You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Tom Beerbower <tb...@hortonworks.com> on 2016/01/13 20:01:20 UTC
Review Request 42256: Create JAAS config for Atlas.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42256/
-----------------------------------------------------------
Review request for Ambari, atlas, John Speidel, and Robert Levas.
Bugs: AMBARI-14628
https://issues.apache.org/jira/browse/AMBARI-14628
Repository: ambari
Description
-------
Ambari should create the JAAS config for Atlas automatically when the cluster is Kerberized.
When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate.
Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=false
storeKey=true
doNotPrompt=false
keyTab="<atlas keytab>"
principal="<atlas principal>";
};
Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the above Atlas JAAS configuration file.
For example, {{-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf}}.
Diffs
-----
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/atlas-env.xml 2935e8f
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 8c17214
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py df8b772
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/templates/atlas_jaas.conf.j2 PRE-CREATION
ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 2bd02c7
ambari-server/src/test/python/stacks/2.3/configs/secure.json PRE-CREATION
Diff: https://reviews.apache.org/r/42256/diff/
Testing
-------
Manual tested in kerberized cluster with Atlas.
All unit tests pass ...
mvn clean test
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:02 h
[INFO] Finished at: 2016-01-13T13:57:37-05:00
[INFO] Final Memory: 41M/1499M
[INFO] ------------------------------------------------------------------------
Thanks,
Tom Beerbower
Re: Review Request 42256: Create JAAS config for Atlas.
Posted by bhuvnesh chaudhary <bc...@pivotal.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42256/#review114259
-----------------------------------------------------------
Ship it!
Ship It!
- bhuvnesh chaudhary
On Jan. 13, 2016, 7:01 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42256/
> -----------------------------------------------------------
>
> (Updated Jan. 13, 2016, 7:01 p.m.)
>
>
> Review request for Ambari, atlas, John Speidel, and Robert Levas.
>
>
> Bugs: AMBARI-14628
> https://issues.apache.org/jira/browse/AMBARI-14628
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Ambari should create the JAAS config for Atlas automatically when the cluster is Kerberized.
>
> When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate.
>
> Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
>
> Client {
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> useTicketCache=false
> storeKey=true
> doNotPrompt=false
> keyTab="<atlas keytab>"
> principal="<atlas principal>";
> };
>
> Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the above Atlas JAAS configuration file.
> For example, {{-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf}}.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/atlas-env.xml 2935e8f
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 8c17214
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py df8b772
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/templates/atlas_jaas.conf.j2 PRE-CREATION
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 2bd02c7
> ambari-server/src/test/python/stacks/2.3/configs/secure.json PRE-CREATION
>
> Diff: https://reviews.apache.org/r/42256/diff/
>
>
> Testing
> -------
>
> Manual tested in kerberized cluster with Atlas.
>
> All unit tests pass ...
>
> mvn clean test
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:02 h
> [INFO] Finished at: 2016-01-13T13:57:37-05:00
> [INFO] Final Memory: 41M/1499M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>
Re: Review Request 42256: Create JAAS config for Atlas.
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42256/#review114276
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Levas
On Jan. 13, 2016, 3:36 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42256/
> -----------------------------------------------------------
>
> (Updated Jan. 13, 2016, 3:36 p.m.)
>
>
> Review request for Ambari, atlas, John Speidel, and Robert Levas.
>
>
> Bugs: AMBARI-14628
> https://issues.apache.org/jira/browse/AMBARI-14628
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Ambari should create the JAAS config for Atlas automatically when the cluster is Kerberized.
>
> When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate.
>
> Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
>
> Client {
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> useTicketCache=false
> storeKey=true
> doNotPrompt=false
> keyTab="<atlas keytab>"
> principal="<atlas principal>";
> };
>
> Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the above Atlas JAAS configuration file.
> For example, {{-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf}}.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/atlas-env.xml 2935e8f
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 8c17214
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py df8b772
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/templates/atlas_jaas.conf.j2 PRE-CREATION
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 2bd02c7
> ambari-server/src/test/python/stacks/2.3/configs/secure.json PRE-CREATION
>
> Diff: https://reviews.apache.org/r/42256/diff/
>
>
> Testing
> -------
>
> Manual tested in kerberized cluster with Atlas.
>
> All unit tests pass ...
>
> mvn clean test
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:02 h
> [INFO] Finished at: 2016-01-13T13:57:37-05:00
> [INFO] Final Memory: 41M/1499M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>
Re: Review Request 42256: Create JAAS config for Atlas.
Posted by Tom Beerbower <tb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42256/
-----------------------------------------------------------
(Updated Jan. 13, 2016, 8:36 p.m.)
Review request for Ambari, atlas, John Speidel, and Robert Levas.
Bugs: AMBARI-14628
https://issues.apache.org/jira/browse/AMBARI-14628
Repository: ambari
Description
-------
Ambari should create the JAAS config for Atlas automatically when the cluster is Kerberized.
When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate.
Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=false
storeKey=true
doNotPrompt=false
keyTab="<atlas keytab>"
principal="<atlas principal>";
};
Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the above Atlas JAAS configuration file.
For example, {{-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf}}.
Diffs (updated)
-----
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/atlas-env.xml 2935e8f
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 8c17214
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py df8b772
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/templates/atlas_jaas.conf.j2 PRE-CREATION
ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 2bd02c7
ambari-server/src/test/python/stacks/2.3/configs/secure.json PRE-CREATION
Diff: https://reviews.apache.org/r/42256/diff/
Testing
-------
Manual tested in kerberized cluster with Atlas.
All unit tests pass ...
mvn clean test
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:02 h
[INFO] Finished at: 2016-01-13T13:57:37-05:00
[INFO] Final Memory: 41M/1499M
[INFO] ------------------------------------------------------------------------
Thanks,
Tom Beerbower
Re: Review Request 42256: Create JAAS config for Atlas.
Posted by Tom Beerbower <tb...@hortonworks.com>.
> On Jan. 13, 2016, 7:09 p.m., bhuvnesh chaudhary wrote:
> > ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py, line 95
> > <https://reviews.apache.org/r/42256/diff/1/?file=1195829#file1195829line95>
> >
> > minor, if you want may be you can use params.atlas_jaas_file here.
Good catch Bhuvnesh. I'll make the change. Thanks for the review!
- Tom
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42256/#review114258
-----------------------------------------------------------
On Jan. 13, 2016, 7:01 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42256/
> -----------------------------------------------------------
>
> (Updated Jan. 13, 2016, 7:01 p.m.)
>
>
> Review request for Ambari, atlas, John Speidel, and Robert Levas.
>
>
> Bugs: AMBARI-14628
> https://issues.apache.org/jira/browse/AMBARI-14628
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Ambari should create the JAAS config for Atlas automatically when the cluster is Kerberized.
>
> When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate.
>
> Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
>
> Client {
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> useTicketCache=false
> storeKey=true
> doNotPrompt=false
> keyTab="<atlas keytab>"
> principal="<atlas principal>";
> };
>
> Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the above Atlas JAAS configuration file.
> For example, {{-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf}}.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/atlas-env.xml 2935e8f
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 8c17214
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py df8b772
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/templates/atlas_jaas.conf.j2 PRE-CREATION
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 2bd02c7
> ambari-server/src/test/python/stacks/2.3/configs/secure.json PRE-CREATION
>
> Diff: https://reviews.apache.org/r/42256/diff/
>
>
> Testing
> -------
>
> Manual tested in kerberized cluster with Atlas.
>
> All unit tests pass ...
>
> mvn clean test
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:02 h
> [INFO] Finished at: 2016-01-13T13:57:37-05:00
> [INFO] Final Memory: 41M/1499M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>
Re: Review Request 42256: Create JAAS config for Atlas.
Posted by bhuvnesh chaudhary <bc...@pivotal.io>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42256/#review114258
-----------------------------------------------------------
ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py (line 95)
<https://reviews.apache.org/r/42256/#comment175059>
minor, if you want may be you can use params.atlas_jaas_file here.
- bhuvnesh chaudhary
On Jan. 13, 2016, 7:01 p.m., Tom Beerbower wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42256/
> -----------------------------------------------------------
>
> (Updated Jan. 13, 2016, 7:01 p.m.)
>
>
> Review request for Ambari, atlas, John Speidel, and Robert Levas.
>
>
> Bugs: AMBARI-14628
> https://issues.apache.org/jira/browse/AMBARI-14628
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Ambari should create the JAAS config for Atlas automatically when the cluster is Kerberized.
>
> When Atlas is configured with HBase as the storage backend in a secure cluster, a JAAS configuration file should be created and specified so that the HBase client can attempt to SASL-authenticate.
>
> Create Atlas JAAS configuration file (e.g. /etc/atlas/conf/atlas-jaas.conf).
>
> Client {
> com.sun.security.auth.module.Krb5LoginModule required
> useKeyTab=true
> useTicketCache=false
> storeKey=true
> doNotPrompt=false
> keyTab="<atlas keytab>"
> principal="<atlas principal>";
> };
>
> Update Atlas METADATA_OPTS to include ‘java.security.auth.login.config’ set to the above Atlas JAAS configuration file.
> For example, {{-Djava.security.auth.login.config=/etc/atlas/conf/atlas-jaas.conf}}.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/configuration/atlas-env.xml 2935e8f
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py 8c17214
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py df8b772
> ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/templates/atlas_jaas.conf.j2 PRE-CREATION
> ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py 2bd02c7
> ambari-server/src/test/python/stacks/2.3/configs/secure.json PRE-CREATION
>
> Diff: https://reviews.apache.org/r/42256/diff/
>
>
> Testing
> -------
>
> Manual tested in kerberized cluster with Atlas.
>
> All unit tests pass ...
>
> mvn clean test
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:02 h
> [INFO] Finished at: 2016-01-13T13:57:37-05:00
> [INFO] Final Memory: 41M/1499M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Tom Beerbower
>
>