passFilePathTmp, passinFilePath)
+ copy_file(passFilePathTmp, passwordFilePath)
+
+ retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path, \
+ import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp))
+ if retcode == 0:
+ print 'Importing and saving Certificate...done.'
+ import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath)
+ import_file_to_keystore(passFilePathTmp, passFilePath)
+
+ import_file_to_keystore(import_cert_path, os.path.join( \
+ security_server_keys_dir, SSL_CERT_FILE_NAME))
+ import_file_to_keystore(import_key_path, os.path.join( \
+ security_server_keys_dir, SSL_KEY_FILE_NAME))
+
+ #Validate keystore
+ retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath, \
+ passwordFilePath, passinFilePath))
+
+ remove_file(passinFilePath)
+ remove_file(passwordFilePath)
+
+ if not retcode == 0:
+ print 'Error during keystore validation occured!:'
+ print err
+ return False
+
+ return True
+ else:
+ print_error_msg('Could not import Certificate and Private Key.')
+ print 'SSL error on exporting keystore: ' + err.rstrip() + \
+ '.\nPlease ensure that provided Private Key password is correct and ' + \
+ 're-import Certificate.'
+
+ return False
+
+
+def import_file_to_keystore(source, destination):
+ shutil.copy(source, destination)
+ set_file_permissions(destination, "660", read_ambari_user(), False)
+
+
+def generate_random_string(length=SSL_KEY_PASSWORD_LENGTH):
+ chars = string.digits + string.ascii_letters
+ return ''.join(random.choice(chars) for x in range(length))
+
+
+def get_cert_info(path):
+ retcode, out, err = run_os_command(GET_CRT_INFO_CMD.format(path))
+
+ if retcode != 0:
+ print 'Error getting Certificate info'
+ print err
+ return None
+
+ if out:
+ certInfolist = out.split(os.linesep)
+ else:
+ print 'Empty Certificate info'
+ return None
+
+ notBefore = None
+ notAfter = None
+ subject = None
+
+ for item in range(len(certInfolist)):
+ if certInfolist[item].startswith('notAfter='):
+ notAfter = certInfolist[item].split('=')[1]
+
+ if certInfolist[item].startswith('notBefore='):
+ notBefore = certInfolist[item].split('=')[1]
+
+ if certInfolist[item].startswith('subject='):
+ subject = certInfolist[item].split('=', 1)[1]
+
+ #Convert subj to dict
+ pattern = re.compile(r"[A-Z]{1,2}=[\w.-]{1,}")
+ if subject:
+ subjList = pattern.findall(subject)
+ keys = [item.split('=')[0] for item in subjList]
+ values = [item.split('=')[1] for item in subjList]
+ subjDict = dict(zip(keys, values))
+
+ result = subjDict
+ result['notBefore'] = notBefore
+ result['notAfter'] = notAfter
+ result['subject'] = subject
+
+ return result
+ else:
+ return {}
+
+
+def is_valid_cert_exp(certInfoDict):
+ if certInfoDict.has_key(NOT_BEFORE_ATTR):
+ notBefore = certInfoDict[NOT_BEFORE_ATTR]
+ else:
+ print_warning_msg('There is no Not Before value in Certificate')
+ return False
+
+ if certInfoDict.has_key(NOT_AFTER_ATTR):
+ notAfter = certInfoDict['notAfter']
+ else:
+ print_warning_msg('There is no Not After value in Certificate')
+ return False
+
+ notBeforeDate = datetime.datetime.strptime(notBefore, SSL_DATE_FORMAT)
+ notAfterDate = datetime.datetime.strptime(notAfter, SSL_DATE_FORMAT)
+
+ currentDate = datetime.datetime.now()
+
+ if currentDate > notAfterDate:
+ print_warning_msg('Certificate expired on: ' + str(notAfterDate))
+ return False
+
+ if currentDate < notBeforeDate:
+ print_warning_msg('Certificate will be active from: ' + str(notBeforeDate))
+ return False
+
+ return True
+
+
+def is_valid_cert_host(certInfoDict):
+ if certInfoDict.has_key(COMMON_NAME_ATTR):
+ commonName = certInfoDict[COMMON_NAME_ATTR]
+ else:
+ print_warning_msg('There is no Common Name in Certificate')
+ return False
+
+ fqdn = get_fqdn()
+
+ if not fqdn:
+ print_warning_msg('Failed to get server FQDN')
+ return False
+
+ if commonName != fqdn:
+ print_warning_msg('Common Name in Certificate: ' + commonName + ' does not match the server FQDN: ' + fqdn)
+ return False
+
+ return True
+
+
+def get_fqdn(timeout=2):
+ properties = get_ambari_properties()
+ if properties == -1:
+ print "Error reading ambari properties"
+ return None
+
+ get_fqdn_service_url = properties[GET_FQDN_SERVICE_URL]
+ try:
+ handle = urllib2.urlopen(get_fqdn_service_url, '', timeout)
+ str = handle.read()
+ handle.close()
+ return str
+ except Exception:
+ return socket.getfqdn().lower()
+
+
+def is_valid_https_port(port):
+ properties = get_ambari_properties()
+ if properties == -1:
+ print "Error getting ambari properties"
+ return False
+
+ one_way_port = properties[SRVR_ONE_WAY_SSL_PORT_PROPERTY]
+ if not one_way_port:
+ one_way_port = SRVR_ONE_WAY_SSL_PORT
+
+ two_way_port = properties[SRVR_TWO_WAY_SSL_PORT_PROPERTY]
+ if not two_way_port:
+ two_way_port = SRVR_TWO_WAY_SSL_PORT
+
+ if port.strip() == one_way_port.strip():
+ print "Port for https can't match the port for one way authentication port(" + one_way_port + ")"
+ return False
+
+ if port.strip() == two_way_port.strip():
+ print "Port for https can't match the port for two way authentication port(" + two_way_port + ")"
+ return False
+
+ return True
+
+
+def import_cert_and_key_action(security_server_keys_dir, properties):
+ if import_cert_and_key(security_server_keys_dir):
+ properties.process_pair(SSL_SERVER_CERT_NAME, SSL_CERT_FILE_NAME)
+ properties.process_pair(SSL_SERVER_KEY_NAME, SSL_KEY_FILE_NAME)
+ properties.process_pair(SSL_API, "true")
+ return True
+ else:
+ return False
+
+def run_component_https_cmd(cmd):
+ retcode, out, err = run_os_command(cmd)
+
+ if not retcode == 0:
+ err = 'Error occured during truststore setup ! :' + out + " : " + err
+ raise FatalException(1, err)
+
+
+def setup_https(args):
+ if not is_root():
+ err = 'ambari-server setup-https should be run with ' \
+ 'root-level privileges'
+ raise FatalException(4, err)
+ args.exit_message = None
+ if not get_silent():
+ properties = get_ambari_properties()
+ try:
+ security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
+ client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("") \
+ else properties.get_property(SSL_API_PORT)
+ api_ssl = properties.get_property(SSL_API) in ['true']
+ cert_was_imported = False
+ cert_must_import = True
+ if api_ssl:
+ if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
+ properties.process_pair(SSL_API, "false")
+ cert_must_import=False
+ else:
+ properties.process_pair(SSL_API_PORT, \
+ get_validated_string_input( \
+ "SSL port ["+str(client_api_ssl_port)+"] ? ", \
+ str(client_api_ssl_port), \
+ "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
+ cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
+ else:
+ if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
+ properties.process_pair(SSL_API_PORT, \
+ get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ", \
+ str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
+ cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
+ else:
+ return False
+
+ if cert_must_import and not cert_was_imported:
+ print 'Setup of HTTPS failed. Exiting.'
+ return False
+
+ conf_file = find_properties_file()
+ f = open(conf_file, 'w')
+ properties.store(f, "Changed by 'ambari-server setup-https' command")
+
+ ambari_user = read_ambari_user()
+ if ambari_user:
+ adjust_directory_permissions(ambari_user)
+ return True
+ except (KeyError), e:
+ err = 'Property ' + str(e) + ' is not defined'
+ raise FatalException(1, err)
+ else:
+ warning = "setup-https is not enabled in silent mode."
+ raise NonFatalException(warning)
+
+
+def setup_component_https(component, command, property, alias):
+ if not get_silent():
+ jdk_path = find_jdk()
+ if jdk_path is None:
+ err = "No JDK found, please run the \"ambari-server setup\" " \
+ "command to install a JDK automatically or install any " \
+ "JDK manually to " + configDefaults.JDK_INSTALL_DIR
+ raise FatalException(1, err)
+
+ properties = get_ambari_properties()
+
+ use_https = properties.get_property(property) in ['true']
+
+ if use_https:
+ if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
+ truststore_path = get_truststore_path(properties)
+ truststore_password = get_truststore_password(properties)
+
+ run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
+
+ properties.process_pair(property, "false")
+ else:
+ return
+ else:
+ if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True):
+ truststore_type = get_truststore_type(properties)
+ truststore_path = get_truststore_path(properties)
+ truststore_password = get_truststore_password(properties)
+
+ run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
+
+ import_cert_path = get_validated_filepath_input( \
+ "Enter path to " + component + " Certificate: ", \
+ "Certificate not found")
+
+ run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
+
+ properties.process_pair(property, "true")
+ else:
+ return
+
+ conf_file = find_properties_file()
+ f = open(conf_file, 'w')
+ properties.store(f, "Changed by 'ambari-server " + command + "' command")
+ else:
+ print command + " is not enabled in silent mode."
+
+def setup_ganglia_https():
+ setup_component_https("Ganglia", "setup-ganglia-https", GANGLIA_HTTPS,
+ "ganglia_cert")
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index 769b5f7..8dcab56 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -17,86 +17,37 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
'''
-import datetime
+import base64
import fileinput
+import json
import os
-import random
import re
import shutil
-import socket
-import string
-import tempfile
import urllib2
import time
+import sys
+
+from ambari_commons.exceptions import FatalException, NonFatalException
+from ambari_commons.logging_utils import print_warning_msg, print_error_msg, print_info_msg, get_verbose
+from ambari_commons.os_check import OSConst
+from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
+from ambari_commons.os_utils import is_root, set_file_permissions, \
+ run_os_command, search_file, is_valid_filepath
+from ambari_server.serverConfiguration import configDefaults, \
+ encrypt_password, find_jdk, find_properties_file, get_alias_string, get_ambari_properties, get_conf_dir, \
+ get_credential_store_location, get_full_ambari_classpath, get_is_persisted, get_is_secure, get_master_key_location, \
+ get_original_master_key, get_value_from_properties, get_java_exe_path, is_alias_string, read_ambari_user, \
+ read_passwd_for_alias, remove_password_file, save_passwd_for_alias, store_password_file, update_properties_2, \
+ BLIND_PASSWORD, BOOTSTRAP_DIR_PROPERTY, IS_LDAP_CONFIGURED, JDBC_PASSWORD_FILENAME, JDBC_PASSWORD_PROPERTY, \
+ JDBC_RCA_PASSWORD_ALIAS, JDBC_RCA_PASSWORD_FILE_PROPERTY, JDBC_USE_INTEGRATED_AUTH_PROPERTY, \
+ LDAP_MGR_PASSWORD_ALIAS, LDAP_MGR_PASSWORD_FILENAME, LDAP_MGR_PASSWORD_PROPERTY, LDAP_MGR_USERNAME_PROPERTY, \
+ LDAP_PRIMARY_URL_PROPERTY, SECURITY_IS_ENCRYPTION_ENABLED, SECURITY_KEY_ENV_VAR_NAME, SECURITY_KERBEROS_JASS_FILENAME, \
+ SECURITY_PROVIDER_KEY_CMD, SECURITY_MASTER_KEY_FILENAME, SSL_TRUSTSTORE_PASSWORD_ALIAS, \
+ SSL_TRUSTSTORE_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY
+from ambari_server.serverUtils import is_server_runing
+from ambari_server.setupActions import SETUP_ACTION, LDAP_SETUP_ACTION
+from ambari_server.userInput import get_validated_string_input, get_prompt_default, read_password, get_YN_input
-from ambari_commons.exceptions import NonFatalException, FatalException
-from ambari_commons.logging_utils import get_silent, print_warning_msg, print_error_msg, print_info_msg
-from ambari_commons.os_check import OSCheck
-from ambari_commons.os_utils import copy_file, is_root, is_valid_filepath, remove_file, set_file_permissions, \
- run_os_command, search_file
-from ambari_server.serverConfiguration import configDefaults, get_ambari_properties, read_ambari_user, \
- get_value_from_properties, find_jdk, get_conf_dir, is_alias_string, find_properties_file, \
- update_properties_2, \
- JDBC_USE_INTEGRATED_AUTH_PROPERTY, JDBC_PASSWORD_PROPERTY, JDBC_PASSWORD_FILENAME, \
- JDBC_RCA_PASSWORD_FILE_PROPERTY, JDBC_RCA_PASSWORD_ALIAS, \
- BOOTSTRAP_DIR_PROPERTY, GET_FQDN_SERVICE_URL, BLIND_PASSWORD, get_full_ambari_classpath, LDAP_MGR_PASSWORD_ALIAS, \
- LDAP_MGR_PASSWORD_PROPERTY, LDAP_MGR_USERNAME_PROPERTY, decrypt_password_for_alias, read_passwd_for_alias, \
- get_is_secure, get_master_key_location, get_credential_store_location, get_is_persisted, get_original_master_key, \
- get_java_exe_path, SECURITY_PROVIDER_KEY_CMD, SECURITY_PROVIDER_PUT_CMD, SECURITY_IS_ENCRYPTION_ENABLED, \
- SECURITY_KERBEROS_JASS_FILENAME, SECURITY_KEY_ENV_VAR_NAME, SECURITY_MASTER_KEY_FILENAME, \
- SSL_TRUSTSTORE_PASSWORD_ALIAS, SSL_TRUSTSTORE_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY
-from setupActions import SETUP_ACTION, LDAP_SETUP_ACTION
-from ambari_server.userInput import get_YN_input, get_validated_string_input, get_validated_filepath_input, \
- get_prompt_default
-
-
-SSL_PASSWORD_FILE = "pass.txt"
-SSL_PASSIN_FILE = "passin.txt"
-
-# openssl command
-VALIDATE_KEYSTORE_CMD = "openssl pkcs12 -info -in '{0}' -password file:'{1}' -passout file:'{2}'"
-EXPRT_KSTR_CMD = "openssl pkcs12 -export -in '{0}' -inkey '{1}' -certfile '{0}' -out '{4}' -password file:'{2}' -passin file:'{3}'"
-CHANGE_KEY_PWD_CND = 'openssl rsa -in {0} -des3 -out {0}.secured -passout pass:{1}'
-GET_CRT_INFO_CMD = 'openssl x509 -dates -subject -in {0}'
-
-#keytool commands
-keytool_bin = "keytool"
-if OSCheck.is_windows_family():
- keytool_bin = "keytool.exe"
-
-KEYTOOL_IMPORT_CERT_CMD = "{0}" + os.sep + "bin" + os.sep + keytool_bin + " -import -alias '{1}' -storetype '{2}' -file '{3}' -storepass '{4}' -noprompt"
-KEYTOOL_DELETE_CERT_CMD = "{0}" + os.sep + "bin" + os.sep + keytool_bin + " -delete -alias '{1}' -storepass '{2}' -noprompt"
-KEYTOOL_KEYSTORE = " -keystore '{0}'"
-
-SSL_KEY_DIR = 'security.server.keys_dir'
-SSL_API_PORT = 'client.api.ssl.port'
-SSL_API = 'api.ssl'
-SSL_SERVER_CERT_NAME = 'client.api.ssl.cert_name'
-SSL_SERVER_KEY_NAME = 'client.api.ssl.key_name'
-SSL_CERT_FILE_NAME = "https.crt"
-SSL_KEY_FILE_NAME = "https.key"
-SSL_KEYSTORE_FILE_NAME = "https.keystore.p12"
-SSL_KEY_PASSWORD_FILE_NAME = "https.pass.txt"
-SSL_KEY_PASSWORD_LENGTH = 50
-DEFAULT_SSL_API_PORT = 8443
-SSL_DATE_FORMAT = '%b %d %H:%M:%S %Y GMT'
-
-#SSL certificate metainfo
-COMMON_NAME_ATTR = 'CN'
-NOT_BEFORE_ATTR = 'notBefore'
-NOT_AFTER_ATTR = 'notAfter'
-
-SRVR_TWO_WAY_SSL_PORT_PROPERTY = "security.server.two_way_ssl.port"
-SRVR_TWO_WAY_SSL_PORT = "8441"
-
-SRVR_ONE_WAY_SSL_PORT_PROPERTY = "security.server.one_way_ssl.port"
-SRVR_ONE_WAY_SSL_PORT = "8440"
-
-GANGLIA_HTTPS = 'ganglia.https'
-NAGIOS_HTTPS = 'nagios.https'
-
-DEFAULT_PASSWORD = "bigdata"
-PASSWORD_PATTERN = "^[a-zA-Z0-9_-]*$"
REGEX_IP_ADDRESS = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
REGEX_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
@@ -106,380 +57,12 @@ REGEX_ANYTHING = ".*"
CLIENT_SECURITY_KEY = "client.security"
+# api properties
+SERVER_API_HOST = '127.0.0.1'
+SERVER_API_PROTOCOL = 'http'
+SERVER_API_PORT = '8080'
+SERVER_API_LDAP_URL = '/api/v1/ldap_sync_events'
-def is_valid_https_port(port):
- properties = get_ambari_properties()
- if properties == -1:
- print "Error getting ambari properties"
- return False
-
- one_way_port = properties[SRVR_ONE_WAY_SSL_PORT_PROPERTY]
- if not one_way_port:
- one_way_port = SRVR_ONE_WAY_SSL_PORT
-
- two_way_port = properties[SRVR_TWO_WAY_SSL_PORT_PROPERTY]
- if not two_way_port:
- two_way_port = SRVR_TWO_WAY_SSL_PORT
-
- if port.strip() == one_way_port.strip():
- print "Port for https can't match the port for one way authentication port(" + one_way_port + ")"
- return False
-
- if port.strip() == two_way_port.strip():
- print "Port for https can't match the port for two way authentication port(" + two_way_port + ")"
- return False
-
- return True
-
-def run_component_https_cmd(cmd):
- retcode, out, err = run_os_command(cmd)
-
- if not retcode == 0:
- err = 'Error occured during truststore setup ! :' + out + " : " + err
- raise FatalException(1, err)
-
-def get_cert_info(path):
- retcode, out, err = run_os_command(GET_CRT_INFO_CMD.format(path))
-
- if retcode != 0:
- print 'Error getting Certificate info'
- print err
- return None
-
- if out:
- certInfolist = out.split(os.linesep)
- else:
- print 'Empty Certificate info'
- return None
-
- notBefore = None
- notAfter = None
- subject = None
-
- for item in range(len(certInfolist)):
-
- if certInfolist[item].startswith('notAfter='):
- notAfter = certInfolist[item].split('=')[1]
-
- if certInfolist[item].startswith('notBefore='):
- notBefore = certInfolist[item].split('=')[1]
-
- if certInfolist[item].startswith('subject='):
- subject = certInfolist[item].split('=', 1)[1]
-
- #Convert subj to dict
- pattern = re.compile(r"[A-Z]{1,2}=[\w.-]{1,}")
- if subject:
- subjList = pattern.findall(subject)
- keys = [item.split('=')[0] for item in subjList]
- values = [item.split('=')[1] for item in subjList]
- subjDict = dict(zip(keys, values))
-
- result = subjDict
- result['notBefore'] = notBefore
- result['notAfter'] = notAfter
- result['subject'] = subject
-
- return result
- else:
- return {}
-
-def is_valid_cert_exp(certInfoDict):
- if certInfoDict.has_key(NOT_BEFORE_ATTR):
- notBefore = certInfoDict[NOT_BEFORE_ATTR]
- else:
- print_warning_msg('There is no Not Before value in Certificate')
- return False
-
- if certInfoDict.has_key(NOT_AFTER_ATTR):
- notAfter = certInfoDict['notAfter']
- else:
- print_warning_msg('There is no Not After value in Certificate')
- return False
-
- notBeforeDate = datetime.datetime.strptime(notBefore, SSL_DATE_FORMAT)
- notAfterDate = datetime.datetime.strptime(notAfter, SSL_DATE_FORMAT)
-
- currentDate = datetime.datetime.now()
-
- if currentDate > notAfterDate:
- print_warning_msg('Certificate expired on: ' + str(notAfterDate))
- return False
-
- if currentDate < notBeforeDate:
- print_warning_msg('Certificate will be active from: ' + str(notBeforeDate))
- return False
-
- return True
-
-def is_valid_cert_host(certInfoDict):
- if certInfoDict.has_key(COMMON_NAME_ATTR):
- commonName = certInfoDict[COMMON_NAME_ATTR]
- else:
- print_warning_msg('There is no Common Name in Certificate')
- return False
-
- fqdn = get_fqdn()
-
- if not fqdn:
- print_warning_msg('Failed to get server FQDN')
- return False
-
- if commonName != fqdn:
- print_warning_msg('Common Name in Certificate: ' + commonName + ' does not match the server FQDN: ' + fqdn)
- return False
-
- return True
-
-def generate_random_string(length=SSL_KEY_PASSWORD_LENGTH):
- chars = string.digits + string.ascii_letters
- return ''.join(random.choice(chars) for x in range(length))
-
-def import_cert_and_key(security_server_keys_dir):
- import_cert_path = get_validated_filepath_input(\
- "Enter path to Certificate: ",\
- "Certificate not found")
- import_key_path = get_validated_filepath_input(\
- "Enter path to Private Key: ", "Private Key not found")
- pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True)
-
- certInfoDict = get_cert_info(import_cert_path)
-
- if not certInfoDict:
- print_warning_msg('Unable to get Certificate information')
- else:
- #Validate common name of certificate
- if not is_valid_cert_host(certInfoDict):
- print_warning_msg('Unable to validate Certificate hostname')
-
- #Validate issue and expirations dates of certificate
- if not is_valid_cert_exp(certInfoDict):
- print_warning_msg('Unable to validate Certificate issue and expiration dates')
-
- #jetty requires private key files with non-empty key passwords
- retcode = 0
- err = ''
- if not pem_password:
- print 'Generating random password for HTTPS keystore...done.'
