You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ma...@apache.org on 2013/10/05 00:42:09 UTC
git commit: AMBARI-3461. In Oracle6 cannot start services after
enabling security. (Andrew Onischuk via mahadev)
Updated Branches:
refs/heads/trunk 2339fa99c -> 41d6de75d
AMBARI-3461. In Oracle6 cannot start services after enabling security. (Andrew Onischuk via mahadev)
Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/41d6de75
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/41d6de75
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/41d6de75
Branch: refs/heads/trunk
Commit: 41d6de75df76323b00c5b94ddcf174a0dcde0de6
Parents: 2339fa9
Author: Mahadev Konar <ma...@apache.org>
Authored: Fri Oct 4 15:38:32 2013 -0700
Committer: Mahadev Konar <ma...@apache.org>
Committed: Fri Oct 4 15:38:37 2013 -0700
----------------------------------------------------------------------
.../modules/hdp/manifests/java/jce/package.pp | 6 ++--
ambari-server/src/main/python/ambari-server.py | 33 +++++++++++---------
.../src/test/python/TestAmbariServer.py | 10 ++----
3 files changed, 24 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/41d6de75/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp
index 5b2815a..41b8bc9 100644
--- a/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp
+++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/java/jce/package.pp
@@ -39,7 +39,7 @@ define hdp::java::jce::package(
# may be check the file sizes for local_policy and export_US policy jars?
# UNLESS => "test -e ${java_exec}"
# curl -k - ignoring unverified server ssl sertificate,
- $curl_cmd = "mkdir -p ${artifact_dir}; curl -kf --retry 10 ${jce_location}/${jce_policy_zip} -o ${jce_curl_target}"
+ $curl_cmd = "mkdir -p ${artifact_dir}; curl -kf --retry 10 ${jce_location}/${jce_policy_zip} -o ${jce_curl_target}; echo 0"
exec{ "jce-download ${name}":
command => $curl_cmd,
creates => $jce_curl_target,
@@ -48,10 +48,10 @@ define hdp::java::jce::package(
}
$security_dir = "${java_home_dir}/jre/lib/security"
- $cmd = "rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q ${jce_curl_target}"
+ $cmd = "rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q ${jce_curl_target}"
exec { "jce-install ${name}":
command => $cmd,
- onlyif => "test -e ${security_dir}",
+ onlyif => "test -e ${security_dir} && test -f ${jce_curl_target}",
cwd => $security_dir,
path => ['/bin/','/usr/bin']
}
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/41d6de75/ambari-server/src/main/python/ambari-server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py
index 18545df..1e98985 100755
--- a/ambari-server/src/main/python/ambari-server.py
+++ b/ambari-server/src/main/python/ambari-server.py
@@ -1620,11 +1620,11 @@ def install_jce_manualy(args):
raise FatalException(-1, err)
else:
return 1
+
#
# Downloads the JDK
#
def download_jdk(args):
- jce_installed = install_jce_manualy(args)
properties = get_ambari_properties()
if properties == -1:
err = "Error getting ambari properties"
@@ -1637,6 +1637,12 @@ def download_jdk(args):
print_warning_msg("JAVA_HOME " + args.java_home
+ " must be valid on ALL hosts")
write_property(JAVA_HOME_PROPERTY, args.java_home)
+
+ warn = "JCE Policy files are required for configuring Kerberos security. If you plan to use Kerberos," \
+ "please make sure JCE Unlimited Strength Jurisdiction Policy Files are valid on all hosts."
+ print_warning_msg(warn)
+
+ return 0
else:
try:
jdk_url = properties[JDK_URL_PROPERTY]
@@ -1739,16 +1745,15 @@ def download_jdk(args):
write_property(JAVA_HOME_PROPERTY, "{0}/{1}".
format(JDK_INSTALL_DIR, jdk_version))
- if jce_installed != 0:
- try:
- download_jce_policy(properties, ok)
- except FatalException as e:
- print "JCE Policy files are required for configuring Kerberos security. Please ensure " \
- " all hosts have the JCE Unlimited Strength Jurisdiction Policy Files."