- pem_password = generate_random_string()
- retcode, out, err = run_os_command(CHANGE_KEY_PWD_CND.format(
- import_key_path, pem_password))
- import_key_path += '.secured'
-
- if retcode == 0:
- keystoreFilePath = os.path.join(security_server_keys_dir,\
- SSL_KEYSTORE_FILE_NAME)
- keystoreFilePathTmp = os.path.join(tempfile.gettempdir(),\
- SSL_KEYSTORE_FILE_NAME)
- passFilePath = os.path.join(security_server_keys_dir,\
- SSL_KEY_PASSWORD_FILE_NAME)
- passFilePathTmp = os.path.join(tempfile.gettempdir(),\
- SSL_KEY_PASSWORD_FILE_NAME)
- passinFilePath = os.path.join(tempfile.gettempdir(),\
- SSL_PASSIN_FILE)
- passwordFilePath = os.path.join(tempfile.gettempdir(),\
- SSL_PASSWORD_FILE)
-
- with open(passFilePathTmp, 'w+') as passFile:
- passFile.write(pem_password)
- passFile.close
- pass
-
- set_file_permissions(passFilePath, "660", read_ambari_user(), False)
-
- copy_file(passFilePathTmp, passinFilePath)
- copy_file(passFilePathTmp, passwordFilePath)
-
- retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path,\
- import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp))
- if retcode == 0:
- print 'Importing and saving Certificate...done.'
- import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath)
- import_file_to_keystore(passFilePathTmp, passFilePath)
-
- import_file_to_keystore(import_cert_path, os.path.join(\
- security_server_keys_dir, SSL_CERT_FILE_NAME))
- import_file_to_keystore(import_key_path, os.path.join(\
- security_server_keys_dir, SSL_KEY_FILE_NAME))
-
- #Validate keystore
- retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath,\
- passwordFilePath, passinFilePath))
-
- remove_file(passinFilePath)
- remove_file(passwordFilePath)
-
- if not retcode == 0:
- print 'Error during keystore validation occured!:'
- print err
- return False
-
- return True
- else:
- print_error_msg('Could not import Certificate and Private Key.')
- print 'SSL error on exporting keystore: ' + err.rstrip() + \
- '.\nPlease ensure that provided Private Key password is correct and ' +\
- 're-import Certificate.'
-
- return False
-
-def import_cert_and_key_action(security_server_keys_dir, properties):
- if import_cert_and_key(security_server_keys_dir):
- properties.process_pair(SSL_SERVER_CERT_NAME, SSL_CERT_FILE_NAME)
- properties.process_pair(SSL_SERVER_KEY_NAME, SSL_KEY_FILE_NAME)
- properties.process_pair(SSL_API, "true")
- return True
- else:
- return False
-
-def get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password):
- cmd = KEYTOOL_DELETE_CERT_CMD.format(jdk_path, alias, truststore_password)
- if truststore_path:
- cmd += KEYTOOL_KEYSTORE.format(truststore_path)
- return cmd
-
-def get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password):
- cmd = KEYTOOL_IMPORT_CERT_CMD.format(jdk_path, alias, truststore_type, import_cert_path, truststore_password)
- if truststore_path:
- cmd += KEYTOOL_KEYSTORE.format(truststore_path)
- return cmd
-
-def import_file_to_keystore(source, destination):
- shutil.copy(source, destination)
- set_file_permissions(destination, "660", read_ambari_user(), False)
-
-def get_truststore_type(properties):
-
- truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
- if not truststore_type:
- SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
-
- truststore_type = get_validated_string_input(
- "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
- SSL_TRUSTSTORE_TYPE_DEFAULT,
- "^(jks|jceks|pkcs12)?$", "Wrong type", False)
-
- if truststore_type:
- properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type)
-
- return truststore_type
-
-def get_truststore_path(properties):
-
- truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
- if not truststore_path:
- SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
-
- while not truststore_path:
- truststore_path = get_validated_string_input(
- "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
- SSL_TRUSTSTORE_PATH_DEFAULT,
- ".*", False, False)
-
- if truststore_path:
- properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path)
-
- return truststore_path
-
-def get_truststore_password(properties):
- truststore_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- isSecure = get_is_secure(properties)
- if truststore_password:
- if isSecure:
- truststore_password = decrypt_password_for_alias(properties, SSL_TRUSTSTORE_PASSWORD_ALIAS)
- else:
- truststore_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
- if truststore_password:
- encrypted_password = get_encrypted_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, truststore_password, properties)
- properties.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, encrypted_password)
-
- return truststore_password
-
-def get_pass_file_path(conf_file, filename):
- return os.path.join(os.path.dirname(conf_file), filename)
-
-def read_password(passwordDefault=DEFAULT_PASSWORD,
- passwordPattern=PASSWORD_PATTERN,
- passwordPrompt=None,
- passwordDescr=None):
-
- input = True
- while(input):
- # setup password
- if passwordPrompt is None:
- passwordPrompt = 'Password (' + passwordDefault + '): '
-
- if passwordDescr is None:
- passwordDescr = "Invalid characters in password. Use only alphanumeric or " \
- "_ or - characters"
-
- password = get_validated_string_input(passwordPrompt, passwordDefault,
- passwordPattern, passwordDescr, True)
- if not password:
- print 'Password cannot be blank.'
- continue
-
- if password != passwordDefault:
- password1 = get_validated_string_input("Re-enter password: ",
- passwordDefault, passwordPattern, passwordDescr, True)
- if password != password1:
- print "Passwords do not match"
- continue
-
- input = False
-
- return password
-
-def encrypt_password(alias, password):
- properties = get_ambari_properties()
- if properties == -1:
- raise FatalException(1, None)
- return get_encrypted_password(alias, password, properties)
-
-def get_encrypted_password(alias, password, properties):
- isSecure = get_is_secure(properties)
- (isPersisted, masterKeyFile) = get_is_persisted(properties)
- if isSecure:
- masterKey = None
- if not masterKeyFile:
- # Encryption enabled but no master key file found
- masterKey = get_original_master_key(properties)
-
- retCode = save_passwd_for_alias(alias, password, masterKey)
- if retCode != 0:
- print 'Failed to save secure password!'
- return password
- else:
- return get_alias_string(alias)
-
- return password
-
-def get_alias_string(alias):
- return "${alias=" + alias + "}"
-
-def get_alias_from_alias_string(aliasStr):
- return aliasStr[8:-1]
-
-def save_passwd_for_alias(alias, passwd, masterKey=""):
- if alias and passwd:
- jdk_path = find_jdk()
- if jdk_path is None:
- print_error_msg("No JDK found, please run the \"setup\" "
- "command to install a JDK automatically or install any "
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR)
- return 1
-
- if masterKey is None or masterKey == "":
- masterKey = "None"
-
- command = SECURITY_PROVIDER_PUT_CMD.format(get_java_exe_path(),
- get_full_ambari_classpath(), alias, passwd, masterKey)
- (retcode, stdout, stderr) = run_os_command(command)
- print_info_msg("Return code from credential provider save passwd: " +
- str(retcode))
- return retcode
- else:
- print_error_msg("Alias or password is unreadable.")
def read_master_key(isReset=False):
passwordPattern = ".*"
@@ -526,32 +109,6 @@ def save_master_key(master_key, key_location, persist=True):
else:
print_error_msg("Master key cannot be None.")
-def store_password_file(password, filename):
- conf_file = find_properties_file()
- passFilePath = get_pass_file_path(conf_file, filename)
-
- with open(passFilePath, 'w+') as passFile:
- passFile.write(password)
- print_info_msg("Adjusting filesystem permissions")
- ambari_user = read_ambari_user()
- set_file_permissions(passFilePath, "660", ambari_user, False)
-
- #Windows paths need double backslashes, otherwise the Ambari server deserializer will think the single \ are escape markers
- return passFilePath.replace('\\', '\\\\')
-
-def remove_password_file(filename):
- conf_file = find_properties_file()
- passFilePath = os.path.join(os.path.dirname(conf_file),
- filename)
-
- if os.path.exists(passFilePath):
- try:
- os.remove(passFilePath)
- except Exception, e:
- print_warning_msg('Unable to remove password file: ' + str(e))
- return 1
- pass
- return 0
def adjust_directory_permissions(ambari_user):
properties = get_ambari_properties()
@@ -594,21 +151,6 @@ def adjust_directory_permissions(ambari_user):
recursive = pack[3]
set_file_permissions(file, mod, user, recursive)
-def get_fqdn():
- properties = get_ambari_properties()
- if properties == -1:
- print "Error reading ambari properties"
- return None
-
- get_fqdn_service_url = properties[GET_FQDN_SERVICE_URL]
- try:
- handle = urllib2.urlopen(get_fqdn_service_url, '', 2)
- str = handle.read()
- handle.close()
- return str
- except Exception:
- return socket.getfqdn()
-
def configure_ldap_password():
passwordDefault = ""
passwordPrompt = 'Enter Manager Password* : '
@@ -620,117 +162,176 @@ def configure_ldap_password():
return password
-def setup_https(args):
- if not is_root():
- err = 'ambari-server setup-https should be run with ' \
- 'root-level privileges'
- raise FatalException(4, err)
- args.exit_message = None
- if not get_silent():
- properties = get_ambari_properties()
- try:
- security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
- client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("")\
- else properties.get_property(SSL_API_PORT)
- api_ssl = properties.get_property(SSL_API) in ['true']
- cert_was_imported = False
- cert_must_import = True
- if api_ssl:
- if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
- properties.process_pair(SSL_API, "false")
- cert_must_import=False
- else:
- properties.process_pair(SSL_API_PORT, \
- get_validated_string_input(\
- "SSL port ["+str(client_api_ssl_port)+"] ? ",\
- str(client_api_ssl_port),\
- "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
- cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
- else:
- if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
- properties.process_pair(SSL_API_PORT,\
- get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ",\
- str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
- cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
- else:
- return False
-
- if cert_must_import and not cert_was_imported:
- print 'Setup of HTTPS failed. Exiting.'
- return False
-
- conf_file = find_properties_file()
- f = open(conf_file, 'w')
- properties.store(f, "Changed by 'ambari-server setup-https' command")
-
- ambari_user = read_ambari_user()
- if ambari_user:
- adjust_directory_permissions(ambari_user)
- return True
- except (KeyError), e:
- err = 'Property ' + str(e) + ' is not defined'
+#
+# Get the principal names from the given CSV file and set them on the given LDAP event specs.
+#
+def get_ldap_event_spec_names(file, specs, new_specs):
+
+ try:
+ if os.path.exists(file):
+ new_spec = new_specs[0]
+ with open(file, 'r') as names_file:
+ names = names_file.read()
+ new_spec['names'] = names.replace('\n', '').replace('\t', '')
+ names_file.close()
+ specs += new_specs
+ else:
+ err = 'Sync event creation failed. File ' + file + ' not found.'
raise FatalException(1, err)
- else:
- warning = "setup-https is not enabled in silent mode."
- raise NonFatalException(warning)
+ except Exception as exception:
+ err = 'Caught exception reading file ' + file + ' : ' + str(exception)
+ raise FatalException(1, err)
-def setup_component_https(component, command, property, alias):
- if not get_silent():
- jdk_path = find_jdk()
- if jdk_path is None:
- err = "No JDK found, please run the \"ambari-server setup\" " \
- "command to install a JDK automatically or install any " \
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR
- raise FatalException(1, err)
+class LdapSyncOptions:
+ def __init__(self, options):
+ try:
+ self.ldap_sync_all = options.ldap_sync_all
+ except AttributeError:
+ self.ldap_sync_all = False
- properties = get_ambari_properties()
+ try:
+ self.ldap_sync_existing = options.ldap_sync_existing
+ except AttributeError:
+ self.ldap_sync_existing = False
- use_https = properties.get_property(property) in ['true']
+ try:
+ self.ldap_sync_users = options.ldap_sync_users
+ except AttributeError:
+ self.ldap_sync_users = None
- if use_https:
- if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
+ try:
+ self.ldap_sync_groups = options.ldap_sync_groups
+ except AttributeError:
+ self.ldap_sync_groups = None
- truststore_path = get_truststore_path(properties)
- truststore_password = get_truststore_password(properties)
+ def no_ldap_sync_options_set(self):
+ return not self.ldap_sync_all and not self.ldap_sync_existing and self.ldap_sync_users is None and self.ldap_sync_groups is None
- run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
- properties.process_pair(property, "false")
+#
+# Sync users and groups with configured LDAP
+#
+def sync_ldap(options):
+ if not is_root():
+ err = 'Ambari-server sync-ldap should be run with ' \
+ 'root-level privileges'
+ raise FatalException(4, err)
- else:
- return
- else:
- if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True):
+ server_status, pid = is_server_runing()
+ if not server_status:
+ err = 'Ambari Server is not running.'
+ raise FatalException(1, err)
- truststore_type = get_truststore_type(properties)
- truststore_path = get_truststore_path(properties)
- truststore_password = get_truststore_password(properties)
+ ldap_configured = get_ambari_properties().get_property(IS_LDAP_CONFIGURED)
+ if ldap_configured != 'true':
+ err = "LDAP is not configured. Run 'ambari-server setup-ldap' first."
+ raise FatalException(1, err)
- run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
+ # set ldap sync options
+ ldap_sync_options = LdapSyncOptions(options)
- import_cert_path = get_validated_filepath_input(\
- "Enter path to " + component + " Certificate: ",\
- "Certificate not found")
+ if ldap_sync_options.no_ldap_sync_options_set():
+ err = 'Must specify a sync option. Please see help for more information.'
+ raise FatalException(1, err)
- run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
+ admin_login = get_validated_string_input(prompt="Enter Ambari Admin login: ", default=None,
+ pattern=None, description=None,
+ is_pass=False, allowEmpty=False)
+ admin_password = get_validated_string_input(prompt="Enter Ambari Admin password: ", default=None,
+ pattern=None, description=None,
+ is_pass=True, allowEmpty=False)
+
+ url = '{0}://{1}:{2!s}{3}'.format(SERVER_API_PROTOCOL, SERVER_API_HOST, SERVER_API_PORT, SERVER_API_LDAP_URL)
+ admin_auth = base64.encodestring('%s:%s' % (admin_login, admin_password)).replace('\n', '')
+ request = urllib2.Request(url)
+ request.add_header('Authorization', 'Basic %s' % admin_auth)
+ request.add_header('X-Requested-By', 'ambari')
+
+ if ldap_sync_options.ldap_sync_all:
+ sys.stdout.write('Syncing all.')
+ bodies = [{"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]
+ elif ldap_sync_options.ldap_sync_existing:
+ sys.stdout.write('Syncing existing.')
+ bodies = [{"Event":{"specs":[{"principal_type":"users","sync_type":"existing"},{"principal_type":"groups","sync_type":"existing"}]}}]
+ else:
+ sys.stdout.write('Syncing specified users and groups.')
+ bodies = [{"Event":{"specs":[]}}]
+ body = bodies[0]
+ events = body['Event']
+ specs = events['specs']
- properties.process_pair(property, "true")
+ if ldap_sync_options.ldap_sync_users is not None:
+ new_specs = [{"principal_type":"users","sync_type":"specific","names":""}]
+ if ldap_sync_options.ldap_sync_groups is not None:
+ new_specs = [{"principal_type":"groups","sync_type":"specific","names":""}]
+ get_ldap_event_spec_names(ldap_sync_options.ldap_sync_groups, specs, new_specs)
- else:
- return
+ if get_verbose():
+ sys.stdout.write('\nCalling API ' + SERVER_API_LDAP_URL + ' : ' + str(bodies) + '\n')
- conf_file = find_properties_file()
- f = open(conf_file, 'w')
- properties.store(f, "Changed by 'ambari-server " + command + "' command")
+ request.add_data(json.dumps(bodies))
+ request.get_method = lambda: 'POST'
- else:
- print command + " is not enabled in silent mode."
+ try:
+ response = urllib2.urlopen(request)
+ except Exception as e:
+ err = 'Sync event creation failed. Error details: %s' % e
+ raise FatalException(1, err)
+
+ response_status_code = response.getcode()
+ if response_status_code != 201:
+ err = 'Error during syncing. Http status code - ' + str(response_status_code)
+ raise FatalException(1, err)
+ response_body = json.loads(response.read())
+
+ url = response_body['resources'][0]['href']
+ request = urllib2.Request(url)
+ request.add_header('Authorization', 'Basic %s' % admin_auth)
+ request.add_header('X-Requested-By', 'ambari')
+ body = [{"LDAP":{"synced_groups":"*","synced_users":"*"}}]
+ request.add_data(json.dumps(body))
+ request.get_method = lambda: 'GET'
+ request_in_progress = True
+
+ while request_in_progress:
+ sys.stdout.write('.')
+ sys.stdout.flush()
+
+ try:
+ response = urllib2.urlopen(request)
+ except Exception as e:
+ request_in_progress = False
+ err = 'Sync event check failed. Error details: %s' % e
+ raise FatalException(1, err)
+
+ response_status_code = response.getcode()
+ if response_status_code != 200:
+ err = 'Error during syncing. Http status code - ' + str(response_status_code)
+ raise FatalException(1, err)
+ response_body = json.loads(response.read())
+ sync_info = response_body['Event']
+
+ if sync_info['status'] == 'ERROR':
+ raise FatalException(1, str(sync_info['status_detail']))
+ elif sync_info['status'] == 'COMPLETE':
+ print '\n\nCompleted LDAP Sync.'
+ print 'Summary:'
+ for principal_type, summary in sync_info['summary'].iteritems():
+ print ' {0}:'.format(principal_type)
+ for action, amount in summary.iteritems():
+ print ' {0} = {1!s}'.format(action, amount)
+ request_in_progress = False
+ else:
+ time.sleep(1)
+
+ sys.stdout.write('\n')
+ sys.stdout.flush()
def setup_master_key():
if not is_root():
- err = 'Ambari-server setup should be run with '\
- 'root-level privileges'
+ err = 'Ambari-server setup should be run with ' \
+ 'root-level privileges'
raise FatalException(4, err)
properties = get_ambari_properties()
@@ -749,12 +350,18 @@ def setup_master_key():
isSecure = get_is_secure(properties)
(isPersisted, masterKeyFile) = get_is_persisted(properties)
- # Read clear text password from file
+ # Read clear text DB password from file
if db_sql_auth and not is_alias_string(db_password) and os.path.isfile(db_password):
with open(db_password, 'r') as passwdfile:
db_password = passwdfile.read()
ldap_password = properties.get_property(LDAP_MGR_PASSWORD_PROPERTY)
+ if ldap_password:
+ # Read clear text LDAP password from file
+ if not is_alias_string(ldap_password) and os.path.isfile(ldap_password):
+ with open(ldap_password, 'r') as passwdfile:
+ ldap_password = passwdfile.read()
+
ts_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
resetKey = False
masterKey = None
@@ -804,15 +411,15 @@ def setup_master_key():
# Read master key, if non-secure or reset is true
if resetKey or not isSecure:
masterKey = read_master_key(resetKey)
- persist = get_YN_input("Do you want to persist master key. If you choose "\
- "not to persist, you need to provide the Master "\
- "Key while starting the ambari server as an env "\
- "variable named " + SECURITY_KEY_ENV_VAR_NAME +\
+ persist = get_YN_input("Do you want to persist master key. If you choose " \
+ "not to persist, you need to provide the Master " \
+ "Key while starting the ambari server as an env " \
+ "variable named " + SECURITY_KEY_ENV_VAR_NAME + \
" or the start will prompt for the master key."
" Persist [y/n] (y)? ", True)
if persist:
save_master_key(masterKey, get_master_key_location(properties) + os.sep +
- SECURITY_MASTER_KEY_FILENAME, persist)
+ SECURITY_MASTER_KEY_FILENAME, persist)
elif not persist and masterKeyFile:
try:
os.remove(masterKeyFile)
@@ -850,6 +457,7 @@ def setup_master_key():
print 'Failed to save secure LDAP password.'
else:
propertyMap[LDAP_MGR_PASSWORD_PROPERTY] = get_alias_string(LDAP_MGR_PASSWORD_ALIAS)
+ remove_password_file(LDAP_MGR_PASSWORD_FILENAME)
pass
if ts_password and not is_alias_string(ts_password):
@@ -873,15 +481,15 @@ def setup_master_key():
def setup_ambari_krb5_jaas():
jaas_conf_file = search_file(SECURITY_KERBEROS_JASS_FILENAME, get_conf_dir())
if os.path.exists(jaas_conf_file):
- print 'Setting up Ambari kerberos JAAS configuration to access ' +\
+ print 'Setting up Ambari kerberos JAAS configuration to access ' + \
'secured Hadoop daemons...'
principal = get_validated_string_input('Enter ambari server\'s kerberos '
- 'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
- False)
+ 'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
+ False)
keytab = get_validated_string_input('Enter keytab path for ambari '
- 'server\'s kerberos principal: ',
- '/etc/security/keytabs/ambari.keytab', '.*', False, False,
- validatorFunction=is_valid_filepath)
+ 'server\'s kerberos principal: ',
+ '/etc/security/keytabs/ambari.keytab', '.*', False, False,
+ validatorFunction=is_valid_filepath)
for line in fileinput.FileInput(jaas_conf_file, inplace=1):
line = re.sub('keyTab=.*$', 'keyTab="' + keytab + '"', line)
@@ -892,6 +500,45 @@ def setup_ambari_krb5_jaas():
raise NonFatalException('No jaas config file found at location: ' +
jaas_conf_file)
+
+class LdapPropTemplate:
+ def __init__(self, properties, i_prop_name, i_prop_val_pattern, i_prompt_regex, i_allow_empty_prompt, i_prop_name_default=None):
+ self.prop_name = i_prop_name
+ self.ldap_prop_name = get_value_from_properties(properties, i_prop_name, i_prop_name_default)
+ self.ldap_prop_val_prompt = i_prop_val_pattern.format(get_prompt_default(self.ldap_prop_name))
+ self.prompt_regex = i_prompt_regex
+ self.allow_empty_prompt = i_allow_empty_prompt
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def init_ldap_properties_list_reqd(properties):
+ # python2.x dict is not ordered
+ ldap_properties = [
+ LdapPropTemplate(properties, "authentication.ldap.primaryUrl", "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
+ LdapPropTemplate(properties, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
+ LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
+ LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
+ LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
+ LdapPropTemplate(properties, "authentication.ldap.bindAnonymously" "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+ ]
+ return ldap_properties
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def init_ldap_properties_list_reqd(properties):
+ ldap_properties = [
+ LdapPropTemplate(properties, LDAP_PRIMARY_URL_PROPERTY, "Primary URL* {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, False),
+ LdapPropTemplate(properties, "authentication.ldap.secondaryUrl", "Secondary URL {{host:port}} {0}: ", REGEX_HOSTNAME_PORT, True),
+ LdapPropTemplate(properties, "authentication.ldap.useSSL", "Use SSL* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false"),
+ LdapPropTemplate(properties, "authentication.ldap.userObjectClass", "User object class* {0}: ", REGEX_ANYTHING, False, "posixAccount"),
+ LdapPropTemplate(properties, "authentication.ldap.usernameAttribute", "User name attribute* {0}: ", REGEX_ANYTHING, False, "uid"),
+ LdapPropTemplate(properties, "authentication.ldap.groupObjectClass", "Group object class* {0}: ", REGEX_ANYTHING, False, "posixGroup"),
+ LdapPropTemplate(properties, "authentication.ldap.groupNamingAttr", "Group name attribute* {0}: ", REGEX_ANYTHING, False, "cn"),
+ LdapPropTemplate(properties, "authentication.ldap.groupMembershipAttr", "Group member attribute* {0}: ", REGEX_ANYTHING, False, "memberUid"),
+ LdapPropTemplate(properties, "authentication.ldap.dnAttribute", "Distinguished name attribute* {0}: ", REGEX_ANYTHING, False, "dn"),
+ LdapPropTemplate(properties, "authentication.ldap.baseDn", "Base DN* {0}: ", REGEX_ANYTHING, False),
+ LdapPropTemplate(properties, "authentication.ldap.bindAnonymously", "Bind anonymously* [true/false] {0}: ", REGEX_TRUE_FALSE, False, "false")
+ ]
+ return ldap_properties
+
def setup_ldap():
if not is_root():
err = 'Ambari-server setup-ldap should be run with ' \
@@ -900,19 +547,14 @@ def setup_ldap():
properties = get_ambari_properties()
isSecure = get_is_secure(properties)
- # python2.x dict is not ordered
- ldap_property_list_reqd = ["authentication.ldap.primaryUrl",
- "authentication.ldap.secondaryUrl",
- "authentication.ldap.useSSL",
- "authentication.ldap.usernameAttribute",
- "authentication.ldap.baseDn",
- "authentication.ldap.bindAnonymously"]
+
+ ldap_property_list_reqd = init_ldap_properties_list_reqd(properties)
ldap_property_list_opt = ["authentication.ldap.managerDn",
- LDAP_MGR_PASSWORD_PROPERTY,
- SSL_TRUSTSTORE_TYPE_PROPERTY,
- SSL_TRUSTSTORE_PATH_PROPERTY,
- SSL_TRUSTSTORE_PASSWORD_PROPERTY]
+ LDAP_MGR_PASSWORD_PROPERTY,
+ SSL_TRUSTSTORE_TYPE_PROPERTY,
+ SSL_TRUSTSTORE_PATH_PROPERTY,
+ SSL_TRUSTSTORE_PASSWORD_PROPERTY]
ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY,
SSL_TRUSTSTORE_PATH_PROPERTY,
@@ -921,40 +563,18 @@ def setup_ldap():
ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY,
SSL_TRUSTSTORE_PASSWORD_PROPERTY]
- LDAP_PRIMARY_URL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[0])
- LDAP_SECONDARY_URL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[1])
- LDAP_USE_SSL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[2], "false")
- LDAP_USER_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[3], "uid")
- LDAP_BASE_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[4])
- LDAP_BIND_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[5], "false")
LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])
+
SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
- ldap_properties_map_reqd =\
- {
- ldap_property_list_reqd[0]:(LDAP_PRIMARY_URL_DEFAULT, "Primary URL* {{host:port}} {0}: ".format(get_prompt_default(LDAP_PRIMARY_URL_DEFAULT)), False),\
- ldap_property_list_reqd[1]:(LDAP_SECONDARY_URL_DEFAULT, "Secondary URL {{host:port}} {0}: ".format(get_prompt_default(LDAP_SECONDARY_URL_DEFAULT)), True),\
- ldap_property_list_reqd[2]:(LDAP_USE_SSL_DEFAULT, "Use SSL* [true/false] {0}: ".format(get_prompt_default(LDAP_USE_SSL_DEFAULT)), False),\
- ldap_property_list_reqd[3]:(LDAP_USER_ATT_DEFAULT, "User name attribute* {0}: ".format(get_prompt_default(LDAP_USER_ATT_DEFAULT)), False),\
- ldap_property_list_reqd[4]:(LDAP_BASE_DN_DEFAULT, "Base DN* {0}: ".format(get_prompt_default(LDAP_BASE_DN_DEFAULT)), False),\
- ldap_property_list_reqd[5]:(LDAP_BIND_DEFAULT, "Bind anonymously* [true/false] {0}: ".format(get_prompt_default(LDAP_BIND_DEFAULT)), False)\
- }
-
ldap_property_value_map = {}
- for idx, key in enumerate(ldap_property_list_reqd):
- if idx in [0, 1]:
- pattern = REGEX_HOSTNAME_PORT
- elif idx in [2, 5]:
- pattern = REGEX_TRUE_FALSE
- else:
- pattern = REGEX_ANYTHING
- input = get_validated_string_input(ldap_properties_map_reqd[key][1],
- ldap_properties_map_reqd[key][0], pattern,
- "Invalid characters in the input!", False, ldap_properties_map_reqd[key][2])
+ for ldap_prop in ldap_property_list_reqd:
+ input = get_validated_string_input(ldap_prop.ldap_prop_val_prompt, ldap_prop.ldap_prop_name, ldap_prop.prompt_regex,
+ "Invalid characters in the input!", False, ldap_prop.allow_empty_prompt)
if input is not None and input != "":
- ldap_property_value_map[key] = input
+ ldap_property_value_map[ldap_prop.prop_name] = input
bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"]
anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
@@ -963,7 +583,7 @@ def setup_ldap():
if not anonymous:
username = get_validated_string_input("Manager DN* {0}: ".format(
get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
- "Invalid characters in the input!", False, False)
+ "Invalid characters in the input!", False, False)
ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
mgr_password = configure_ldap_password()
ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
@@ -1041,6 +661,9 @@ def setup_ldap():
pass
# Persisting values
+ ldap_property_value_map[IS_LDAP_CONFIGURED] = "true"
+ if mgr_password:
+ ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME)
update_properties_2(properties, ldap_property_value_map)
print 'Saving...done'
[4/5] ambari git commit: AMBARI-8317 AMBARI-8317 Refactor the
OS-dependent Ambari Server Windows components - Part 2
Posted by fb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index f67d697..60edab8 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -19,383 +19,127 @@ limitations under the License.
'''
import optparse
-import shlex
import sys
import os
import signal
-import subprocess
-import re
-import string
-import glob
-import platform
-import shutil
-import stat
-import fileinput
-import urllib2
-import time
-import getpass
-import socket
-import datetime
-import tempfile
-import random
-import json
-import base64
-
-from ambari_commons import OSCheck, OSConst
+
from ambari_commons.exceptions import FatalException, NonFatalException
-from ambari_commons.logging_utils import get_verbose, set_verbose, get_silent, set_silent, get_debug_mode, \
- set_debug_mode, print_info_msg, print_warning_msg, print_error_msg, set_debug_mode_from_options
-from ambari_commons.os_utils import is_root, run_os_command, search_file, copy_file, remove_file, \
- set_file_permissions
+from ambari_commons.logging_utils import set_verbose, set_silent, \
+ print_info_msg, print_warning_msg, print_error_msg, set_debug_mode_from_options
+from ambari_commons.os_check import OSConst
+from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
+from ambari_commons.os_utils import remove_file
from ambari_server.BackupRestore import main as BackupRestore_main
-from ambari_server.dbConfiguration import DATABASE_NAMES, DATABASE_FULL_NAMES
-from ambari_server.properties import Properties
-from ambari_server.resourceFilesKeeper import ResourceFilesKeeper, KeeperException
-from ambari_server.serverConfiguration import AMBARI_PROPERTIES_FILE, configDefaults, \
- backup_file_in_temp, check_database_name_property, find_jdbc_driver, find_jdk, find_properties_file, get_ambari_classpath, \
- get_ambari_properties, get_conf_dir, get_full_ambari_classpath, get_value_from_properties, is_alias_string, \
- parse_properties_file, read_ambari_user, \
- BLIND_PASSWORD, SETUP_OR_UPGRADE_MSG, JDBC_RCA_PASSWORD_ALIAS, \
- JDBC_PASSWORD_PROPERTY, JDBC_PASSWORD_FILENAME, JDBC_RCA_PASSWORD_FILE_PROPERTY, \
- GET_FQDN_SERVICE_URL, get_stack_location, IS_LDAP_CONFIGURED, LDAP_PRIMARY_URL_PROPERTY, LDAP_MGR_PASSWORD_PROPERTY, \
- LDAP_MGR_PASSWORD_ALIAS, LDAP_MGR_PASSWORD_FILENAME, LDAP_MGR_USERNAME_PROPERTY, PID_NAME, \
- read_passwd_for_alias, get_credential_store_location, get_master_key_location, get_is_secure, get_is_persisted, \
- get_original_master_key, SECURITY_PROVIDER_PUT_CMD, get_java_exe_path, SECURITY_PROVIDER_KEY_CMD, \
- SECURITY_IS_ENCRYPTION_ENABLED, SECURITY_KERBEROS_JASS_FILENAME, SECURITY_KEY_ENV_VAR_NAME, \
- SECURITY_MASTER_KEY_FILENAME, SECURITY_MASTER_KEY_LOCATION, \
- SSL_TRUSTSTORE_PASSWORD_ALIAS, SSL_TRUSTSTORE_PASSWORD_PROPERTY, SSL_TRUSTSTORE_PATH_PROPERTY, SSL_TRUSTSTORE_TYPE_PROPERTY, \
- update_debug_mode
-from ambari_server.serverSetup import reset, setup, is_server_runing
+from ambari_server.dbConfiguration import DATABASE_NAMES
+from ambari_server.serverConfiguration import configDefaults, get_ambari_properties, PID_NAME
+from ambari_server.serverUtils import is_server_runing, refresh_stack_hash
+from ambari_server.serverSetup import reset, setup
from ambari_server.serverUpgrade import upgrade, upgrade_stack
+from ambari_server.setupHttps import setup_https, setup_ganglia_https
-if not OSCheck.is_windows_family():
- from ambari_server.dbConfiguration_linux import PGConfig
-
-from ambari_server.setupActions import SETUP_ACTION, START_ACTION, STOP_ACTION, RESET_ACTION, STATUS_ACTION, \
- UPGRADE_ACTION, UPGRADE_STACK_ACTION, LDAP_SETUP_ACTION, LDAP_SYNC_ACTION, SETUP_SECURITY_ACTION, \
- REFRESH_STACK_HASH_ACTION, BACKUP_ACTION, RESTORE_ACTION, ACTION_REQUIRE_RESTART
-from ambari_server.setupSecurity import adjust_directory_permissions, read_password, store_password_file, \
- remove_password_file, encrypt_password, get_truststore_password
-from ambari_server.userInput import get_YN_input, get_validated_string_input, get_validated_filepath_input, \
- get_prompt_default
-from ambari_server.utils import check_exitcode, locate_file, \
- looking_for_pid, save_main_pid_ex, wait_for_pid
-
-# debug settings
-SERVER_START_DEBUG = False
-SUSPEND_START_MODE = False
-
-# ldap settings
-LDAP_SYNC_ALL = False
-LDAP_SYNC_EXISTING = False
-LDAP_SYNC_USERS = None
-LDAP_SYNC_GROUPS = None
-
-# server commands
-ambari_provider_module_option = ""
-ambari_provider_module = os.environ.get('AMBARI_PROVIDER_MODULE')
-
-
-SSL_PASSWORD_FILE = "pass.txt"
-SSL_PASSIN_FILE = "passin.txt"
-
-# openssl command
-VALIDATE_KEYSTORE_CMD = "openssl pkcs12 -info -in '{0}' -password file:'{1}' -passout file:'{2}'"
-EXPRT_KSTR_CMD = "openssl pkcs12 -export -in '{0}' -inkey '{1}' -certfile '{0}' -out '{4}' -password file:'{2}' -passin file:'{3}'"
-CHANGE_KEY_PWD_CND = 'openssl rsa -in {0} -des3 -out {0}.secured -passout pass:{1}'
-GET_CRT_INFO_CMD = 'openssl x509 -dates -subject -in {0}'
-
-#keytool commands
-KEYTOOL_IMPORT_CERT_CMD = "{0}" + os.sep + "bin" + os.sep + "keytool -import -alias '{1}' -storetype '{2}' -file '{3}' -storepass '{4}' -noprompt"
-KEYTOOL_DELETE_CERT_CMD = "{0}" + os.sep + "bin" + os.sep + "keytool -delete -alias '{1}' -storepass '{2}' -noprompt"
-KEYTOOL_KEYSTORE = " -keystore '{0}'"
-
-# constants
-STACK_NAME_VER_SEP = "-"
-
-# api properties
-SERVER_API_HOST = '127.0.0.1'
-SERVER_API_PROTOCOL = 'http'
-SERVER_API_PORT = '8080'
-SERVER_API_LDAP_URL = '/api/v1/ldap_sync_events'
-
-AMBARI_SERVER_DIE_MSG = "Ambari Server java process died with exitcode {0}. Check {1} for more information."
-
-#SSL certificate metainfo
-COMMON_NAME_ATTR = 'CN'
-NOT_BEFORE_ATTR = 'notBefore'
-NOT_AFTER_ATTR = 'notAfter'
-
-if ambari_provider_module is not None:
- ambari_provider_module_option = "-Dprovider.module.class=" +\
- ambari_provider_module + " "
-
-SERVER_START_CMD = "{0} -server -XX:NewRatio=3 "\
- "-XX:+UseConcMarkSweepGC " +\
- "-XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 " +\
- ambari_provider_module_option +\
- os.getenv('AMBARI_JVM_ARGS', '-Xms512m -Xmx2048m') +\
- " -cp {1}" + os.pathsep + "{2}" +\
- " org.apache.ambari.server.controller.AmbariServer "\
- ">" + configDefaults.SERVER_OUT_FILE + " 2>&1 || echo $? > {3} &"
-SERVER_START_CMD_DEBUG = "{0} -server -XX:NewRatio=2 -XX:+UseConcMarkSweepGC " +\
- ambari_provider_module_option +\
- os.getenv('AMBARI_JVM_ARGS', '-Xms512m -Xmx2048m') +\
- " -Xdebug -Xrunjdwp:transport=dt_socket,address=5005,"\
- "server=y,suspend={4} -cp {1}" + os.pathsep + "{2}" +\
- " org.apache.ambari.server.controller.AmbariServer" \
- ">" + configDefaults.SERVER_OUT_FILE + " 2>&1 || echo $? > {3} &"
-SERVER_SEARCH_PATTERN = "org.apache.ambari.server.controller.AmbariServer"
-
-
-ULIMIT_CMD = "ulimit -n"
-SERVER_INIT_TIMEOUT = 5
-SERVER_START_TIMEOUT = 10
-
-SSL_KEY_DIR = 'security.server.keys_dir'
-SSL_API_PORT = 'client.api.ssl.port'
-SSL_API = 'api.ssl'
-SSL_SERVER_CERT_NAME = 'client.api.ssl.cert_name'
-SSL_SERVER_KEY_NAME = 'client.api.ssl.key_name'
-SSL_CERT_FILE_NAME = "https.crt"
-SSL_KEY_FILE_NAME = "https.key"
-SSL_KEYSTORE_FILE_NAME = "https.keystore.p12"
-SSL_KEY_PASSWORD_FILE_NAME = "https.pass.txt"
-SSL_KEY_PASSWORD_LENGTH = 50
-DEFAULT_SSL_API_PORT = 8443
-SSL_DATE_FORMAT = '%b %d %H:%M:%S %Y GMT'
-
-GANGLIA_HTTPS = 'ganglia.https'
-
-CLIENT_SECURITY_KEY = "client.security"
-
-EXITCODE_NAME = "ambari-server.exitcode"
-
-SRVR_TWO_WAY_SSL_PORT_PROPERTY = "security.server.two_way_ssl.port"
-SRVR_TWO_WAY_SSL_PORT = "8441"
-
-SRVR_ONE_WAY_SSL_PORT_PROPERTY = "security.server.one_way_ssl.port"
-SRVR_ONE_WAY_SSL_PORT = "8440"
-
-REGEX_IP_ADDRESS = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
-REGEX_HOSTNAME = "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$"
-REGEX_HOSTNAME_PORT = "^(.*:[0-9]{1,5}$)"
-REGEX_TRUE_FALSE = "^(true|false)?$"
-REGEX_ANYTHING = ".*"
-
-# linux open-file limit
-ULIMIT_OPEN_FILES_KEY = 'ulimit.open.files'
-ULIMIT_OPEN_FILES_DEFAULT = 10000
-
-#Apache License Header
-ASF_LICENSE_HEADER = '''
-# Copyright 2011 The Apache Software Foundation
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-'''
+from ambari_server.setupActions import BACKUP_ACTION, LDAP_SETUP_ACTION, LDAP_SYNC_ACTION, PSTART_ACTION, \
+ REFRESH_STACK_HASH_ACTION, RESET_ACTION, RESTORE_ACTION, SETUP_ACTION, SETUP_SECURITY_ACTION, START_ACTION, \
+ STATUS_ACTION, STOP_ACTION, UPGRADE_ACTION, UPGRADE_STACK_ACTION
+from ambari_server.setupSecurity import setup_ldap, sync_ldap, setup_master_key, setup_ambari_krb5_jaas
+from ambari_server.userInput import get_validated_string_input
-### System interaction ###
+from ambari_server_main import server_process_main
-def check_reverse_lookup():
- """
- Check if host fqdn resolves to current host ip
- """
- try:
- host_name = socket.gethostname().lower()
- host_ip = socket.gethostbyname(host_name)
- host_fqdn = socket.getfqdn().lower()
- fqdn_ip = socket.gethostbyname(host_fqdn)
- return host_ip == fqdn_ip
- except socket.error:
- pass
- return False
+class UserActionPossibleArgs(object):
+ def __init__(self, i_fn, i_possible_args_numbers, *args, **kwargs):
+ self.fn = i_fn
+ self.possible_args_numbers = i_possible_args_numbers
+ self.args = args
+ self.kwargs = kwargs
+ self.need_restart = False
-#
-# Starts the Ambari Server.
-#
-def start(args):
- if not check_reverse_lookup():
- print_warning_msg("The hostname was not found in the reverse DNS lookup. "
- "This may result in incorrect behavior. "
- "Please check the DNS setup and fix the issue.")
- current_user = getpass.getuser()
- ambari_user = read_ambari_user()
- if ambari_user is None:
- err = "Unable to detect a system user for Ambari Server.\n" + SETUP_OR_UPGRADE_MSG
- raise FatalException(1, err)
- if current_user != ambari_user and not is_root():
- err = "Unable to start Ambari Server as user {0}. Please either run \"ambari-server start\" " \
- "command as root, as sudo or as user \"{1}\"".format(current_user, ambari_user)
- raise FatalException(1, err)
+ def execute(self):
+ self.fn(*self.args, **self.kwargs)
- check_database_name_property()
- parse_properties_file(args)
+class UserAction(UserActionPossibleArgs):
+ def __init__(self, i_fn, *args, **kwargs):
+ super(UserAction, self).__init__(i_fn, [1], *args, **kwargs)
- update_debug_mode()
+class UserActionRestart(UserAction):
+ def __init__(self, i_fn, *args, **kwargs):
+ super(UserActionRestart, self).__init__(i_fn, *args, **kwargs)
- status, pid = is_server_runing()
- if status:
- err = "Ambari Server is already running."
- raise FatalException(1, err)
+ def execute(self):
+ self.need_restart = self.fn(*self.args, **self.kwargs)
+
+
+def winsetup(options):
+ from ambari_windows_service import svcsetup
- print_info_msg("Ambari Server is not running...")
+ setup(options)
+ svcsetup()
- conf_dir = get_conf_dir()
- jdk_path = find_jdk()
- if jdk_path is None:
- err = "No JDK found, please run the \"ambari-server setup\" " \
- "command to install a JDK automatically or install any " \
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR
+#
+# Starts the Ambari Server as a standalone process.
+# Ensures only one instance of the process is running.
+# If this is the second instance of the process, the function fails.
+#
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def start(options):
+ from ambari_windows_service import AmbariServerService, ctrlHandler
+
+ status, pid = is_server_runing()
+ if status:
+ err = "Ambari Server is already running."
raise FatalException(1, err)
- if args.persistence_type == 'remote':
- result = find_jdbc_driver(args)
- msg = 'Before starting Ambari Server, ' \
- 'you must copy the {0} JDBC driver JAR file to {1}.'.format(
- DATABASE_FULL_NAMES[args.dbms],
- configDefaults.JAVA_SHARE_PATH)
- if result == -1:
- raise FatalException(-1, msg)
-
- # Preparations
-
- if is_root():
- print "Ambari Server running with 'root' privileges."
-
- if args.persistence_type == "local":
- pg_status, retcode, out, err = PGConfig._check_postgre_up()
- if not retcode == 0:
- err = 'Unable to start PostgreSQL server. Status {0}. {1}. Exiting'.format(pg_status, err)
- raise FatalException(retcode, err)
-
- else: # Skipping actions that require root permissions
- print "Unable to check iptables status when starting "\
- "without root privileges."
- print "Please do not forget to disable or adjust iptables if needed"
- if args.persistence_type == "local":
- print "Unable to check PostgreSQL server status when starting " \
- "without root privileges."
- print "Please do not forget to start PostgreSQL server."
-
- refresh_stack_hash()
+ AmbariServerService.set_ctrl_c_handler(ctrlHandler)
- properties = get_ambari_properties()
+ #Run as a normal process. Invoke the ServiceMain directly.