- print_error_msg("Failed to download JCE Policy files:")
- if e.reason is not None:
- print_error_msg("Reason: {0}".format(e.reason))
- # TODO: We don't fail installation if download_jce_policy fails. Is it OK?
+ try:
+ download_jce_policy(properties, ok)
+ except FatalException as e:
+ print "JCE Policy files are required for secure HDP setup. Please ensure " \
+ " all hosts have the JCE unlimited strength policy 6, files."
+ print_error_msg("Failed to download JCE policy files:")
+ if e.reason is not None:
+ print_error_msg("Reason: {0}".format(e.reason))
+ # TODO: We don't fail installation if download_jce_policy fails. Is it OK?
return 0
@@ -1878,6 +1883,7 @@ def get_JAVA_HOME():
return None
java_home = properties[JAVA_HOME_PROPERTY]
+
if (not 0 == len(java_home)) and (os.path.exists(java_home)):
return java_home
@@ -3718,9 +3724,8 @@ def main():
help="Use specified java_home. Must be valid on all hosts")
parser.add_option('-i', '--jdk-location', dest="jdk_location", default=None,
help="Use specified JDK file in local filesystem instead of downloading")
- parser.add_option('-c', '--jce-policy', default=None,
- help="Use specified jce_policy. Must be valid on "
- "ambari server host", dest="jce_policy")
+ #parser.add_option('-c', '--jce-policy', default=None,
+ # help="Use specified jce_policy. Must be valid on all hosts", dest="jce_policy")
parser.add_option("-v", "--verbose",
action="store_true", dest="verbose", default=False,
help="Print verbose status messages")
http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/41d6de75/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index 7be36c2..8be692a 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -1041,8 +1041,7 @@ class TestAmbariServer(TestCase):
self.assertTrue(f.flush.called)
self.assertTrue(f.close.called)
self.assertEqual(2, len(dlprogress_mock.call_args_list))
-
-
+
@patch("shutil.copy")
@patch("os.path.join")
@patch("os.path.exists")
@@ -1100,7 +1099,6 @@ class TestAmbariServer(TestCase):
args.jce_policy = None
ambari_server.install_jce_manualy(args)
-
@patch.object(ambari_server, 'read_ambari_user')
@patch.object(ambari_server, "get_validated_string_input")
@patch.object(ambari_server, "find_properties_file")
@@ -1620,7 +1618,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
self.assertTrue(failed)
- @patch.object(ambari_server, "install_jce_manualy")
@patch("os.stat")
@patch("os.path.isfile")
@patch("os.path.exists")
@@ -1636,8 +1633,7 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
def test_download_jdk(self, exit_mock, copyfile_mock, get_ambari_properties_mock, get_JAVA_HOME_mock, \
print_info_msg_mock, write_property_mock, \
run_os_command_mock, get_YN_input_mock, track_jdk_mock,
- path_existsMock, path_isfileMock, statMock, \
- install_jce_manualy_mock):
+ path_existsMock, path_isfileMock, statMock):
args = MagicMock()
args.java_home = "somewhere"
path_existsMock.return_value = False
@@ -1739,7 +1735,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
p.__getitem__.return_value = "somewhere"
get_JAVA_HOME_mock.return_value = True
path_existsMock.return_value = True
- install_jce_manualy_mock.return_value = 1
with patch.object(ambari_server, "download_jce_policy") as download_jce_policy_mock:
rcode = ambari_server.download_jdk(args)
self.assertTrue(download_jce_policy_mock.called)
@@ -1750,7 +1745,6 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV
path_existsMock.return_value = True
path_existsMock.side_effect = None
get_JAVA_HOME_mock.return_value = True
- install_jce_manualy_mock.return_value = 0
rcode = ambari_server.download_jdk(args)
self.assertTrue(write_property_mock.called)