+ childProc = server_process_main(options)
- isSecure = get_is_secure(properties)
- (isPersisted, masterKeyFile) = get_is_persisted(properties)
- environ = os.environ.copy()
- # Need to handle master key not persisted scenario
- if isSecure and not masterKeyFile:
- prompt = False
- masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)
+ childProc.wait()
- if masterKey is not None and masterKey != "":
- pass
- else:
- keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)
-
- if keyLocation is not None:
- try:
- # Verify master key can be read by the java process
- with open(keyLocation, 'r'):
- pass
- except IOError:
- print_warning_msg("Cannot read Master key from path specified in "
- "environemnt.")
- prompt = True
- else:
- # Key not provided in the environment
- prompt = True
-
- if prompt:
- import pwd
-
- masterKey = get_original_master_key(properties)
- tempDir = tempfile.gettempdir()
- tempFilePath = tempDir + os.sep + "masterkey"
- save_master_key(masterKey, tempFilePath, True)
- if ambari_user != current_user:
- uid = pwd.getpwnam(ambari_user).pw_uid
- gid = pwd.getpwnam(ambari_user).pw_gid
- os.chown(tempFilePath, uid, gid)
- else:
- os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
-
- if tempFilePath is not None:
- environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath
-
- debug_mode = get_debug_mode()
- debug_start = (debug_mode & 1) or SERVER_START_DEBUG
- suspend_start = 'y' if ((debug_mode & 2) or SUSPEND_START_MODE) else 'n'
-
- pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
- command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
- command = "%s %s; %s" % (ULIMIT_CMD, str(get_ulimit_open_files()),
- command_base.format(get_java_exe_path(),
- conf_dir,
- get_ambari_classpath(),
- os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
- suspend_start)
- )
- if not os.path.exists(configDefaults.PID_DIR):
- os.makedirs(configDefaults.PID_DIR, 0755)
-
- # required to start properly server instance
- os.chdir(configDefaults.ROOT_FS_PATH)
-
- #For properly daemonization server should be started using shell as parent
- if is_root() and ambari_user != "root":
- # To inherit exported environment variables (especially AMBARI_PASSPHRASE),
- # from subprocess, we have to skip --login option of su command. That's why
- # we change dir to / (otherwise subprocess can face with 'permission denied'
- # errors while trying to list current directory
- param_list = [locate_file('su', '/bin'), ambari_user, "-s", locate_file('sh', '/bin'), "-c", command]
- else:
- param_list = [locate_file('sh', '/bin'), "-c", command]
+ pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME)
+ remove_file(pid_file_path)
+
+#
+# Starts the Ambari Server.
+# Ensures only one instance of the process is running.
+# If this is the second instance of the process, the function fails.
+#
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def start(args):
+ status, pid = is_server_runing()
+ if status:
+ err = "Ambari Server is already running."
+ raise FatalException(1, err)
- print_info_msg("Running server: " + str(param_list))
- subprocess.Popen(param_list, env=environ)
+ server_process_main(args)
- print "Server PID at: "+pidfile
- print "Server out at: "+configDefaults.SERVER_OUT_FILE
- print "Server log at: "+configDefaults.SERVER_LOG_FILE
- #wait for server process for SERVER_START_TIMEOUT seconds
- sys.stdout.write('Waiting for server start...')
- sys.stdout.flush()
+#
+# Starts the Ambari Server as a service.
+# Start the server as a Windows service. If the Ambari server is
+# not registered as a service, the function fails. By default, only one instance of the service can
+# possibly run.
+#
+def svcstart():
+ from ambari_windows_service import AmbariServerService
- pids = looking_for_pid(SERVER_SEARCH_PATTERN, SERVER_INIT_TIMEOUT)
- found_pids = wait_for_pid(pids, SERVER_START_TIMEOUT)
+ AmbariServerService.Start()
+ pass
- sys.stdout.write('\n')
- sys.stdout.flush()
- if found_pids <= 0:
- exitcode = check_exitcode(os.path.join(configDefaults.PID_DIR, EXITCODE_NAME))
- raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
- else:
- save_main_pid_ex(pids, pidfile, [locate_file('sh', '/bin'),
- locate_file('bash', '/bin')], True)
+#
+# Stops the Ambari Server service.
+#
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def stop():
+ from ambari_windows_service import AmbariServerService
+ AmbariServerService.Stop()
#
# Stops the Ambari Server.
#
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
def stop(args):
if (args != None):
args.exit_message = None
@@ -415,16 +159,22 @@ def stop(args):
print "Ambari Server is not running"
-def compare_versions(version1, version2):
- def normalize(v):
- return [int(x) for x in re.sub(r'(\.0+)*$', '', v).split(".")]
- return cmp(normalize(version1), normalize(version2))
- pass
+#
+# The Ambari Server status.
+#
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def status(args):
+ from ambari_windows_service import AmbariServerService
+
+ args.exit_message = None
+ statusStr = AmbariServerService.QueryStatus()
+ print "Ambari Server is " + statusStr
#
# The Ambari Server status.
#
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
def status(args):
args.exit_message = None
status, pid = is_server_runing()
@@ -436,1151 +186,165 @@ def status(args):
print "Ambari Server not running. Stale PID File at: " + pid_file_path
-#
-# Sync users and groups with configured LDAP
-#
-def sync_ldap():
- if not is_root():
- err = 'Ambari-server sync-ldap should be run with ' \
- 'root-level privileges'
- raise FatalException(4, err)
-
- server_status, pid = is_server_runing()
- if not server_status:
- err = 'Ambari Server is not running.'
- raise FatalException(1, err)
-
- ldap_configured = get_ambari_properties().get_property(IS_LDAP_CONFIGURED)
- if ldap_configured != 'true':
- err = "LDAP is not configured. Run 'ambari-server setup-ldap' first."
- raise FatalException(1, err)
-
- if not LDAP_SYNC_ALL and not LDAP_SYNC_EXISTING and LDAP_SYNC_USERS is None and LDAP_SYNC_GROUPS is None:
- err = 'Must specify a sync option. Please see help for more information.'
- raise FatalException(1, err)
+def refresh_stack_hash_action():
+ properties = get_ambari_properties()
+ refresh_stack_hash(properties)
+
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def create_setup_security_actions(args):
+ action_list = [
+ ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
+ ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key)],
+ ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
+ ]
+ return action_list
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def create_setup_security_actions(args):
+ action_list = [
+ ['Enable HTTPS for Ambari server.', UserActionRestart(setup_https, args)],
+ ['Enable HTTPS for Ganglia service.', UserAction(setup_ganglia_https)],
+ ['Encrypt passwords stored in ambari.properties file.', UserAction(setup_master_key)],
+ ['Setup Ambari kerberos JAAS configuration.', UserAction(setup_ambari_krb5_jaas)],
+ ]
+ return action_list
- admin_login = get_validated_string_input(prompt="Enter Ambari Admin login: ", default=None,
- pattern=None, description=None,
- is_pass=False, allowEmpty=False)
- admin_password = get_validated_string_input(prompt="Enter Ambari Admin password: ", default=None,
- pattern=None, description=None,
- is_pass=True, allowEmpty=False)
-
- url = '{0}://{1}:{2!s}{3}'.format(SERVER_API_PROTOCOL, SERVER_API_HOST, SERVER_API_PORT, SERVER_API_LDAP_URL)
- admin_auth = base64.encodestring('%s:%s' % (admin_login, admin_password)).replace('\n', '')
- request = urllib2.Request(url)
- request.add_header('Authorization', 'Basic %s' % admin_auth)
- request.add_header('X-Requested-By', 'ambari')
-
- if LDAP_SYNC_ALL:
- sys.stdout.write('Syncing all.')
- bodies = [{"Event":{"specs":[{"principal_type":"users","sync_type":"all"},{"principal_type":"groups","sync_type":"all"}]}}]
- elif LDAP_SYNC_EXISTING:
- sys.stdout.write('Syncing existing.')
- bodies = [{"Event":{"specs":[{"principal_type":"users","sync_type":"existing"},{"principal_type":"groups","sync_type":"existing"}]}}]
- else:
- sys.stdout.write('Syncing specified users and groups.')
- bodies = [{"Event":{"specs":[]}}]
- body = bodies[0]
- events = body['Event']
- specs = events['specs']
+def setup_security(args):
+ actions = create_setup_security_actions(args)
- if LDAP_SYNC_USERS is not None:
- new_specs = [{"principal_type":"users","sync_type":"specific","names":""}]
- get_ldap_event_spec_names(LDAP_SYNC_USERS, specs, new_specs)
- if LDAP_SYNC_GROUPS is not None:
- new_specs = [{"principal_type":"groups","sync_type":"specific","names":""}]
- get_ldap_event_spec_names(LDAP_SYNC_GROUPS, specs, new_specs)
+ #Print menu options
+ print '=' * 75
+ print 'Choose one of the following options: '
- if get_verbose():
- sys.stdout.write('\nCalling API ' + SERVER_API_LDAP_URL + ' : ' + str(bodies) + '\n')
+ iAction = 0
+ for actionDesc in actions:
+ iAction += 1
+ print ' [{0}] {1}'.format(iAction, actionDesc[0])
+ print '=' * 75
- request.add_data(json.dumps(bodies))
- request.get_method = lambda: 'POST'
+ choice_prompt = 'Enter choice, (1-[0]): '.format(iAction)
+ choice_re = '1-{0}'.format(iAction)
+ choice = get_validated_string_input(choice_prompt, '0', choice_re,
+ 'Invalid choice', False, False)
try:
- response = urllib2.urlopen(request)
- except Exception as e:
- err = 'Sync event creation failed. Error details: %s' % e
- raise FatalException(1, err)
-
- response_status_code = response.getcode()
- if response_status_code != 201:
- err = 'Error during syncing. Http status code - ' + str(response_status_code)
- raise FatalException(1, err)
- response_body = json.loads(response.read())
-
- url = response_body['resources'][0]['href']
- request = urllib2.Request(url)
- request.add_header('Authorization', 'Basic %s' % admin_auth)
- request.add_header('X-Requested-By', 'ambari')
- body = [{"LDAP":{"synced_groups":"*","synced_users":"*"}}]
- request.add_data(json.dumps(body))
- request.get_method = lambda: 'GET'
- request_in_progress = True
+ actionDesc = actions[int(choice) - 1]
+ except IndexError:
+ raise FatalException('Unknown option for setup-security command.')
- while request_in_progress:
+ action = actionDesc[1]
+ action.execute()
- sys.stdout.write('.')
- sys.stdout.flush()
+ return action.need_restart
- try:
- response = urllib2.urlopen(request)
- except Exception as e:
- request_in_progress = False
- err = 'Sync event check failed. Error details: %s' % e
- raise FatalException(1, err)
-
- response_status_code = response.getcode()
- if response_status_code != 200:
- err = 'Error during syncing. Http status code - ' + str(response_status_code)
- raise FatalException(1, err)
- response_body = json.loads(response.read())
- sync_info = response_body['Event']
-
- if sync_info['status'] == 'ERROR':
- raise FatalException(1, str(sync_info['status_detail']))
- elif sync_info['status'] == 'COMPLETE':
- print '\n\nCompleted LDAP Sync.'
- print 'Summary:'
- for principal_type, summary in sync_info['summary'].iteritems():
- print ' {0}:'.format(principal_type)
- for action, amount in summary.iteritems():
- print ' {0} = {1!s}'.format(action, amount)
- request_in_progress = False
- else:
- time.sleep(1)
-
- sys.stdout.write('\n')
- sys.stdout.flush()
#
-# Get the principal names from the given CSV file and set them on the given LDAP event specs.
+# Backup / Restore
#
-def get_ldap_event_spec_names(file, specs, new_specs):
-
- try:
- if os.path.exists(file):
- new_spec = new_specs[0]
- with open(file, 'r') as names_file:
- names = names_file.read()
- new_spec['names'] = names.replace('\n', '').replace('\t', '')
- names_file.close()
- specs += new_specs
- else:
- err = 'Sync event creation failed. File ' + file + ' not found.'
- raise FatalException(1, err)
- except Exception as exception:
- err = 'Caught exception reading file ' + file + ' : ' + str(exception)
- raise FatalException(1, err)
-
-
-def setup_ldap():
- if not is_root():
- err = 'Ambari-server setup-ldap should be run with ' \
- 'root-level privileges'
- raise FatalException(4, err)
-
- properties = get_ambari_properties()
- isSecure = get_is_secure(properties)
- # python2.x dict is not ordered
- ldap_property_list_reqd = [LDAP_PRIMARY_URL_PROPERTY,
- "authentication.ldap.secondaryUrl",
- "authentication.ldap.useSSL",
- "authentication.ldap.userObjectClass",
- "authentication.ldap.usernameAttribute",
- "authentication.ldap.groupObjectClass",
- "authentication.ldap.groupNamingAttr",
- "authentication.ldap.groupMembershipAttr",
- "authentication.ldap.dnAttribute",
- "authentication.ldap.baseDn",
- "authentication.ldap.bindAnonymously"]
-
- ldap_property_list_opt = ["authentication.ldap.managerDn",
- LDAP_MGR_PASSWORD_PROPERTY,
- SSL_TRUSTSTORE_TYPE_PROPERTY,
- SSL_TRUSTSTORE_PATH_PROPERTY,
- SSL_TRUSTSTORE_PASSWORD_PROPERTY]
-
- ldap_property_list_truststore=[SSL_TRUSTSTORE_TYPE_PROPERTY,
- SSL_TRUSTSTORE_PATH_PROPERTY,
- SSL_TRUSTSTORE_PASSWORD_PROPERTY]
-
- ldap_property_list_passwords=[LDAP_MGR_PASSWORD_PROPERTY,
- SSL_TRUSTSTORE_PASSWORD_PROPERTY]
-
- LDAP_PRIMARY_URL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[0])
- LDAP_SECONDARY_URL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[1])
- LDAP_USE_SSL_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[2], "false")
- LDAP_USER_CLASS_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[3], "posixAccount")
- LDAP_USER_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[4], "uid")
- LDAP_GROUP_CLASS_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[5], "posixGroup")
- LDAP_GROUP_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[6], "cn")
- LDAP_GROUP_MEMBER_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[7], "memberUid")
- LDAP_DN_ATT_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[8], "dn")
- LDAP_BASE_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[9])
- LDAP_BIND_DEFAULT = get_value_from_properties(properties, ldap_property_list_reqd[10], "false")
- LDAP_MGR_DN_DEFAULT = get_value_from_properties(properties, ldap_property_list_opt[0])
- SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
- SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
-
-
- ldap_properties_map_reqd =\
- {
- ldap_property_list_reqd[0]:(LDAP_PRIMARY_URL_DEFAULT, "Primary URL* {{host:port}} {0}: ".format(get_prompt_default(LDAP_PRIMARY_URL_DEFAULT)), False),
- ldap_property_list_reqd[1]:(LDAP_SECONDARY_URL_DEFAULT, "Secondary URL {{host:port}} {0}: ".format(get_prompt_default(LDAP_SECONDARY_URL_DEFAULT)), True),
- ldap_property_list_reqd[2]:(LDAP_USE_SSL_DEFAULT, "Use SSL* [true/false] {0}: ".format(get_prompt_default(LDAP_USE_SSL_DEFAULT)), False),
- ldap_property_list_reqd[3]:(LDAP_USER_CLASS_DEFAULT, "User object class* {0}: ".format(get_prompt_default(LDAP_USER_CLASS_DEFAULT)), False),
- ldap_property_list_reqd[4]:(LDAP_USER_ATT_DEFAULT, "User name attribute* {0}: ".format(get_prompt_default(LDAP_USER_ATT_DEFAULT)), False),
- ldap_property_list_reqd[5]:(LDAP_GROUP_CLASS_DEFAULT, "Group object class* {0}: ".format(get_prompt_default(LDAP_GROUP_CLASS_DEFAULT)), False),
- ldap_property_list_reqd[6]:(LDAP_GROUP_ATT_DEFAULT, "Group name attribute* {0}: ".format(get_prompt_default(LDAP_GROUP_ATT_DEFAULT)), False),
- ldap_property_list_reqd[7]:(LDAP_GROUP_MEMBER_DEFAULT, "Group member attribute* {0}: ".format(get_prompt_default(LDAP_GROUP_MEMBER_DEFAULT)), False),
- ldap_property_list_reqd[8]:(LDAP_DN_ATT_DEFAULT, "Distinguished name attribute* {0}: ".format(get_prompt_default(LDAP_DN_ATT_DEFAULT)), False),
- ldap_property_list_reqd[9]:(LDAP_BASE_DN_DEFAULT, "Base DN* {0}: ".format(get_prompt_default(LDAP_BASE_DN_DEFAULT)), False),
- ldap_property_list_reqd[10]:(LDAP_BIND_DEFAULT, "Bind anonymously* [true/false] {0}: ".format(get_prompt_default(LDAP_BIND_DEFAULT)), False),
- }
-
- ldap_property_value_map = {}
- for idx, key in enumerate(ldap_property_list_reqd):
- if idx in [0, 1]:
- pattern = REGEX_HOSTNAME_PORT
- elif idx in [2, 10]:
- pattern = REGEX_TRUE_FALSE
- else:
- pattern = REGEX_ANYTHING
- input = get_validated_string_input(ldap_properties_map_reqd[key][1],
- ldap_properties_map_reqd[key][0], pattern,
- "Invalid characters in the input!", False, ldap_properties_map_reqd[key][2])
- if input is not None and input != "":
- ldap_property_value_map[key] = input
-
- bindAnonymously = ldap_property_value_map["authentication.ldap.bindAnonymously"]
- anonymous = (bindAnonymously and bindAnonymously.lower() == 'true')
- mgr_password = None
- # Ask for manager credentials only if bindAnonymously is false
- if not anonymous:
- username = get_validated_string_input("Manager DN* {0}: ".format(
- get_prompt_default(LDAP_MGR_DN_DEFAULT)), LDAP_MGR_DN_DEFAULT, ".*",
- "Invalid characters in the input!", False, False)
- ldap_property_value_map[LDAP_MGR_USERNAME_PROPERTY] = username
- mgr_password = configure_ldap_password()
- ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = mgr_password
-
- useSSL = ldap_property_value_map["authentication.ldap.useSSL"]
- ldaps = (useSSL and useSSL.lower() == 'true')
- ts_password = None
-
- if ldaps:
- truststore_default = "n"
- truststore_set = bool(SSL_TRUSTSTORE_PATH_DEFAULT)
- if truststore_set:
- truststore_default = "y"
- custom_trust_store = get_YN_input("Do you want to provide custom TrustStore for Ambari [y/n] ({0})?".
- format(truststore_default),
- truststore_set)
- if custom_trust_store:
- ts_type = get_validated_string_input(
- "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
- SSL_TRUSTSTORE_TYPE_DEFAULT,
- "^(jks|jceks|pkcs12)?$", "Wrong type", False)
- ts_path = None
- while True:
- ts_path = get_validated_string_input(
- "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
- SSL_TRUSTSTORE_PATH_DEFAULT,
- ".*", False, False)
- if os.path.exists(ts_path):
- break
- else:
- print 'File not found.'
-
- ts_password = read_password("", ".*", "Password for TrustStore:", "Invalid characters in password")
-
- ldap_property_value_map[SSL_TRUSTSTORE_TYPE_PROPERTY] = ts_type
- ldap_property_value_map[SSL_TRUSTSTORE_PATH_PROPERTY] = ts_path
- ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = ts_password
- pass
- else:
- properties.removeOldProp(SSL_TRUSTSTORE_TYPE_PROPERTY)
- properties.removeOldProp(SSL_TRUSTSTORE_PATH_PROPERTY)
- properties.removeOldProp(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- pass
- pass
-
- print '=' * 20
- print 'Review Settings'
- print '=' * 20
- for property in ldap_property_list_reqd:
- if property in ldap_property_value_map:
- print("%s: %s" % (property, ldap_property_value_map[property]))
-
- for property in ldap_property_list_opt:
- if ldap_property_value_map.has_key(property):
- if property not in ldap_property_list_passwords:
- print("%s: %s" % (property, ldap_property_value_map[property]))
- else:
- print("%s: %s" % (property, BLIND_PASSWORD))
-
- save_settings = get_YN_input("Save settings [y/n] (y)? ", True)
-
- if save_settings:
- ldap_property_value_map[CLIENT_SECURITY_KEY] = 'ldap'
- if isSecure:
- if mgr_password:
- encrypted_passwd = encrypt_password(LDAP_MGR_PASSWORD_ALIAS, mgr_password)
- if mgr_password != encrypted_passwd:
- ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = encrypted_passwd
- pass
- if ts_password:
- encrypted_passwd = encrypt_password(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password)
- if ts_password != encrypted_passwd:
- ldap_property_value_map[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = encrypted_passwd
- pass
- pass
-
- # Persisting values
- ldap_property_value_map[IS_LDAP_CONFIGURED] = "true"
- if mgr_password:
- ldap_property_value_map[LDAP_MGR_PASSWORD_PROPERTY] = store_password_file(mgr_password, LDAP_MGR_PASSWORD_FILENAME)
- update_properties(properties, ldap_property_value_map)
- print 'Saving...done'
-
- return 0
-
-
-def read_master_key(isReset=False):
- passwordPattern = ".*"
- passwordPrompt = "Please provide master key for locking the credential store: "
- passwordDescr = "Invalid characters in password. Use only alphanumeric or "\
- "_ or - characters"
- passwordDefault = ""
- if isReset:
- passwordPrompt = "Enter new Master Key: "
-
- masterKey = get_validated_string_input(passwordPrompt, passwordDefault,
- passwordPattern, passwordDescr, True, True)
-
- if not masterKey:
- print "Master Key cannot be empty!"
- return read_master_key()
-
- masterKey2 = get_validated_string_input("Re-enter master key: ",
- passwordDefault, passwordPattern, passwordDescr, True, True)
-
- if masterKey != masterKey2:
- print "Master key did not match!"
- return read_master_key()
-
- return masterKey
-
-
-def setup_master_key():
- if not is_root():
- err = 'Ambari-server setup should be run with '\
- 'root-level privileges'
- raise FatalException(4, err)
-
- properties = get_ambari_properties()
- if properties == -1:
- raise FatalException(1, "Failed to read properties file.")
-
- db_password = properties.get_property(JDBC_PASSWORD_PROPERTY)
- # Encrypt passwords cannot be called before setup
- if not db_password:
- print 'Please call "setup" before "encrypt-passwords". Exiting...'
- return 1
-
- # Check configuration for location of master key
- isSecure = get_is_secure(properties)
- (isPersisted, masterKeyFile) = get_is_persisted(properties)
-
- # Read clear text DB password from file
- if not is_alias_string(db_password) and os.path.isfile(db_password):
- with open(db_password, 'r') as passwdfile:
- db_password = passwdfile.read()
-
- ldap_password = properties.get_property(LDAP_MGR_PASSWORD_PROPERTY)
-
- if ldap_password:
- # Read clear text LDAP password from file
- if not is_alias_string(ldap_password) and os.path.isfile(ldap_password):
- with open(ldap_password, 'r') as passwdfile:
- ldap_password = passwdfile.read()
-
- ts_password = properties.get_property(SSL_TRUSTSTORE_PASSWORD_PROPERTY)
- resetKey = False
- masterKey = None
-
- if isSecure:
- print "Password encryption is enabled."
- resetKey = get_YN_input("Do you want to reset Master Key? [y/n] (n): ", False)
-
- # For encrypting of only unencrypted passwords without resetting the key ask
- # for master key if not persisted.
- if isSecure and not isPersisted and not resetKey:
- print "Master Key not persisted."
- masterKey = get_original_master_key(properties)
- pass
-
- # Make sure both passwords are clear-text if master key is lost
- if resetKey:
- if not isPersisted:
- print "Master Key not persisted."
- masterKey = get_original_master_key(properties)
- # Unable get the right master key or skipped question <enter>
- if not masterKey:
- print "To disable encryption, do the following:"
- print "- Edit " + find_properties_file() + \
- " and set " + SECURITY_IS_ENCRYPTION_ENABLED + " = " + "false."
- err = "{0} is already encrypted. Please call {1} to store unencrypted" \
- " password and call 'encrypt-passwords' again."
- if db_password and is_alias_string(db_password):
- print err.format('- Database password', "'" + SETUP_ACTION + "'")
- if ldap_password and is_alias_string(ldap_password):
- print err.format('- LDAP manager password', "'" + LDAP_SETUP_ACTION + "'")
- if ts_password and is_alias_string(ts_password):
- print err.format('TrustStore password', "'" + LDAP_SETUP_ACTION + "'")
-
- return 1
- pass
- pass
- pass
-
- # Read back any encrypted passwords
- if db_password and is_alias_string(db_password):
- db_password = read_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, masterKey)
- if ldap_password and is_alias_string(ldap_password):
- ldap_password = read_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, masterKey)
- if ts_password and is_alias_string(ts_password):
- ts_password = read_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, masterKey)
- # Read master key, if non-secure or reset is true
- if resetKey or not isSecure:
- masterKey = read_master_key(resetKey)
- persist = get_YN_input("Do you want to persist master key. If you choose "\
- "not to persist, you need to provide the Master "\
- "Key while starting the ambari server as an env "\
- "variable named " + SECURITY_KEY_ENV_VAR_NAME +\
- " or the start will prompt for the master key."
- " Persist [y/n] (y)? ", True)
- if persist:
- save_master_key(masterKey, get_master_key_location(properties) + os.sep +
- SECURITY_MASTER_KEY_FILENAME, persist)
- elif not persist and masterKeyFile:
- try:
- os.remove(masterKeyFile)
- print_info_msg("Deleting master key file at location: " + str(
- masterKeyFile))
- except Exception, e:
- print 'ERROR: Could not remove master key file. %s' % e
- # Blow up the credential store made with previous key, if any
- store_file = get_credential_store_location(properties)
- if os.path.exists(store_file):
- try:
- os.remove(store_file)
- except:
- print_warning_msg("Failed to remove credential store file.")
- pass
- pass
- pass
-
- propertyMap = {SECURITY_IS_ENCRYPTION_ENABLED: 'true'}
- # Encrypt only un-encrypted passwords
- if db_password and not is_alias_string(db_password):
- retCode = save_passwd_for_alias(JDBC_RCA_PASSWORD_ALIAS, db_password, masterKey)
- if retCode != 0:
- print 'Failed to save secure database password.'
- else:
- propertyMap[JDBC_PASSWORD_PROPERTY] = get_alias_string(JDBC_RCA_PASSWORD_ALIAS)
- remove_password_file(JDBC_PASSWORD_FILENAME)
- if properties.get_property(JDBC_RCA_PASSWORD_FILE_PROPERTY):
- propertyMap[JDBC_RCA_PASSWORD_FILE_PROPERTY] = get_alias_string(JDBC_RCA_PASSWORD_ALIAS)
- pass
-
- if ldap_password and not is_alias_string(ldap_password):
- retCode = save_passwd_for_alias(LDAP_MGR_PASSWORD_ALIAS, ldap_password, masterKey)
- if retCode != 0:
- print 'Failed to save secure LDAP password.'
- else:
- propertyMap[LDAP_MGR_PASSWORD_PROPERTY] = get_alias_string(LDAP_MGR_PASSWORD_ALIAS)
- remove_password_file(LDAP_MGR_PASSWORD_FILENAME)
- pass
-
- if ts_password and not is_alias_string(ts_password):
- retCode = save_passwd_for_alias(SSL_TRUSTSTORE_PASSWORD_ALIAS, ts_password, masterKey)
- if retCode != 0:
- print 'Failed to save secure TrustStore password.'
- else:
- propertyMap[SSL_TRUSTSTORE_PASSWORD_PROPERTY] = get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS)
- pass
-
- update_properties(properties, propertyMap)
-
- # Since files for store and master are created we need to ensure correct
- # permissions
- ambari_user = read_ambari_user()
- if ambari_user:
- adjust_directory_permissions(ambari_user)
-
- return 0
-
-
-def get_alias_string(alias):
- return "${alias=" + alias + "}"
-
-
-def get_alias_from_alias_string(aliasStr):
- return aliasStr[8:-1]
-
-
-def save_passwd_for_alias(alias, passwd, masterKey=""):
- if alias and passwd:
- jdk_path = find_jdk()
- if jdk_path is None:
- print_error_msg("No JDK found, please run the \"setup\" "
- "command to install a JDK automatically or install any "
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR)
- return 1
-
- if masterKey is None or masterKey == "":
- masterKey = "None"
-
- command = SECURITY_PROVIDER_PUT_CMD.format(get_java_exe_path(),
- get_full_ambari_classpath(), alias, passwd, masterKey)
- (retcode, stdout, stderr) = run_os_command(command)
- print_info_msg("Return code from credential provider save passwd: " +
- str(retcode))
- return retcode
- else:
- print_error_msg("Alias or password is unreadable.")
-
-
-def save_master_key(master_key, key_location, persist=True):
- if master_key:
- jdk_path = find_jdk()
- if jdk_path is None:
- print_error_msg("No JDK found, please run the \"setup\" "
- "command to install a JDK automatically or install any "
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR)
- return 1
- command = SECURITY_PROVIDER_KEY_CMD.format(get_java_exe_path(),
- get_full_ambari_classpath(), master_key, key_location, persist)
- (retcode, stdout, stderr) = run_os_command(command)
- print_info_msg("Return code from credential provider save KEY: " +
- str(retcode))
- else:
- print_error_msg("Master key cannot be None.")
-
-
-def configure_ldap_password():
- passwordDefault = ""
- passwordPrompt = 'Enter Manager Password* : '
- passwordPattern = ".*"
- passwordDescr = "Invalid characters in password."
-
- password = read_password(passwordDefault, passwordPattern, passwordPrompt,
- passwordDescr)
-
- return password
-
-
-# update properties in a section-less properties file
-# Cannot use ConfigParser due to bugs in version 2.6
-def update_properties(propertyMap):
- conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir())
- backup_file_in_temp(conf_file)
- if propertyMap is not None and conf_file is not None:
- properties = Properties()
- try:
- with open(conf_file, 'r') as file:
- properties.load(file)
- except (Exception), e:
- print_error_msg('Could not read "%s": %s' % (conf_file, e))
- return -1
-
- #for key in propertyMap.keys():
- #properties[key] = propertyMap[key]
- for key in propertyMap.keys():
- properties.removeOldProp(key)
- properties.process_pair(key, str(propertyMap[key]))
-
- with open(conf_file, 'w') as file:
- properties.store(file)
-
- return 0
-
-
-def update_properties(properties, propertyMap):
- conf_file = search_file(AMBARI_PROPERTIES_FILE, get_conf_dir())
- backup_file_in_temp(conf_file)
- if conf_file is not None:
- if propertyMap is not None:
- for key in propertyMap.keys():
- properties.removeOldProp(key)
- properties.process_pair(key, str(propertyMap[key]))
- pass
-
- with open(conf_file, 'w') as file:
- properties.store(file)
- pass
- pass
-
-
-def setup_https(args):
- if not is_root():
- err = 'ambari-server setup-https should be run with ' \
- 'root-level privileges'
- raise FatalException(4, err)
- args.exit_message = None
- if not get_silent():
- properties = get_ambari_properties()
- try:
- security_server_keys_dir = properties.get_property(SSL_KEY_DIR)
- client_api_ssl_port = DEFAULT_SSL_API_PORT if properties.get_property(SSL_API_PORT) in ("")\
- else properties.get_property(SSL_API_PORT)
- api_ssl = properties.get_property(SSL_API) in ['true']
- cert_was_imported = False
- cert_must_import = True
- if api_ssl:
- if get_YN_input("Do you want to disable HTTPS [y/n] (n)? ", False):
- properties.process_pair(SSL_API, "false")
- cert_must_import=False
- else:
- properties.process_pair(SSL_API_PORT, \
- get_validated_string_input(\
- "SSL port ["+str(client_api_ssl_port)+"] ? ",\
- str(client_api_ssl_port),\
- "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
- cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
- else:
- if get_YN_input("Do you want to configure HTTPS [y/n] (y)? ", True):
- properties.process_pair(SSL_API_PORT,\
- get_validated_string_input("SSL port ["+str(client_api_ssl_port)+"] ? ",\
- str(client_api_ssl_port), "^[0-9]{1,5}$", "Invalid port.", False, validatorFunction = is_valid_https_port))
- cert_was_imported = import_cert_and_key_action(security_server_keys_dir, properties)
- else:
- return False
-
- if cert_must_import and not cert_was_imported:
- print 'Setup of HTTPS failed. Exiting.'
- return False
-
- conf_file = find_properties_file()
- f = open(conf_file, 'w')
- properties.store(f, "Changed by 'ambari-server setup-https' command")
-
- ambari_user = read_ambari_user()
- if ambari_user:
- adjust_directory_permissions(ambari_user)
- return True
- except (KeyError), e:
- err = 'Property ' + str(e) + ' is not defined'
- raise FatalException(1, err)
- else:
- warning = "setup-https is not enabled in silent mode."
- raise NonFatalException(warning)
-
-
-def setup_component_https(component, command, property, alias):
-
- if not get_silent():
-
- jdk_path = find_jdk()
- if jdk_path is None:
- err = "No JDK found, please run the \"ambari-server setup\" " \
- "command to install a JDK automatically or install any " \
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR
- raise FatalException(1, err)
-
- properties = get_ambari_properties()
-
- use_https = properties.get_property(property) in ['true']
-
- if use_https:
- if get_YN_input("Do you want to disable HTTPS for " + component + " [y/n] (n)? ", False):
-
- truststore_path = get_truststore_path(properties)
- truststore_password = get_truststore_password(properties)
-
- run_component_https_cmd(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
-
- properties.process_pair(property, "false")
-
- else:
- return
- else:
- if get_YN_input("Do you want to configure HTTPS for " + component + " [y/n] (y)? ", True):
-
- truststore_type = get_truststore_type(properties)
- truststore_path = get_truststore_path(properties)
- truststore_password = get_truststore_password(properties)
-
- run_os_command(get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password))
-
- import_cert_path = get_validated_filepath_input(\
- "Enter path to " + component + " Certificate: ",\
- "Certificate not found")
-
- run_component_https_cmd(get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password))
-
- properties.process_pair(property, "true")
-
- else:
- return
-
- conf_file = find_properties_file()
- f = open(conf_file, 'w')
- properties.store(f, "Changed by 'ambari-server " + command + "' command")
-
- else:
- print command + " is not enabled in silent mode."
-
-
-def get_truststore_type(properties):
-
- truststore_type = properties.get_property(SSL_TRUSTSTORE_TYPE_PROPERTY)
- if not truststore_type:
- SSL_TRUSTSTORE_TYPE_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_TYPE_PROPERTY, "jks")
-
- truststore_type = get_validated_string_input(
- "TrustStore type [jks/jceks/pkcs12] {0}:".format(get_prompt_default(SSL_TRUSTSTORE_TYPE_DEFAULT)),
- SSL_TRUSTSTORE_TYPE_DEFAULT,
- "^(jks|jceks|pkcs12)?$", "Wrong type", False)
-
- if truststore_type:
- properties.process_pair(SSL_TRUSTSTORE_TYPE_PROPERTY, truststore_type)
-
- return truststore_type
-
-
-def get_truststore_path(properties):
-
- truststore_path = properties.get_property(SSL_TRUSTSTORE_PATH_PROPERTY)
- if not truststore_path:
- SSL_TRUSTSTORE_PATH_DEFAULT = get_value_from_properties(properties, SSL_TRUSTSTORE_PATH_PROPERTY)
-
- while not truststore_path:
- truststore_path = get_validated_string_input(
- "Path to TrustStore file {0}:".format(get_prompt_default(SSL_TRUSTSTORE_PATH_DEFAULT)),
- SSL_TRUSTSTORE_PATH_DEFAULT,
- ".*", False, False)
-
- if truststore_path:
- properties.process_pair(SSL_TRUSTSTORE_PATH_PROPERTY, truststore_path)
-
- return truststore_path
-
-
-def run_component_https_cmd(cmd):
- retcode, out, err = run_os_command(cmd)
-
- if not retcode == 0:
- err = 'Error occured during truststore setup ! :' + out + " : " + err
- raise FatalException(1, err)
-
-
-def get_delete_cert_command(jdk_path, alias, truststore_path, truststore_password):
- cmd = KEYTOOL_DELETE_CERT_CMD.format(jdk_path, alias, truststore_password)
- if truststore_path:
- cmd += KEYTOOL_KEYSTORE.format(truststore_path)
- return cmd
-
-
-def get_import_cert_command(jdk_path, alias, truststore_type, import_cert_path, truststore_path, truststore_password):
- cmd = KEYTOOL_IMPORT_CERT_CMD.format(jdk_path, alias, truststore_type, import_cert_path, truststore_password)
- if truststore_path:
- cmd += KEYTOOL_KEYSTORE.format(truststore_path)
- return cmd
-
-
-def import_cert_and_key_action(security_server_keys_dir, properties):
- if import_cert_and_key(security_server_keys_dir):
- properties.process_pair(SSL_SERVER_CERT_NAME, SSL_CERT_FILE_NAME)
- properties.process_pair(SSL_SERVER_KEY_NAME, SSL_KEY_FILE_NAME)
- properties.process_pair(SSL_API, "true")
- return True
- else:
- return False
-
-
-def import_cert_and_key(security_server_keys_dir):
- import_cert_path = get_validated_filepath_input(\
- "Enter path to Certificate: ",\
- "Certificate not found")
- import_key_path = get_validated_filepath_input(\
- "Enter path to Private Key: ", "Private Key not found")
- pem_password = get_validated_string_input("Please enter password for Private Key: ", "", None, None, True)
-
- certInfoDict = get_cert_info(import_cert_path)
-
- if not certInfoDict:
- print_warning_msg('Unable to get Certificate information')
- else:
- #Validate common name of certificate
- if not is_valid_cert_host(certInfoDict):
- print_warning_msg('Unable to validate Certificate hostname')
-
- #Validate issue and expirations dates of certificate
- if not is_valid_cert_exp(certInfoDict):
- print_warning_msg('Unable to validate Certificate issue and expiration dates')
-
- #jetty requires private key files with non-empty key passwords
- retcode = 0
- err = ''
- if not pem_password:
- print 'Generating random password for HTTPS keystore...done.'
- pem_password = generate_random_string()
- retcode, out, err = run_os_command(CHANGE_KEY_PWD_CND.format(
- import_key_path, pem_password))
- import_key_path += '.secured'
-
- if retcode == 0:
- keystoreFilePath = os.path.join(security_server_keys_dir,\
- SSL_KEYSTORE_FILE_NAME)
- keystoreFilePathTmp = os.path.join(tempfile.gettempdir(),\
- SSL_KEYSTORE_FILE_NAME)
- passFilePath = os.path.join(security_server_keys_dir,\
- SSL_KEY_PASSWORD_FILE_NAME)
- passFilePathTmp = os.path.join(tempfile.gettempdir(),\
- SSL_KEY_PASSWORD_FILE_NAME)
- passinFilePath = os.path.join(tempfile.gettempdir(),\
- SSL_PASSIN_FILE)
- passwordFilePath = os.path.join(tempfile.gettempdir(),\
- SSL_PASSWORD_FILE)
-
- with open(passFilePathTmp, 'w+') as passFile:
- passFile.write(pem_password)
- passFile.close
- pass
-
- set_file_permissions(passFilePath, "660", read_ambari_user(), False)
-
- copy_file(passFilePathTmp, passinFilePath)
- copy_file(passFilePathTmp, passwordFilePath)
-
- retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path,\
- import_key_path, passwordFilePath, passinFilePath, keystoreFilePathTmp))
- if retcode == 0:
- print 'Importing and saving Certificate...done.'
- import_file_to_keystore(keystoreFilePathTmp, keystoreFilePath)
- import_file_to_keystore(passFilePathTmp, passFilePath)
-
- import_file_to_keystore(import_cert_path, os.path.join(\
- security_server_keys_dir, SSL_CERT_FILE_NAME))
- import_file_to_keystore(import_key_path, os.path.join(\
- security_server_keys_dir, SSL_KEY_FILE_NAME))
-
- #Validate keystore
- retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath,\
- passwordFilePath, passinFilePath))
-
- remove_file(passinFilePath)
- remove_file(passwordFilePath)
-
- if not retcode == 0:
- print 'Error during keystore validation occured!:'
- print err
- return False
-
- return True
- else:
- print_error_msg('Could not import Certificate and Private Key.')
- print 'SSL error on exporting keystore: ' + err.rstrip() + \
- '.\nPlease ensure that provided Private Key password is correct and ' +\
- 're-import Certificate.'
-
- return False
-
-
-def import_file_to_keystore(source, destination):
- shutil.copy(source, destination)
- set_file_permissions(destination, "660", read_ambari_user(), False)
-
-
-def generate_random_string(length=SSL_KEY_PASSWORD_LENGTH):
- chars = string.digits + string.ascii_letters
- return ''.join(random.choice(chars) for x in range(length))
-
-
-def get_cert_info(path):
- retcode, out, err = run_os_command(GET_CRT_INFO_CMD.format(path))
-
- if retcode != 0:
- print 'Error getting Certificate info'
- print err
- return None
-
- if out:
- certInfolist = out.split(os.linesep)
- else:
- print 'Empty Certificate info'
- return None
-
- notBefore = None
- notAfter = None
- subject = None
-
- for item in range(len(certInfolist)):
-
- if certInfolist[item].startswith('notAfter='):
- notAfter = certInfolist[item].split('=')[1]
-
- if certInfolist[item].startswith('notBefore='):
- notBefore = certInfolist[item].split('=')[1]
-
- if certInfolist[item].startswith('subject='):
- subject = certInfolist[item].split('=', 1)[1]
-
- #Convert subj to dict
- pattern = re.compile(r"[A-Z]{1,2}=[\w.-]{1,}")
- if subject:
- subjList = pattern.findall(subject)
- keys = [item.split('=')[0] for item in subjList]
- values = [item.split('=')[1] for item in subjList]
- subjDict = dict(zip(keys, values))
-
- result = subjDict
- result['notBefore'] = notBefore
- result['notAfter'] = notAfter
- result['subject'] = subject
-
- return result
- else:
- return {}
-
-
-def is_valid_cert_exp(certInfoDict):
- if certInfoDict.has_key(NOT_BEFORE_ATTR):
- notBefore = certInfoDict[NOT_BEFORE_ATTR]
- else:
- print_warning_msg('There is no Not Before value in Certificate')
- return False
-
- if certInfoDict.has_key(NOT_AFTER_ATTR):
- notAfter = certInfoDict['notAfter']
- else:
- print_warning_msg('There is no Not After value in Certificate')
- return False
-
- notBeforeDate = datetime.datetime.strptime(notBefore, SSL_DATE_FORMAT)
- notAfterDate = datetime.datetime.strptime(notAfter, SSL_DATE_FORMAT)
-
- currentDate = datetime.datetime.now()
-
- if currentDate > notAfterDate:
- print_warning_msg('Certificate expired on: ' + str(notAfterDate))
- return False
-
- if currentDate < notBeforeDate:
- print_warning_msg('Certificate will be active from: ' + str(notBeforeDate))
- return False
-
- return True
-
-
-def is_valid_cert_host(certInfoDict):
- if certInfoDict.has_key(COMMON_NAME_ATTR):
- commonName = certInfoDict[COMMON_NAME_ATTR]
- else:
- print_warning_msg('There is no Common Name in Certificate')
- return False
-
- fqdn = get_fqdn()
-
- if not fqdn:
- print_warning_msg('Failed to get server FQDN')
- return False
-
- if commonName != fqdn:
- print_warning_msg('Common Name in Certificate: ' + commonName + ' does not match the server FQDN: ' + fqdn)
- return False
-
- return True
-
-
-def is_valid_https_port(port):
- properties = get_ambari_properties()
- if properties == -1:
- print "Error getting ambari properties"
- return False
-
- one_way_port = properties[SRVR_ONE_WAY_SSL_PORT_PROPERTY]
- if not one_way_port:
- one_way_port = SRVR_ONE_WAY_SSL_PORT
-
- two_way_port = properties[SRVR_TWO_WAY_SSL_PORT_PROPERTY]
- if not two_way_port:
- two_way_port = SRVR_TWO_WAY_SSL_PORT
-
- if port.strip() == one_way_port.strip():
- print "Port for https can't match the port for one way authentication port(" + one_way_port + ")"
- return False
-
- if port.strip() == two_way_port.strip():
- print "Port for https can't match the port for two way authentication port(" + two_way_port + ")"
- return False
-
- return True
-
-
-def get_fqdn():
- properties = get_ambari_properties()
- if properties == -1:
- print "Error reading ambari properties"
- return None
-
- get_fqdn_service_url = properties[GET_FQDN_SERVICE_URL]
- try:
- handle = urllib2.urlopen(get_fqdn_service_url, '', 2)
- str = handle.read()
- handle.close()
- return str
- except Exception:
- return socket.getfqdn().lower()
-
-
-def get_ulimit_open_files():
- properties = get_ambari_properties()
- if properties == -1:
- print "Error reading ambari properties"
- return None
-
- open_files = int(properties[ULIMIT_OPEN_FILES_KEY])
- if open_files > 0:
- return open_files
- else:
- return ULIMIT_OPEN_FILES_DEFAULT
-
-
-def is_valid_filepath(filepath):
- if not filepath or not os.path.exists(filepath) or os.path.isdir(filepath):
- print 'Invalid path, please provide the absolute file path.'
- return False
- else:
- return True
-
-
-def setup_ambari_krb5_jaas():
- jaas_conf_file = search_file(SECURITY_KERBEROS_JASS_FILENAME, get_conf_dir())
- if os.path.exists(jaas_conf_file):
- print 'Setting up Ambari kerberos JAAS configuration to access ' +\
- 'secured Hadoop daemons...'
- principal = get_validated_string_input('Enter ambari server\'s kerberos '
- 'principal name (ambari@EXAMPLE.COM): ', 'ambari@EXAMPLE.COM', '.*', '', False,
- False)
- keytab = get_validated_string_input('Enter keytab path for ambari '
- 'server\'s kerberos principal: ',
- '/etc/security/keytabs/ambari.keytab', '.*', False, False,
- validatorFunction=is_valid_filepath)
-
- for line in fileinput.FileInput(jaas_conf_file, inplace=1):
- line = re.sub('keyTab=.*$', 'keyTab="' + keytab + '"', line)
- line = re.sub('principal=.*$', 'principal="' + principal + '"', line)
- print line,
-
+def get_backup_path(args):
+ if len(args) == 2:
+ path = args[1]
else:
- raise NonFatalException('No jaas config file found at location: ' +
- jaas_conf_file)
-
+ path = None
+ return path
-def setup_security(args):
- need_restart = True
- #Print menu options
- print '=' * 75
- print 'Choose one of the following options: '
- print ' [1] Enable HTTPS for Ambari server.'
- print ' [2] Enable HTTPS for Ganglia service.'
- print ' [3] Encrypt passwords stored in ambari.properties file.'
- print ' [4] Setup Ambari kerberos JAAS configuration.'
- print '=' * 75
- choice = get_validated_string_input('Enter choice, (1-4): ', '0', '[1-4]',
- 'Invalid choice', False, False)
-
- if choice == '1':
- need_restart = setup_https(args)
- elif choice == '2':
- setup_component_https("Ganglia", "setup-ganglia-https", GANGLIA_HTTPS,
- "ganglia_cert")
- elif choice == '3':
- setup_master_key()
- elif choice == '4':
- setup_ambari_krb5_jaas()
- else:
- raise FatalException('Unknown option for setup-security command.')
-
- return need_restart
-
-def refresh_stack_hash():
- properties = get_ambari_properties()
- stack_location = get_stack_location(properties)
- # Hack: we determine resource dir as a parent dir for stack_location
- resources_location = os.path.dirname(stack_location)
- resource_files_keeper = ResourceFilesKeeper(resources_location)
-
- try:
- print "Organizing resource files at {0}...".format(resources_location,
- verbose=get_verbose())
- resource_files_keeper.perform_housekeeping()
- except KeeperException, ex:
- msg = "Can not organize resource files at {0}: {1}".format(
- resources_location, str(ex))
- raise FatalException(-1, msg)
-
-def backup(path):
+def backup(args):
print "Backup requested."
backup_command = ["BackupRestore", 'backup']
+ path = get_backup_path(args)
if not path is None:
backup_command.append(path)
BackupRestore_main(backup_command)
-def restore(path):
+def restore(args):
print "Restore requested."
restore_command = ["BackupRestore", 'restore']
+ path = get_backup_path(args)
if not path is None:
restore_command.append(path)
BackupRestore_main(restore_command)
-#
-# Main.
-#
-def main():
- parser = optparse.OptionParser(usage="usage: %prog [options] action [stack_id os]",)
- parser.add_option('-f', '--init-script-file',
- default='/var/lib/ambari-server/'
- 'resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql',
- help="File with setup script")
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def init_parser_options(parser):
+ parser.add_option('-f', '--init-script-file', dest="init_db_script_file",
+ default="resources" + os.sep + "Ambari-DDL-SQLServer-CREATE.sql",
+ help="File with database setup script")
+ parser.add_option('-r', '--drop-script-file', dest="cleanup_db_script_file",
+ default="resources" + os.sep + "Ambari-DDL-SQLServer-DROP.sql",
+ help="File with database cleanup script")
+ parser.add_option('-j', '--java-home', dest="java_home", default=None,
+ help="Use specified java_home. Must be valid on all hosts")
+ parser.add_option("-v", "--verbose",
+ action="store_true", dest="verbose", default=False,
+ help="Print verbose status messages")
+ parser.add_option("-s", "--silent",
+ action="store_true", dest="silent", default=False,
+ help="Silently accepts default prompt values")
+ parser.add_option('-g', '--debug', action="store_true", dest='debug', default=False,
+ help="Start ambari-server in debug mode")
+ parser.add_option('-y', '--suspend-start', action="store_true", dest='suspend_start', default=False,
+ help="Freeze ambari-server Java process at startup in debug mode")
+
+ parser.add_option('-a', '--databasehost', dest="database_host", default=None,
+ help="Hostname of database server")
+ parser.add_option('-n', '--databaseport', dest="database_port", default=None,
+ help="Database server listening port")
+ parser.add_option('-d', '--databasename', dest="database_name", default=None,
+ help="Database/Schema/Service name or ServiceID")
+ parser.add_option('-w', '--windowsauth', action="store_true", dest="database_windows_auth", default=None,
+ help="Integrated Windows authentication")
+ parser.add_option('-u', '--databaseusername', dest="database_username", default=None,
+ help="Database user login")
+ parser.add_option('-p', '--databasepassword', dest="database_password", default=None,
+ help="Database user password")
+ parser.add_option('--jdbc-driver', default=None, dest="jdbc_driver",
+ help="Specifies the path to the JDBC driver JAR file for the " \
+ "database type specified with the --jdbc-db option. Used only with --jdbc-db option.")
+ # -b, -i, -k and -x the remaining available short options
+ # -h reserved for help
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def init_parser_options(parser):
+ optparse.Option('-f', '--init-script-file',
+ default='/var/lib/ambari-server/'
+ 'resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql',
+ help="File with setup script")
parser.add_option('-r', '--drop-script-file', default="/var/lib/"
- "ambari-server/resources/"
- "Ambari-DDL-Postgres-EMBEDDED-DROP.sql",
- help="File with drop script")
+ "ambari-server/resources/"
+ "Ambari-DDL-Postgres-EMBEDDED-DROP.sql",
+ help="File with drop script")
parser.add_option('-u', '--upgrade-script-file', default="/var/lib/"
- "ambari-server/resources/upgrade/ddl/"
- "Ambari-DDL-Postgres-UPGRADE-1.3.0.sql",
- help="File with upgrade script")
+ "ambari-server/resources/upgrade/ddl/"
+ "Ambari-DDL-Postgres-UPGRADE-1.3.0.sql",
+ help="File with upgrade script")
parser.add_option('-t', '--upgrade-stack-script-file', default="/var/lib/"
- "ambari-server/resources/upgrade/dml/"
- "Ambari-DML-Postgres-UPGRADE_STACK.sql",
- help="File with stack upgrade script")
+ "ambari-server/resources/upgrade/dml/"
+ "Ambari-DML-Postgres-UPGRADE_STACK.sql",
+ help="File with stack upgrade script")
parser.add_option('-j', '--java-home', default=None,
- help="Use specified java_home. Must be valid on all hosts")
+ help="Use specified java_home. Must be valid on all hosts")
parser.add_option("-v", "--verbose",
- action="store_true", dest="verbose", default=False,
- help="Print verbose status messages")
+ action="store_true", dest="verbose", default=False,
+ help="Print verbose status messages")
parser.add_option("-s", "--silent",
- action="store_true", dest="silent", default=False,
- help="Silently accepts default prompt values")
+ action="store_true", dest="silent", default=False,
+ help="Silently accepts default prompt values")
parser.add_option('-g', '--debug', action="store_true", dest='debug', default=False,
help="Start ambari-server in debug mode")
parser.add_option('-y', '--suspend-start', action="store_true", dest='suspend_start', default=False,
help="Freeze ambari-server Java process at startup in debug mode")
-
- parser.add_option('--all', action="store_true", default=False, help="LDAP sync all Ambari users and groups", dest="ldap_sync_all")
- parser.add_option('--existing', action="store_true", default=False, help="LDAP sync existing Ambari users and groups only", dest="ldap_sync_existing")
- parser.add_option('--users', default=None, help="Specifies the path to the LDAP sync users CSV file.", dest="ldap_sync_users")
- parser.add_option('--groups', default=None, help="Specifies the path to the LDAP sync groups CSV file.", dest="ldap_sync_groups")
-
+ parser.add_option('--all', action="store_true", default=False, help="LDAP sync all Ambari users and groups",
+ dest="ldap_sync_all")
+ parser.add_option('--existing', action="store_true", default=False,
+ help="LDAP sync existing Ambari users and groups only", dest="ldap_sync_existing")
+ parser.add_option('--users', default=None, help="Specifies the path to the LDAP sync users CSV file.",
+ dest="ldap_sync_users")
+ parser.add_option('--groups', default=None, help="Specifies the path to the LDAP sync groups CSV file.",
+ dest="ldap_sync_groups")
parser.add_option('--database', default=None, help="Database to use embedded|oracle|mysql|postgres", dest="dbms")
parser.add_option('--databasehost', default=None, help="Hostname of database server", dest="database_host")
parser.add_option('--databaseport', default=None, help="Database port", dest="database_port")
@@ -1591,64 +355,83 @@ def main():
parser.add_option('--databaseusername', default=None, help="Database user login", dest="database_username")
parser.add_option('--databasepassword', default=None, help="Database user password", dest="database_password")
parser.add_option('--sidorsname', default="sname", help="Oracle database identifier type, Service ID/Service "
- "Name sid|sname", dest="sid_or_sname")
+ "Name sid|sname", dest="sid_or_sname")
parser.add_option('--jdbc-driver', default=None, help="Specifies the path to the JDBC driver JAR file for the " \
- "database type specified with the --jdbc-db option. Used only with --jdbc-db option.",
+ "database type specified with the --jdbc-db option. Used only with --jdbc-db option.",
dest="jdbc_driver")
parser.add_option('--jdbc-db', default=None, help="Specifies the database type [postgres|mysql|oracle] for the " \
- "JDBC driver specified with the --jdbc-driver option. Used only with --jdbc-driver option.", dest="jdbc_db")
- (options, args) = parser.parse_args()
-
- # set verbose
- set_verbose(options.verbose)
+ "JDBC driver specified with the --jdbc-driver option. Used only with --jdbc-driver option.",
+ dest="jdbc_db")
- # set silent
- set_silent(options.silent)
- # debug mode
- set_debug_mode_from_options(options)
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def are_cmd_line_db_args_blank(options):
+ if (options.database_host is None \
+ and options.database_name is None \
+ and options.database_windows_auth is None \
+ and options.database_username is None \
+ and options.database_password is None):
+ return True
+ return False
- # set ldap_sync_all
- global LDAP_SYNC_ALL
- LDAP_SYNC_ALL = options.ldap_sync_all
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def are_cmd_line_db_args_blank(options):
+ if options.dbms is None \
+ and options.database_host is None \
+ and options.database_port is None \
+ and options.database_name is None \
+ and options.database_username is None \
+ and options.database_password is None:
+ return True
+ return False
- # set ldap_sync_existing
- global LDAP_SYNC_EXISTING
- LDAP_SYNC_EXISTING = options.ldap_sync_existing
- # set ldap_sync_users
- global LDAP_SYNC_USERS
- LDAP_SYNC_USERS = options.ldap_sync_users
+def are_db_auth_options_ok(db_windows_auth, db_username, db_password):
+ if db_windows_auth is True:
+ return True
+ else:
+ if db_username is not None and db_username is not "" and db_password is not None and db_password is not "":
+ return True
+ return False
- # set ldap_sync_groups
- global LDAP_SYNC_GROUPS
- LDAP_SYNC_GROUPS = options.ldap_sync_groups
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def are_cmd_line_db_args_valid(options):
+ if (options.database_host is not None and options.database_host is not "" \
+ #and options.database_name is not None \ # ambari by default is ok
+ and are_db_auth_options_ok(options.database_windows_auth,
+ options.database_username,
+ options.database_password)):
+ return True
+ return False
- #perform checks
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def are_cmd_line_db_args_valid(options):
+ if options.dbms is not None \
+ and options.database_host is not None \
+ and options.database_port is not None \
+ and options.database_name is not None \
+ and options.database_username is not None \
+ and options.database_password is not None:
+ return True
+ return False
- options.warnings = []
- if options.dbms is None \
- and options.database_host is None \
- and options.database_port is None \
- and options.database_name is None \
- and options.database_username is None \
- and options.database_password is None:
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def init_debug(options):
+ if options.debug:
+ sys.frozen = 'windows_exe' # Fake py2exe so we can debug
- options.must_set_database_options = True
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def init_debug(options):
+ pass
- elif not (options.dbms is not None
- and options.database_host is not None
- and options.database_port is not None
- and options.database_name is not None
- and options.database_username is not None
- and options.database_password is not None):
- parser.error('All database options should be set. Please see help for the options.')
- else:
- options.must_set_database_options = False
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def fix_database_options(options, parser):
+ pass
- #correct database
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def fix_database_options(options, parser):
if options.dbms == 'embedded':
print "WARNING: HostName for postgres server " + options.database_host + \
" will be ignored: using localhost."
@@ -1656,14 +439,13 @@ def main():
options.dbms = 'postgres'
options.persistence_type = 'local'
options.database_index = 0
- pass
elif options.dbms is not None and options.dbms not in DATABASE_NAMES:
parser.print_help()
parser.error("Unsupported Database " + options.dbms)
elif options.dbms is not None:
options.dbms = options.dbms.lower()
- #correct port
+ # correct port
if options.database_port is not None:
correct = False
try:
@@ -1681,7 +463,6 @@ def main():
parser.error("Option --jdbc-db is used only in pair with --jdbc-driver")
elif options.jdbc_driver is not None and options.jdbc_db is None:
parser.error("Option --jdbc-driver is used only in pair with --jdbc-db")
-
if options.sid_or_sname.lower() not in ["sid", "sname"]:
print "WARNING: Valid values for sid_or_sname are 'sid' or 'sname'. Use 'sid' if the db identifier type is " \
"Service ID. Use 'sname' if the db identifier type is Service Name"
@@ -1690,82 +471,106 @@ def main():
else:
options.sid_or_sname = options.sid_or_sname.lower()
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def create_user_action_map(args, options):
+ action_map = {
+ SETUP_ACTION: UserAction(winsetup, options),
+ START_ACTION: UserAction(svcstart),
+ PSTART_ACTION: UserAction(start, options),
+ STOP_ACTION: UserAction(stop),
+ RESET_ACTION: UserAction(reset, options),
+ STATUS_ACTION: UserAction(status, options),
+ UPGRADE_ACTION: UserAction(upgrade, options),
+ LDAP_SETUP_ACTION: UserAction(setup_ldap),
+ SETUP_SECURITY_ACTION: UserActionRestart(setup_security, options),
+ }
+ return action_map
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def create_user_action_map(args, options):
+ action_map = {
+ SETUP_ACTION: UserAction(setup, options),
+ START_ACTION: UserAction(start, options),
+ STOP_ACTION: UserAction(stop, options),
+ RESET_ACTION: UserAction(reset, options),
+ STATUS_ACTION: UserAction(status, options),
+ UPGRADE_ACTION: UserAction(upgrade, options),
+ UPGRADE_STACK_ACTION: UserActionPossibleArgs(upgrade_stack, [2, 4], args),
+ LDAP_SETUP_ACTION: UserAction(setup_ldap),
+ LDAP_SYNC_ACTION: UserAction(sync_ldap, options),
+ SETUP_SECURITY_ACTION: UserActionRestart(setup_security, options),
+ REFRESH_STACK_HASH_ACTION: UserAction(refresh_stack_hash_action),
+ BACKUP_ACTION: UserActionPossibleArgs(backup, [1, 2], args),
+ RESTORE_ACTION: UserActionPossibleArgs(restore, [1, 2], args)
+ }
+ return action_map
+
+
+#
+# Main.
+#
+def main():
+ parser = optparse.OptionParser(usage="usage: %prog [options] action [stack_id os]",)
+ init_parser_options(parser)
+ (options, args) = parser.parse_args()
+
+ # set verbose
+ set_verbose(options.verbose)
+
+ # set silent
+ set_silent(options.silent)
+
+ # debug mode
+ set_debug_mode_from_options(options)
+ init_debug(options)
+
+ #perform checks
+
+ options.warnings = []
+
+ if are_cmd_line_db_args_blank(options):
+ options.must_set_database_options = True
+ elif not are_cmd_line_db_args_valid(options):
+ parser.error('All database options should be set. Please see help for the options.')
+ else:
+ options.must_set_database_options = False
+
+ #correct database
+ fix_database_options(options, parser)
+
if len(args) == 0:
print parser.print_help()
parser.error("No action entered")
+ action_map = create_user_action_map(args, options)
+
action = args[0]
- if action == UPGRADE_STACK_ACTION:
- possible_args_numbers = [2,4] # OR
- elif action == BACKUP_ACTION or action == RESTORE_ACTION:
- possible_args_numbers = [1,2]
- else:
- possible_args_numbers = [1]
+ try:
+ action_obj = action_map[action]
+ except KeyError:
+ parser.error("Invalid action: " + action)
matches = 0
- for args_number_required in possible_args_numbers:
+ for args_number_required in action_obj.possible_args_numbers:
matches += int(len(args) == args_number_required)
if matches == 0:
print parser.print_help()
- possible_args = ' or '.join(str(x) for x in possible_args_numbers)
+ possible_args = ' or '.join(str(x) for x in action_obj.possible_args_numbers)
parser.error("Invalid number of arguments. Entered: " + str(len(args)) + ", required: " + possible_args)
options.exit_message = "Ambari Server '%s' completed successfully." % action
- need_restart = True
+
try:
- if action == SETUP_ACTION:
- setup(options)
- elif action == START_ACTION:
- start(options)
- elif action == STOP_ACTION:
- stop(options)
- elif action == RESET_ACTION:
- reset(options)
- elif action == STATUS_ACTION:
- status(options)
- elif action == UPGRADE_ACTION:
- upgrade(options)
- elif action == UPGRADE_STACK_ACTION:
- stack_id = args[1]
- repo_url = None
- repo_url_os = None
-
- if len(args) > 2:
- repo_url = args[2]
- if len(args) > 3:
- repo_url_os = args[3]
-
- upgrade_stack(options, stack_id, repo_url, repo_url_os)
- elif action == LDAP_SETUP_ACTION:
- setup_ldap()
- elif action == LDAP_SYNC_ACTION:
- sync_ldap()
- elif action == SETUP_SECURITY_ACTION:
- need_restart = setup_security(options)
- elif action == REFRESH_STACK_HASH_ACTION:
- refresh_stack_hash()
- elif action == BACKUP_ACTION:
- if len(args) == 2:
- path = args[1]
- else:
- path = None
- backup(path)
- elif action == RESTORE_ACTION:
- if len(args) == 2:
- path = args[1]
- else:
- path = None
- restore(path)
- else:
- parser.error("Invalid action")
-
- if action in ACTION_REQUIRE_RESTART and need_restart:
+ action_obj.execute()
+
+ if action_obj.need_restart:
pstatus, pid = is_server_runing()
if pstatus:
print 'NOTE: Restart Ambari Server to apply changes' + \
- ' ("ambari-server restart|stop|start")'
+ ' ("ambari-server restart|stop+start")'
if options.warnings:
for warning in options.warnings:
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/dbConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration.py b/ambari-server/src/main/python/ambari_server/dbConfiguration.py
index 74bf194..819c5c3 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration.py
@@ -17,6 +17,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
'''
+import glob
import os
from ambari_commons import OSConst
@@ -26,7 +27,7 @@ from ambari_commons.os_family_impl import OsFamilyImpl
from ambari_server.serverConfiguration import decrypt_password_for_alias, get_value_from_properties, get_is_secure, \
is_alias_string, \
JDBC_PASSWORD_PROPERTY, JDBC_RCA_PASSWORD_ALIAS, PRESS_ENTER_MSG, get_ambari_properties, update_properties, \
- RESOURCES_DIR_PROPERTY
+ RESOURCES_DIR_PROPERTY, JDBC_PATTERNS, configDefaults
from ambari_server.userInput import get_validated_string_input
@@ -273,6 +274,9 @@ class DBMSConfigFactory(object):
"""
pass
+ def get_supported_dbms(self):
+ return []
+
#
# Database configuration factory for Windows
#
@@ -300,6 +304,9 @@ class DBMSConfigFactoryWindows(DBMSConfigFactory):
from ambari_server.dbConfiguration_windows import createSQLServerConfig
return createSQLServerConfig(options, properties, STORAGE_TYPE_REMOTE, dbId)
+ def get_supported_dbms(self):
+ return self.DBMS_KEYS_LIST
+
def get_supported_jdbc_drivers(self):
return self.DBMS_KEYS_LIST
@@ -481,3 +488,26 @@ def check_jdbc_drivers(args):
db_idx += 1
finally:
args.database_index = db_idx_orig
+
+
+#Check the JDBC driver status
+#If not found abort
+#Get SQL Server service status from SCM
+#If 'stopped' then start it
+#Wait until the status is 'started' or a configured timeout elapses
+#If the timeout has been reached, bail out with exception
+def ensure_dbms_is_running(options, properties, scmStatus=None):
+ factory = DBMSConfigFactory()
+ dbms = factory.create(options, properties)
+ result = dbms._is_jdbc_driver_installed(properties)
+ if result == -1:
+ raise FatalException(-1, "JDBC driver is not installed. Run ambari-server setup and try again.")
+ dbms.ensure_dbms_is_running(options, properties, scmStatus)
+
+
+def ensure_jdbc_driver_is_installed(options, properties):
+ factory = DBMSConfigFactory()
+ dbms = factory.create(options, properties)
+ result = dbms._is_jdbc_driver_installed(properties)
+ if result == -1:
+ raise FatalException(-1, dbms.JDBC_DRIVER_INSTALL_MSG)
[2/5] ambari git commit: AMBARI-8317 AMBARI-8317 Refactor the
OS-dependent Ambari Server Windows components - Part 2
Posted by fb...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server/userInput.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/userInput.py b/ambari-server/src/main/python/ambari_server/userInput.py
index c15d335..db08dac 100644
--- a/ambari-server/src/main/python/ambari_server/userInput.py
+++ b/ambari-server/src/main/python/ambari_server/userInput.py
@@ -119,3 +119,36 @@ def get_prompt_default(defaultStr=None):
return ""
else:
return '(' + defaultStr + ')'
+
+
+def read_password(passwordDefault,
+ passwordPattern,
+ passwordPrompt=None,
+ passwordDescr=None):
+
+ input = True
+ while(input):
+ # setup password
+ if passwordPrompt is None:
+ passwordPrompt = 'Password (' + passwordDefault + '): '
+
+ if passwordDescr is None:
+ passwordDescr = "Invalid characters in password. Use only alphanumeric or " \
+ "_ or - characters"
+
+ password = get_validated_string_input(passwordPrompt, passwordDefault,
+ passwordPattern, passwordDescr, True)
+ if not password:
+ print 'Password cannot be blank.'
+ continue
+
+ if password != passwordDefault:
+ password1 = get_validated_string_input("Re-enter password: ",
+ passwordDefault, passwordPattern, passwordDescr, True)
+ if password != password1:
+ print "Passwords do not match"
+ continue
+
+ input = False
+
+ return password
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_server_main.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server_main.py b/ambari-server/src/main/python/ambari_server_main.py
new file mode 100644
index 0000000..e655eb2
--- /dev/null
+++ b/ambari-server/src/main/python/ambari_server_main.py
@@ -0,0 +1,361 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+import getpass
+
+import os
+import stat
+import subprocess
+import tempfile
+import sys
+
+from ambari_commons.exceptions import FatalException
+from ambari_commons.logging_utils import get_debug_mode, get_verbose, print_warning_msg, print_info_msg, \
+ set_debug_mode_from_options
+from ambari_commons.os_check import OSConst
+from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
+from ambari_commons.os_utils import is_root
+from ambari_server.dbConfiguration import ensure_dbms_is_running, ensure_jdbc_driver_is_installed
+from ambari_server.serverConfiguration import configDefaults, find_jdk, get_ambari_classpath, get_ambari_properties, \
+ get_conf_dir, get_is_persisted, get_is_secure, get_java_exe_path, get_original_master_key, read_ambari_user, \
+ PID_NAME, RESOURCES_DIR_DEFAULT, RESOURCES_DIR_PROPERTY, SECURITY_KEY_ENV_VAR_NAME, SECURITY_MASTER_KEY_LOCATION, \
+ SETUP_OR_UPGRADE_MSG, check_database_name_property, parse_properties_file
+from ambari_server.serverUtils import is_server_runing, refresh_stack_hash
+from ambari_server.setupHttps import get_fqdn
+from ambari_server.setupSecurity import save_master_key
+from ambari_server.utils import check_reverse_lookup, save_pid, locate_file, looking_for_pid, wait_for_pid, \
+ save_main_pid_ex, check_exitcode
+
+
+# debug settings
+SERVER_START_DEBUG = False
+SUSPEND_START_MODE = False
+
+# server commands
+ambari_provider_module_option = ""
+ambari_provider_module = os.environ.get('AMBARI_PROVIDER_MODULE')
+if ambari_provider_module is not None:
+ ambari_provider_module_option = "-Dprovider.module.class=" + \
+ ambari_provider_module + " "
+
+jvm_args = os.getenv('AMBARI_JVM_ARGS', '-Xms512m -Xmx2048m')
+
+SERVER_START_CMD = "{0} " \
+ "-server -XX:NewRatio=3 " \
+ "-XX:+UseConcMarkSweepGC " + \
+ "-XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 " + \
+ "{1} {2} " \
+ "-cp {3} "\
+ "org.apache.ambari.server.controller.AmbariServer " \
+ "> {4} 2>&1 || echo $? > {5} &"
+SERVER_START_CMD_DEBUG = "{0} " \
+ "-server -XX:NewRatio=2 " \
+ "-XX:+UseConcMarkSweepGC " + \
+ "{1} {2} " \
+ " -Xdebug -Xrunjdwp:transport=dt_socket,address=5005," \
+ "server=y,suspend={6} " \
+ "-cp {3} " + \
+ "org.apache.ambari.server.controller.AmbariServer " \
+ "> {4} 2>&1 || echo $? > {5} &"
+
+SERVER_START_CMD_WINDOWS = "{0} " \
+ "-server -XX:NewRatio=3 " \
+ "-XX:+UseConcMarkSweepGC " + \
+ "-XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 " \
+ "{1} {2} " \
+ "-cp {3} " \
+ "org.apache.ambari.server.controller.AmbariServer"
+SERVER_START_CMD_DEBUG_WINDOWS = "{0} " \
+ "-server -XX:NewRatio=2 " \
+ "-XX:+UseConcMarkSweepGC " \
+ "{1} {2} " \
+ "-Xdebug -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend={4} " \
+ "-cp {3}" \
+ "org.apache.ambari.server.controller.AmbariServer"
+
+SERVER_INIT_TIMEOUT = 5
+SERVER_START_TIMEOUT = 10
+
+SERVER_PING_TIMEOUT_WINDOWS = 5
+SERVER_PING_ATTEMPTS_WINDOWS = 4
+
+SERVER_SEARCH_PATTERN = "org.apache.ambari.server.controller.AmbariServer"
+
+EXITCODE_NAME = "ambari-server.exitcode"
+
+AMBARI_SERVER_DIE_MSG = "Ambari Server java process died with exitcode {0}. Check {1} for more information."
+
+# linux open-file limit
+ULIMIT_OPEN_FILES_KEY = 'ulimit.open.files'
+ULIMIT_OPEN_FILES_DEFAULT = 10000
+
+
+def get_resources_location(properties):
+ res_location = properties[RESOURCES_DIR_PROPERTY]
+ if res_location is None:
+ res_location = RESOURCES_DIR_DEFAULT
+ return res_location
+
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def ensure_can_start_under_current_user(ambari_user):
+ #Ignore the requirement to run as root. In Windows, by default the child process inherits the security context
+ # and the environment from the parent process.
+ return ""
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def ensure_can_start_under_current_user(ambari_user):
+ current_user = getpass.getuser()
+ if ambari_user is None:
+ err = "Unable to detect a system user for Ambari Server.\n" + SETUP_OR_UPGRADE_MSG
+ raise FatalException(1, err)
+ if current_user != ambari_user and not is_root():
+ err = "Unable to start Ambari Server as user {0}. Please either run \"ambari-server start\" " \
+ "command as root, as sudo or as user \"{1}\"".format(current_user, ambari_user)
+ raise FatalException(1, err)
+ return current_user
+
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def ensure_server_security_is_configured():
+ pass
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def ensure_server_security_is_configured():
+ if not is_root():
+ print "Unable to check iptables status when starting without root privileges."
+ print "Please do not forget to disable or adjust iptables if needed"
+
+
+def get_ulimit_open_files(properties):
+ open_files_val = properties[ULIMIT_OPEN_FILES_KEY]
+ open_files = int(open_files_val) if (open_files_val and int(open_files_val) > 0) else ULIMIT_OPEN_FILES_DEFAULT
+ return open_files
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode):
+ if class_path.find(' ') != -1:
+ conf_dir = '"' + class_path + '"'
+ command_base = SERVER_START_CMD_DEBUG_WINDOWS if debug_start else SERVER_START_CMD_WINDOWS
+ command = command_base.format(
+ java_exe,
+ ambari_provider_module_option,
+ jvm_args,
+ conf_dir,
+ suspend_mode)
+ return command
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def generate_child_process_param_list(ambari_user, current_user, java_exe, class_path, debug_start, suspend_mode):
+ from ambari_commons.os_linux import ULIMIT_CMD
+
+ properties = get_ambari_properties()
+
+ isSecure = get_is_secure(properties)
+ (isPersisted, masterKeyFile) = get_is_persisted(properties)
+ environ = os.environ.copy()
+ # Need to handle master key not persisted scenario
+ if isSecure and not masterKeyFile:
+ prompt = False
+ masterKey = environ.get(SECURITY_KEY_ENV_VAR_NAME)
+
+ if masterKey is not None and masterKey != "":
+ pass
+ else:
+ keyLocation = environ.get(SECURITY_MASTER_KEY_LOCATION)
+
+ if keyLocation is not None:
+ try:
+ # Verify master key can be read by the java process
+ with open(keyLocation, 'r'):
+ pass
+ except IOError:
+ print_warning_msg("Cannot read Master key from path specified in "
+ "environemnt.")
+ prompt = True
+ else:
+ # Key not provided in the environment
+ prompt = True
+
+ if prompt:
+ import pwd
+
+ masterKey = get_original_master_key(properties)
+ tempDir = tempfile.gettempdir()
+ tempFilePath = tempDir + os.sep + "masterkey"
+ save_master_key(masterKey, tempFilePath, True)
+ if ambari_user != current_user:
+ uid = pwd.getpwnam(ambari_user).pw_uid
+ gid = pwd.getpwnam(ambari_user).pw_gid
+ os.chown(tempFilePath, uid, gid)
+ else:
+ os.chmod(tempFilePath, stat.S_IREAD | stat.S_IWRITE)
+
+ if tempFilePath is not None:
+ environ[SECURITY_MASTER_KEY_LOCATION] = tempFilePath
+
+ command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
+
+ command = "%s %s; %s" % (ULIMIT_CMD, str(get_ulimit_open_files(properties)),
+ command_base.format(java_exe,
+ ambari_provider_module_option,
+ jvm_args,
+ class_path,
+ configDefaults.SERVER_OUT_FILE,
+ os.path.join(configDefaults.PID_DIR, EXITCODE_NAME),
+ suspend_mode)
+ )
+
+ # required to start properly server instance
+ os.chdir(configDefaults.ROOT_FS_PATH)
+
+ #For properly daemonization server should be started using shell as parent
+ if is_root() and ambari_user != "root":
+ # To inherit exported environment variables (especially AMBARI_PASSPHRASE),
+ # from subprocess, we have to skip --login option of su command. That's why
+ # we change dir to / (otherwise subprocess can face with 'permission denied'
+ # errors while trying to list current directory
+ param_list = [locate_file('su', '/bin'), ambari_user, "-s", locate_file('sh', '/bin'), "-c", command]
+ else:
+ param_list = [locate_file('sh', '/bin'), "-c", command]
+ return param_list
+
+@OsFamilyFuncImpl(OSConst.WINSRV_FAMILY)
+def wait_for_server_start(pidFile, scmStatus):
+ # Wait for the HTTP port to be open
+ iter_start = 0
+ while iter_start < SERVER_PING_ATTEMPTS_WINDOWS and not get_fqdn(SERVER_PING_TIMEOUT_WINDOWS):
+ if scmStatus is not None:
+ scmStatus.reportStartPending()
+ iter_start += 1
+
+@OsFamilyFuncImpl(OsFamilyImpl.DEFAULT)
+def wait_for_server_start(pidFile, scmStatus):
+ #wait for server process for SERVER_START_TIMEOUT seconds
+ sys.stdout.write('Waiting for server start...')
+ sys.stdout.flush()
+
+ pids = looking_for_pid(SERVER_SEARCH_PATTERN, SERVER_INIT_TIMEOUT)
+ found_pids = wait_for_pid(pids, SERVER_START_TIMEOUT)
+
+ sys.stdout.write('\n')
+ sys.stdout.flush()
+
+ if found_pids <= 0:
+ exitcode = check_exitcode(os.path.join(configDefaults.PID_DIR, EXITCODE_NAME))
+ raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
+ else:
+ save_main_pid_ex(pids, pidFile, [locate_file('sh', '/bin'),
+ locate_file('bash', '/bin')], True)
+
+
+def server_process_main(options, scmStatus=None):
+ # debug mode, including stop Java process at startup
+ try:
+ set_debug_mode_from_options(options)
+ except AttributeError:
+ pass
+
+ if not check_reverse_lookup():
+ print_warning_msg("The hostname was not found in the reverse DNS lookup. "
+ "This may result in incorrect behavior. "
+ "Please check the DNS setup and fix the issue.")
+
+ check_database_name_property()
+ parse_properties_file(options)
+
+ ambari_user = read_ambari_user()
+ current_user = ensure_can_start_under_current_user(ambari_user)
+
+ print_info_msg("Ambari Server is not running...")
+
+ jdk_path = find_jdk()
+ if jdk_path is None:
+ err = "No JDK found, please run the \"ambari-server setup\" " \
+ "command to install a JDK automatically or install any " \
+ "JDK manually to " + configDefaults.JDK_INSTALL_DIR
+ raise FatalException(1, err)
+
+ properties = get_ambari_properties()
+
+ # Preparations
+ if is_root():
+ print configDefaults.MESSAGE_SERVER_RUNNING_AS_ROOT
+
+ ensure_jdbc_driver_is_installed(options, properties)
+
+ ensure_dbms_is_running(options, properties, scmStatus)
+
+ if scmStatus is not None:
+ scmStatus.reportStartPending()
+
+ refresh_stack_hash(properties)
+
+ if scmStatus is not None:
+ scmStatus.reportStartPending()
+
+ ensure_server_security_is_configured()
+
+ if scmStatus is not None:
+ scmStatus.reportStartPending()
+
+ java_exe = get_java_exe_path()
+
+ class_path = get_conf_dir()
+ class_path = os.path.abspath(class_path) + os.pathsep + get_ambari_classpath()
+
+ debug_mode = get_debug_mode()
+ debug_start = (debug_mode & 1) or SERVER_START_DEBUG
+ suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
+ suspend_mode = 'y' if suspend_start else 'n'
+
+ param_list = generate_child_process_param_list(ambari_user, current_user,
+ java_exe, class_path, debug_start, suspend_mode)
+
+ if not os.path.exists(configDefaults.PID_DIR):
+ os.makedirs(configDefaults.PID_DIR, 0755)
+
+ environ = os.environ.copy()
+ print_info_msg("Running server: " + str(param_list))
+ procJava = subprocess.Popen(param_list, env=environ)
+
+ pidJava = procJava.pid
+ if pidJava <= 0:
+ procJava.terminate()
+ exitcode = procJava.returncode
+ exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
+ save_pid(exitcode, exitfile)
+
+ if scmStatus is not None:
+ scmStatus.reportStopPending()
+
+ raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
+ else:
+ pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
+ save_pid(pidJava, pidfile)
+ print "Server PID at: "+pidfile
+ print "Server out at: "+configDefaults.SERVER_OUT_FILE
+ print "Server log at: "+configDefaults.SERVER_LOG_FILE
+
+ wait_for_server_start(pidfile, scmStatus)
+
+ if scmStatus is not None:
+ scmStatus.reportStarted()
+
+ return procJava
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari_windows_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_windows_service.py b/ambari-server/src/main/python/ambari_windows_service.py
new file mode 100644
index 0000000..8e86163
--- /dev/null
+++ b/ambari-server/src/main/python/ambari_windows_service.py
@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+
+'''
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+'''
+import optparse
+
+import os
+import sys
+
+from ambari_commons.ambari_service import AmbariService
+from ambari_commons.logging_utils import set_silent, set_verbose, print_info_msg
+from ambari_commons.os_utils import remove_file
+from ambari_commons.os_windows import SvcStatusCallback
+from ambari_server.serverConfiguration import configDefaults, get_ambari_properties, get_value_from_properties, \
+ DEBUG_MODE_KEY, PID_NAME, SERVER_OUT_FILE_KEY, SERVICE_PASSWORD_KEY, SERVICE_USERNAME_KEY, SUSPEND_START_MODE_KEY, \
+ VERBOSE_OUTPUT_KEY
+
+
+class AmbariServerService(AmbariService):
+ AmbariService._svc_name_ = "Ambari Server"
+ AmbariService._svc_display_name_ = "Ambari Server"
+ AmbariService._svc_description_ = "Ambari Server"
+
+ AmbariService._AdjustServiceVersion()
+
+ # Adds the necessary script dir to the Python's modules path
+ def _adjustPythonPath(self, current_dir):
+ python_path = os.path.join(current_dir, "sbin")
+ sys.path.insert(0, python_path)
+ print_info_msg("sys.path=" + str(sys.path))
+
+ def SvcDoRun(self):
+ from ambari_server_main import server_process_main
+
+ scmStatus = SvcStatusCallback(self)
+
+ properties = get_ambari_properties()
+ self.options.verbose = get_value_from_properties(properties, VERBOSE_OUTPUT_KEY, False)
+ self.options.debug = get_value_from_properties(properties, DEBUG_MODE_KEY, False)
+ self.options.suspend_start = get_value_from_properties(properties, SUSPEND_START_MODE_KEY, False)
+
+ # set verbose
+ set_verbose(self.options.verbose)
+
+ self.redirect_output_streams()
+
+ childProc = server_process_main(self.options, scmStatus)
+
+ if not self._StopOrWaitForChildProcessToFinish(childProc):
+ return
+
+ pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME)
+ remove_file(pid_file_path)
+ pass
+
+ def _InitOptionsParser(self):
+ # No command-line options needed when starting as a service
+ return optparse.OptionParser()
+
+ def redirect_output_streams(self):
+ properties = get_ambari_properties()
+
+ outFilePath = properties[SERVER_OUT_FILE_KEY]
+ if (outFilePath is None or outFilePath == ""):
+ outFilePath = configDefaults.SERVER_OUT_FILE
+
+ self._RedirectOutputStreamsToFile(outFilePath)
+ pass
+
+def ctrlHandler(ctrlType):
+ AmbariServerService.DefCtrlCHandler()
+ return True
+
+def svcsetup():
+ AmbariServerService.set_ctrl_c_handler(ctrlHandler)
+
+ scriptFile, ext = os.path.splitext(__file__.replace('/', os.sep))
+ classPath = scriptFile + "." + AmbariServerService.__name__
+
+ # we don't save password between 'setup' runs, so we can't run Install every time. We run 'setup' only if user and
+ # password provided or if service not installed
+ if (SERVICE_USERNAME_KEY in os.environ and SERVICE_PASSWORD_KEY in os.environ):
+ AmbariServerService.Install(classPath=classPath, username=os.environ[SERVICE_USERNAME_KEY], password=os.environ[SERVICE_PASSWORD_KEY])
+ elif AmbariServerService.QueryStatus() == "not installed":
+ AmbariServerService.Install(classPath)
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/windows/ambari-server.ps1
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/windows/ambari-server.ps1 b/ambari-server/src/main/windows/ambari-server.ps1
index 9afb341..92f5186 100644
--- a/ambari-server/src/main/windows/ambari-server.ps1
+++ b/ambari-server/src/main/windows/ambari-server.ps1
@@ -42,7 +42,7 @@ $AMBARI_LOG_DIR="\var\log\ambari-server"
$OUTFILE_STDOUT=Join-Path -path $AMBARI_LOG_DIR -childpath "ambari-server.stdout"
$OUTFILE_STDERR=Join-Path -path $AMBARI_LOG_DIR -childpath "ambari-server.stderr"
$LOGFILE=Join-Path -path $AMBARI_LOG_DIR -childpath "ambari-server.log"
-$AMBARI_SERVER_PY_SCRIPT=Join-Path -path $PSScriptRoot -childpath "sbin\ambari-server-windows.py"
+$AMBARI_SERVER_PY_SCRIPT=Join-Path -path $PSScriptRoot -childpath "sbin\ambari-server.py"
if($AMBARI_SERVER_PY_SCRIPT.Contains(' '))
{
$AMBARI_SERVER_PY_SCRIPT = """" + $AMBARI_SERVER_PY_SCRIPT + """"
[5/5] ambari git commit: AMBARI-8317 AMBARI-8317 Refactor the
OS-dependent Ambari Server Windows components - Part 2
Posted by fb...@apache.org.
AMBARI-8317 AMBARI-8317 Refactor the OS-dependent Ambari Server Windows components - Part 2
+Moved LDAP and HTTPS setup routines away from ambari-server.py
+Merged ambari-server-windows.py into ambari-server.py, leaving out only the Windows service wrapper and the server start routine
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/244f1879
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/244f1879
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/244f1879
Branch: refs/heads/trunk
Commit: 244f1879eb70a63a0846352b305b4c2d21e96895
Parents: 85f61a7
Author: Florian Barca <fb...@hortonworks.com>
Authored: Sat Jan 24 01:38:45 2015 -0800
Committer: Florian Barca <fb...@hortonworks.com>
Committed: Sat Jan 24 01:38:45 2015 -0800
----------------------------------------------------------------------
ambari-server/pom.xml | 3 +
.../src/main/assemblies/server-windows.xml | 10 +-
.../src/main/python/ambari-server-windows.py | 559 -----
ambari-server/src/main/python/ambari-server.py | 1921 ++++--------------
.../python/ambari_server/dbConfiguration.py | 32 +-
.../ambari_server/dbConfiguration_linux.py | 18 +-
.../ambari_server/dbConfiguration_windows.py | 24 +-
.../python/ambari_server/serverConfiguration.py | 115 +-
.../main/python/ambari_server/serverSetup.py | 55 +-
.../main/python/ambari_server/serverUpgrade.py | 21 +-
.../main/python/ambari_server/serverUtils.py | 92 +
.../main/python/ambari_server/setupActions.py | 3 -
.../src/main/python/ambari_server/setupHttps.py | 504 +++++
.../main/python/ambari_server/setupSecurity.py | 879 +++-----
.../src/main/python/ambari_server/userInput.py | 33 +
.../src/main/python/ambari_server_main.py | 361 ++++
.../src/main/python/ambari_windows_service.py | 100 +
.../src/main/windows/ambari-server.ps1 | 2 +-
.../src/test/python/TestAmbariServer.py | 1208 ++++++-----
19 files changed, 2561 insertions(+), 3379 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/pom.xml
----------------------------------------------------------------------
diff --git a/ambari-server/pom.xml b/ambari-server/pom.xml
index e01375f..9d8c88b 100644
--- a/ambari-server/pom.xml
+++ b/ambari-server/pom.xml
@@ -350,6 +350,9 @@
<location>src/main/python/ambari-server.py</location>
</source>
<source>
+ <location>src/main/python/ambari_server_main.py</location>
+ </source>
+ <source>
<location>sbin/ambari-server</location>
<filter>true</filter>
</source>
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/assemblies/server-windows.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/assemblies/server-windows.xml b/ambari-server/src/main/assemblies/server-windows.xml
index 68e3a4e..d3fa7cb 100644
--- a/ambari-server/src/main/assemblies/server-windows.xml
+++ b/ambari-server/src/main/assemblies/server-windows.xml
@@ -44,7 +44,15 @@
<outputDirectory>/ambari-server-${project.version}/keystore</outputDirectory>
</file>
<file>
- <source>${basedir}/src/main/python/ambari-server-windows.py</source>
+ <source>${basedir}/src/main/python/ambari-server.py</source>
+ <outputDirectory>/ambari-server-${project.version}/sbin</outputDirectory>
+ </file>
+ <file>
+ <source>${basedir}/src/main/python/ambari_server_main.py</source>
+ <outputDirectory>/ambari-server-${project.version}/sbin</outputDirectory>
+ </file>
+ <file>
+ <source>${basedir}/src/main/python/ambari_windows_service.py</source>
<outputDirectory>/ambari-server-${project.version}/sbin</outputDirectory>
</file>
<file>
http://git-wip-us.apache.org/repos/asf/ambari/blob/244f1879/ambari-server/src/main/python/ambari-server-windows.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server-windows.py b/ambari-server/src/main/python/ambari-server-windows.py
deleted file mode 100644
index b4d4878..0000000
--- a/ambari-server/src/main/python/ambari-server-windows.py
+++ /dev/null
@@ -1,559 +0,0 @@
-#!/usr/bin/env python
-
-'''
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-'''
-
-import optparse
-import os
-import sys
-import subprocess
-
-from ambari_commons.ambari_service import AmbariService
-from ambari_commons.exceptions import FatalException, NonFatalException
-from ambari_commons.logging_utils import print_info_msg, print_warning_msg, print_error_msg, \
- get_verbose, set_verbose, get_silent, set_silent, get_debug_mode, set_debug_mode_from_options
-from ambari_commons.os_utils import remove_file, set_open_files_limit
-from ambari_commons.os_windows import SvcStatusCallback
-
-from ambari_server import utils
-from ambari_server.dbConfiguration import DBMSConfigFactory
-from ambari_server.resourceFilesKeeper import ResourceFilesKeeper, KeeperException
-from ambari_server.serverConfiguration import find_jdk, get_ambari_classpath, get_ambari_properties, get_conf_dir, \
- get_value_from_properties, configDefaults, DEBUG_MODE_KEY, RESOURCES_DIR_DEFAULT, RESOURCES_DIR_PROPERTY, \
- SERVER_OUT_FILE_KEY, SERVICE_PASSWORD_KEY, SERVICE_USERNAME_KEY, \
- SUSPEND_START_MODE_KEY, VERBOSE_OUTPUT_KEY, PID_NAME, get_java_exe_path
-from ambari_server.serverSetup import setup, reset, is_server_running
-from ambari_server.serverUpgrade import upgrade
-from ambari_server.setupActions import SETUP_ACTION, START_ACTION, PSTART_ACTION, STOP_ACTION, RESET_ACTION, \
- STATUS_ACTION, UPGRADE_ACTION, UPGRADE_STACK_ACTION, LDAP_SETUP_ACTION, SETUP_SECURITY_ACTION, ACTION_REQUIRE_RESTART
-from ambari_server.setupSecurity import setup_ambari_krb5_jaas, setup_https, setup_ldap, setup_master_key
-from ambari_server.userInput import get_validated_string_input
-
-# debug settings
-
-SERVER_START_DEBUG = False
-SUSPEND_START_MODE = False
-
-# server commands
-ambari_provider_module_option = ""
-ambari_provider_module = os.environ.get('AMBARI_PROVIDER_MODULE')
-
-AMBARI_SERVER_DIE_MSG = "Ambari Server java process died with exitcode {0}. Check {1} for more information."
-
-if ambari_provider_module is not None:
- ambari_provider_module_option = "-Dprovider.module.class=" +\
- ambari_provider_module + " "
-
-SERVER_START_CMD = \
- "-server -XX:NewRatio=3 "\
- "-XX:+UseConcMarkSweepGC " +\
- "-XX:-UseGCOverheadLimit -XX:CMSInitiatingOccupancyFraction=60 " +\
- ambari_provider_module_option +\
- os.getenv('AMBARI_JVM_ARGS', '-Xms512m -Xmx2048m') +\
- " -cp {0}" +\
- " org.apache.ambari.server.controller.AmbariServer"
-SERVER_START_CMD_DEBUG = \
- "-server -XX:NewRatio=2 -XX:+UseConcMarkSweepGC " +\
- ambari_provider_module_option +\
- os.getenv('AMBARI_JVM_ARGS', '-Xms512m -Xmx2048m') +\
- " -Xdebug -Xrunjdwp:transport=dt_socket,address=5005,"\
- "server=y,suspend={1} -cp {0}" +\
- " org.apache.ambari.server.controller.AmbariServer"
-
-SERVER_INIT_TIMEOUT = 5
-SERVER_START_TIMEOUT = 10
-
-EXITCODE_NAME = "ambari-server.exitcode"
-
-# linux open-file limit
-ULIMIT_OPEN_FILES_KEY = 'ulimit.open.files'
-ULIMIT_OPEN_FILES_DEFAULT = 10000
-
-
-class AmbariServerService(AmbariService):
- AmbariService._svc_name_ = "Ambari Server"
- AmbariService._svc_display_name_ = "Ambari Server"
- AmbariService._svc_description_ = "Ambari Server"
-
- AmbariService._AdjustServiceVersion()
-
- # Adds the necessary script dir to the Python's modules path
- def _adjustPythonPath(self, current_dir):
- python_path = os.path.join(current_dir, "sbin")
- sys.path.insert(0, python_path)
-
- def SvcDoRun(self):
- scmStatus = SvcStatusCallback(self)
-
- properties = get_ambari_properties()
- self.options.verbose = get_value_from_properties(properties, VERBOSE_OUTPUT_KEY, self.options.verbose)
- self.options.debug = get_value_from_properties(properties, DEBUG_MODE_KEY, self.options.debug)
- self.options.suspend_start = get_value_from_properties(properties, SUSPEND_START_MODE_KEY, self.options.suspend_start)
-
- # set verbose
- set_verbose(self.options.verbose)
-
- # set silent
- set_silent(self.options.silent)
-
- self.redirect_output_streams()
-
- childProc = server_process_main(self.options, scmStatus)
-
- if not self._StopOrWaitForChildProcessToFinish(childProc):
- return
-
- pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME)
- remove_file(pid_file_path)
- pass
-
- def _InitOptionsParser(self):
- return init_options_parser()
-
- def redirect_output_streams(self):
- properties = get_ambari_properties()
-
- outFilePath = properties[SERVER_OUT_FILE_KEY]
- if (outFilePath is None or outFilePath == ""):
- outFilePath = configDefaults.SERVER_OUT_FILE
-
- self._RedirectOutputStreamsToFile(outFilePath)
- pass
-
-def ctrlHandler(ctrlType):
- AmbariServerService.DefCtrlCHandler()
- return True
-
-def svcsetup():
- AmbariServerService.set_ctrl_c_handler(ctrlHandler)
- # we don't save password between 'setup' runs, so we can't run Install every time. We run 'setup' only if user and
- # password provided or if service not installed
- if (SERVICE_USERNAME_KEY in os.environ and SERVICE_PASSWORD_KEY in os.environ):
- AmbariServerService.Install(username=os.environ[SERVICE_USERNAME_KEY], password=os.environ[SERVICE_PASSWORD_KEY])
- elif AmbariServerService.QueryStatus() == "not installed":
- AmbariServerService.Install()
- pass
-
-#
-# Starts the Ambari Server as a standalone process.
-# args:
-# <no arguments> = start the server as a process. For now, there is no restrictions for the number of server instances
-# that can run like this.
-# -s, --single-instance = Reserved for future use. When starting the server as a process, ensure only one instance of the process is running.
-# If this is the second instance of the process, the function fails.
-#
-def start(options):
- AmbariServerService.set_ctrl_c_handler(ctrlHandler)
-
- #Run as a normal process. Invoke the ServiceMain directly.
- childProc = server_process_main(options)
-
- childProc.wait()
-
- pid_file_path = os.path.join(configDefaults.PID_DIR, PID_NAME)
- remove_file(pid_file_path)
-
-#
-# Starts the Ambari Server as a service.
-# Start the server in normal mode, as a Windows service. If the Ambari server is
-# not registered as a service, the function fails. By default, only one instance of the service can
-# possibly run.
-#
-def svcstart():
- AmbariServerService.Start()
- pass
-
-def server_process_main(options, scmStatus=None):
- # debug mode, including stop Java process at startup
- try:
- set_debug_mode_from_options(options)
- except AttributeError:
- pass
-
- if not utils.check_reverse_lookup():
- print_warning_msg("The hostname was not found in the reverse DNS lookup. "
- "This may result in incorrect behavior. "
- "Please check the DNS setup and fix the issue.")
-
- properties = get_ambari_properties()
-
- print_info_msg("Ambari Server is not running...")
-
- conf_dir = get_conf_dir()
- jdk_path = find_jdk()
- if jdk_path is None:
- err = "No JDK found, please run the \"ambari-server setup\" " \
- "command to install a JDK automatically or install any " \
- "JDK manually to " + configDefaults.JDK_INSTALL_DIR
- raise FatalException(1, err)
-
- # Preparations
-
- result = ensure_dbms_is_running(options, properties, scmStatus)
- if result == -1:
- raise FatalException(-1, "Unable to connect to the database")
-
- if scmStatus is not None:
- scmStatus.reportStartPending()
-
- ensure_resources_are_organized(properties)
-
- if scmStatus is not None:
- scmStatus.reportStartPending()
-
- environ = os.environ.copy()
- ensure_server_security_is_configured(properties, environ)
-
- if scmStatus is not None:
- scmStatus.reportStartPending()
-
- conf_dir = os.path.abspath(conf_dir) + os.pathsep + get_ambari_classpath()
- if conf_dir.find(' ') != -1:
- conf_dir = '"' + conf_dir + '"'
-
- java_exe = get_java_exe_path()
- pidfile = os.path.join(configDefaults.PID_DIR, PID_NAME)
-
- debug_mode = get_debug_mode()
- debug_start = (debug_mode & 1) or SERVER_START_DEBUG
- suspend_start = (debug_mode & 2) or SUSPEND_START_MODE
-
- command_base = SERVER_START_CMD_DEBUG if debug_start else SERVER_START_CMD
- suspend_mode = 'y' if suspend_start else 'n'
- command = command_base.format(conf_dir, suspend_mode)
- if not os.path.exists(configDefaults.PID_DIR):
- os.makedirs(configDefaults.PID_DIR, 0755)
-
- set_open_files_limit(get_ulimit_open_files());
-
- #Ignore the requirement to run as root. In Windows, by default the child process inherits the security context
- # and the environment from the parent process.
- param_list = java_exe + " " + command
-
- print_info_msg("Running server: " + str(param_list))
- procJava = subprocess.Popen(param_list, env=environ)
-
- #wait for server process for SERVER_START_TIMEOUT seconds
- print "Waiting for server start..."
-
- pidJava = procJava.pid
- if pidJava <= 0:
- procJava.terminate()
- exitcode = procJava.returncode
- exitfile = os.path.join(configDefaults.PID_DIR, EXITCODE_NAME)
- utils.save_pid(exitcode, exitfile)
-
- if scmStatus is not None:
- scmStatus.reportStopPending()
-
- raise FatalException(-1, AMBARI_SERVER_DIE_MSG.format(exitcode, configDefaults.SERVER_OUT_FILE))
- else:
- utils.save_pid(pidJava, pidfile)
- print "Server PID at: "+pidfile
- print "Server out at: "+configDefaults.SERVER_OUT_FILE
- print "Server log at: "+configDefaults.SERVER_LOG_FILE
-
- if scmStatus is not None:
- scmStatus.reportStarted()
-
- return procJava
-
-#Check the JDBC driver status
-#If not found abort
-#Get SQL Server service status from SCM
-#If 'stopped' then start it
-#Wait until the status is 'started' or a configured timeout elapses
-#If the timeout has been reached, bail out with exception
-def ensure_dbms_is_running(options, properties, scmStatus):
- factory = DBMSConfigFactory()
- dbms = factory.create(options, properties, "Ambari")
- if not dbms._is_jdbc_driver_installed(properties):
- raise FatalException(-1, "JDBC driver is not installed. Run ambari-server setup and try again.")
-
- dbms.ensure_dbms_is_running(options, properties, scmStatus)
-
-def ensure_resources_are_organized(properties):
- resources_location = get_resources_location(properties)
- resource_files_keeper = ResourceFilesKeeper(resources_location)
- try:
- print "Organizing resource files at {0}...".format(resources_location,
- verbose=get_verbose())
- resource_files_keeper.perform_housekeeping()
- except KeeperException, ex:
- msg = "Can not organize resource files at {0}: {1}".format(
- resources_location, str(ex))
- raise FatalException(-1, msg)
-
-
-def ensure_server_security_is_configured(properties, environ):
- pass
-
-
-#
-# Stops the Ambari Server.
-#
-def svcstop():
- AmbariServerService.Stop()
-
-
-### Stack upgrade ###
-
-def get_resources_location(properties):
- res_location = properties[RESOURCES_DIR_PROPERTY]
- if res_location is None:
- res_location = RESOURCES_DIR_DEFAULT
- return res_location
-# pass
-
-
-#
-# The Ambari Server status.
-#
-def svcstatus(options):
- options.exit_message = None
-
- statusStr = AmbariServerService.QueryStatus()
- print "Ambari Server is " + statusStr
-
-
-def get_ulimit_open_files():
- properties = get_ambari_properties()
- if properties == -1:
- print "Error reading ambari properties"
- return None
-
- open_files = int(properties[ULIMIT_OPEN_FILES_KEY])
- if open_files > 0:
- return open_files
- else:
- return ULIMIT_OPEN_FILES_DEFAULT
-
-
-def init_options_parser():
- parser = optparse.OptionParser(usage="usage: %prog action [options] [stack_id os]", )
- #parser.add_option('-i', '--create-db-script-file', dest="create_db_script_file",
- # default="resources" + os.sep + "Ambari-DDL-SQLServer-CREATELOCAL.sql",
- # help="File with database creation script")
- parser.add_option('-f', '--init-script-file', dest="init_db_script_file",
- default="resources" + os.sep + "Ambari-DDL-SQLServer-CREATE.sql",
- help="File with database setup script")
- parser.add_option('-r', '--drop-script-file', dest="cleanup_db_script_file",
- default="resources" + os.sep + "Ambari-DDL-SQLServer-DROP.sql",
- help="File with database cleanup script")
- parser.add_option('-j', '--java-home', dest="java_home", default=None,
- help="Use specified java_home. Must be valid on all hosts")
- parser.add_option("-v", "--verbose",
- action="store_true", dest="verbose", default=False,
- help="Print verbose status messages")
- parser.add_option("-s", "--silent",
- action="store_true", dest="silent", default=False,
- help="Silently accepts default prompt values")
- parser.add_option('-g', '--debug', action="store_true", dest='debug', default=False,
- help="Start ambari-server in debug mode")
- parser.add_option('-y', '--suspend-start', action="store_true", dest='suspend_start', default=False,
- help="Freeze ambari-server Java process at startup in debug mode")
-
- parser.add_option('-a', '--databasehost', dest="database_host", default=None,
- help="Hostname of database server")
- parser.add_option('-n', '--databaseport', dest="database_port", default=None,
- help="Database server listening port")
- parser.add_option('-d', '--databasename', dest="database_name", default=None,
- help="Database/Schema/Service name or ServiceID")
- parser.add_option('-w', '--windowsauth', action="store_true", dest="database_windows_auth", default=None,
- help="Integrated Windows authentication")
- parser.add_option('-u', '--databaseusername', dest="database_username", default=None,
- help="Database user login")
- parser.add_option('-p', '--databasepassword', dest="database_password", default=None,
- help="Database user password")
- parser.add_option('--jdbc-driver', default=None, dest="jdbc_driver",
- help="Specifies the path to the JDBC driver JAR file for the " \
- "database type specified with the --jdbc-db option. Used only with --jdbc-db option.")
- # -b, -i, -k and -x the remaining available short options
- # -h reserved for help
- return parser
-
-def are_cmd_line_db_args_blank(options):
- if (options.database_host is None \
- and options.database_name is None \
- and options.database_windows_auth is None \
- and options.database_username is None \
- and options.database_password is None):
- return True
- return False
-
-
-def are_db_auth_options_ok(db_windows_auth, db_username, db_password):
- if db_windows_auth is True:
- return True
- else:
- if db_username is not None and db_username is not "" and db_password is not None and db_password is not "":
- return True
- return False
-
-def are_cmd_line_db_args_valid(options):
- if (options.database_host is not None and options.database_host is not "" \
- #and options.database_name is not None \ # ambari by default is ok
- and are_db_auth_options_ok(options.database_windows_auth,
- options.database_username,
- options.database_password)):
- return True
- return False
-
-
-def setup_security(args):
- need_restart = True
- #Print menu options
- print '=' * 75
- print 'Choose one of the following options: '
- print ' [1] Enable HTTPS for Ambari server.'
- print ' [2] Encrypt passwords stored in ambari.properties file.'
- print ' [3] Setup Ambari kerberos JAAS configuration.'
- print '=' * 75
- choice = get_validated_string_input('Enter choice, (1-3): ', '0', '[1-3]',
- 'Invalid choice', False, False)
-
- if choice == '1':
- need_restart = setup_https(args)
- elif choice == '2':
- setup_master_key()
- elif choice == '3':
- setup_ambari_krb5_jaas()
- else:
- raise FatalException('Unknown option for setup-security command.')
-
- return need_restart
-
-#
-# Main.
-#
-def main():
- parser = init_options_parser()
- (options, args) = parser.parse_args()
-
- #perform checks
- options.warnings = []
- options.must_set_database_options = False
-
- if are_cmd_line_db_args_blank(options):
- options.must_set_database_options = True
-
- elif not are_cmd_line_db_args_valid(options):
- parser.error('All database options should be set. Please see help for the options.')
-
- # set verbose
- set_verbose(options.verbose)
-
- # set silent
- set_silent(options.silent)
-
- ## jdbc driver and db options validation
- #if options.jdbc_driver is None and options.jdbc_db is not None:
- # parser.error("Option --jdbc-db is used only in pair with --jdbc-driver")
- #elif options.jdbc_driver is not None and options.jdbc_db is None:
- # parser.error("Option --jdbc-driver is used only in pair with --jdbc-db")
-
- if options.debug:
- sys.frozen = 'windows_exe' # Fake py2exe so we can debug
-
- if len(args) == 0:
- print parser.print_help()
- parser.error("No action entered")
-
- action = args[0]
-
- if action == UPGRADE_STACK_ACTION:
- possible_args_numbers = [2,4] # OR
- else:
- possible_args_numbers = [1]
-
- matches = 0
- for args_number_required in possible_args_numbers:
- matches += int(len(args) == args_number_required)
-
- if matches == 0:
- print parser.print_help()
- possible_args = ' or '.join(str(x) for x in possible_args_numbers)
- parser.error("Invalid number of arguments. Entered: " + str(len(args)) + ", required: " + possible_args)
-
- options.exit_message = "Ambari Server '%s' completed successfully." % action
- need_restart = True
- try:
- if action == SETUP_ACTION:
- setup(options)
- svcsetup()
- elif action == START_ACTION:
- svcstart()
- elif action == PSTART_ACTION:
- start(options)
- elif action == STOP_ACTION:
- svcstop()
- elif action == RESET_ACTION:
- reset(options, AmbariServerService)
- elif action == STATUS_ACTION:
- svcstatus(options)
- elif action == UPGRADE_ACTION:
- upgrade(options)
-# elif action == UPGRADE_STACK_ACTION:
-# stack_id = args[1]
-# repo_url = None
-# repo_url_os = None
-#
-# if len(args) > 2:
-# repo_url = args[2]
-# if len(args) > 3:
-# repo_url_os = args[3]
-#
-# upgrade_stack(options, stack_id, repo_url, repo_url_os)
- elif action == LDAP_SETUP_ACTION:
- setup_ldap()
- elif action == SETUP_SECURITY_ACTION:
- need_restart = setup_security(options)
- else:
- parser.error("Invalid action")
-
- if action in ACTION_REQUIRE_RESTART and need_restart:
- status, stateDesc = is_server_running(AmbariServerService)
- if status:
- print 'NOTE: Restart Ambari Server to apply changes' + \
- ' ("ambari-server restart|stop|start")'
-
- if options.warnings:
- for warning in options.warnings:
- print_warning_msg(warning)
- pass
- options.exit_message = "Ambari Server '%s' completed with warnings." % action
- pass
- except FatalException as e:
- if e.reason is not None:
- print_error_msg("Exiting with exit code {0}. \nREASON: {1}".format(e.code, e.reason))
- sys.exit(e.code)
- except NonFatalException as e:
- options.exit_message = "Ambari Server '%s' completed with warnings." % action
- if e.reason is not None:
- print_warning_msg(e.reason)
-
- if options.exit_message is not None:
- print options.exit_message
-
-
-if __name__ == "__main__":
- try:
- main()
- except (KeyboardInterrupt, EOFError):
- print("\nAborting ... Keyboard Interrupt.")
- sys.exit(1)
\ No newline at end of file