You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2013/04/02 00:23:20 UTC
svn commit: r1463323 - in /incubator/ambari/trunk: ./
ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/
ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/
ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/con...
Author: jaimin
Date: Mon Apr 1 22:23:20 2013
New Revision: 1463323
URL: http://svn.apache.org/r1463323
Log:
AMBARI-1763. Integrate Frontend security work to enable security on HBase and ZooKeeper. (jaimin)
Modified:
incubator/ambari/trunk/CHANGES.txt
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp
incubator/ambari/trunk/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml
incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step2.js
incubator/ambari/trunk/ambari-web/app/controllers/wizard/step8_controller.js
incubator/ambari/trunk/ambari-web/app/data/secure_configs.js
incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js
incubator/ambari/trunk/ambari-web/app/data/secure_properties.js
Modified: incubator/ambari/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/CHANGES.txt?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/CHANGES.txt (original)
+++ incubator/ambari/trunk/CHANGES.txt Mon Apr 1 22:23:20 2013
@@ -12,6 +12,9 @@ Trunk (unreleased changes):
NEW FEATURES
+ AMBARI-1763. Integrate Frontend security work to enable security on
+ HBase and ZooKeeper. (jaimin)
+
AMBARI-1754. Add support to ensure that Ambari Server/Agent/Store are all of
compatible version. (smohanty)
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/init.pp Mon Apr 1 22:23:20 2013
@@ -49,9 +49,6 @@ class hdp-oozie(
}
}
- $oozie-site = $configuration['oozie-site']
- $oozie_principal = $oozie-site["oozie.service.HadoopAccessorService.kerberos.principal"]
-
if ($service_state == 'uninstalled') {
hdp::package { 'oozie-client' :
ensure => 'uninstalled'
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-oozie/manifests/service.pp Mon Apr 1 22:23:20 2013
@@ -37,7 +37,7 @@ class hdp-oozie::service(
$security = $hdp::params::security_enabled
$oozie_keytab = $hdp-oozie::params::oozie_service_keytab
- $oozie_principal = $hdp-oozie::oozie_principal
+ $oozie_principal = $configuration['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal']
$jdbc_driver_name = $configuration['oozie-site']['oozie.service.JPAService.jdbc.driver']
if ($jdbc_driver_name == "com.mysql.jdbc.Driver"){
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp Mon Apr 1 22:23:20 2013
@@ -28,7 +28,7 @@ class hdp-templeton::templeton::service_
} else {
$security = "false"
}
- $kinit_path_local = $hdp::param::kinit_path_local
+ $kinit_path_local = $hdp::params::kinit_path_local
$smoke_user_keytab = "${hdp-templeton::params::keytab_path}/${smoke_test_user}.headless.keytab"
$templeton_host = $hdp::params::webhcat_server_host
Modified: incubator/ambari/trunk/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml (original)
+++ incubator/ambari/trunk/ambari-server/src/main/resources/stacks/HDP/1.3.0/services/HBASE/configuration/hbase-site.xml Mon Apr 1 22:23:20 2013
@@ -252,7 +252,7 @@
<!-- Additional configuration specific to HBase security -->
<property>
<name>hbase.superuser</name>
- <value>hbase</value>
+ <value></value>
<description>List of users or groups (comma-separated), who are allowed
full privileges, regardless of stored ACLs, across the cluster.
Only used when HBase security is enabled.
Modified: incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step2.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step2.js?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step2.js (original)
+++ incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step2.js Mon Apr 1 22:23:20 2013
@@ -80,9 +80,12 @@ App.MainAdminSecurityAddStep2Controller
serviceName: _serviceConfig.serviceName,
displayName: _serviceConfig.displayName,
configCategories: _serviceConfig.configCategories,
- showConfig: true,
+ showConfig: false,
configs: []
});
+ if (serviceConfigs.someProperty('serviceName', serviceConfig.serviceName)) {
+ serviceConfig.showConfig = true;
+ }
this.loadComponentConfigs(_serviceConfig, serviceConfig);
Modified: incubator/ambari/trunk/ambari-web/app/controllers/wizard/step8_controller.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/controllers/wizard/step8_controller.js?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/controllers/wizard/step8_controller.js (original)
+++ incubator/ambari/trunk/ambari-web/app/controllers/wizard/step8_controller.js Mon Apr 1 22:23:20 2013
@@ -1094,6 +1094,9 @@ App.WizardStep8Controller = Em.Controlle
masterHosts.filterProperty('component', 'NAGIOS_SERVER').filterProperty('isInstalled', false).forEach(function (_masterHost) {
hostNames.pushObject(_masterHost.hostName);
}, this);
+ masterHosts.filterProperty('component', 'HIVE_SERVER').filterProperty('isInstalled', false).forEach(function (_masterHost) {
+ hostNames.pushObject(_masterHost.hostName);
+ }, this);
break;
case 'HCAT':
Modified: incubator/ambari/trunk/ambari-web/app/data/secure_configs.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/data/secure_configs.js?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/data/secure_configs.js (original)
+++ incubator/ambari/trunk/ambari-web/app/data/secure_configs.js Mon Apr 1 22:23:20 2013
@@ -90,21 +90,17 @@ module.exports = [
App.ServiceConfigCategory.create({ name: 'RegionServer', displayName: 'RegionServer'})
],
sites: ['hbase-site'],
-
configs: configProperties.filterProperty('serviceName', 'HBASE')
},
- /*
{
serviceName: 'ZOOKEEPER',
displayName: 'ZooKeeper',
configCategories: [
- App.ServiceConfigCategory.create({ name: 'ZooKeeper'})
+ App.ServiceConfigCategory.create({ name: 'ZooKeeper Server'})
],
configs: configProperties.filterProperty('serviceName', 'ZOOKEEPER')
},
- */
-
{
serviceName: 'OOZIE',
displayName: 'Oozie',
Modified: incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js (original)
+++ incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js Mon Apr 1 22:23:20 2013
@@ -34,9 +34,9 @@ module.exports = [
{
"name": "hadoop.security.auth_to_local",
- "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user", "regionserver_primary_name"],
+ "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"],
"foreignKey": null,
- "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ RULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
+ "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
"filename": "core-site.xml"
},
{
@@ -153,7 +153,7 @@ module.exports = [
},
{
"name": "hbase.master.kerberos.principal",
- "templateName": ["hbase_master_primary_name", "kerberos_domain"],
+ "templateName": ["hbase_primary_name", "kerberos_domain"],
"foreignKey": null,
"value": "<templateName[0]>@<templateName[1]>",
"filename": "hbase-site.xml"
@@ -167,7 +167,7 @@ module.exports = [
},
{
"name": "hbase.regionserver.kerberos.principal",
- "templateName": ["regionserver_primary_name", "kerberos_domain"],
+ "templateName": ["hbase_primary_name", "kerberos_domain"],
"foreignKey": null,
"value": "<templateName[0]>@<templateName[1]>",
"filename": "hbase-site.xml"
@@ -279,9 +279,9 @@ module.exports = [
},
{
"name": "oozie.authentication.kerberos.name.rules",
- "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_master_primary_name", "hbase_user", "regionserver_primary_name"],
+ "templateName": ["jobtracker_primary_name", "kerberos_domain", "mapred_user", "tasktracker_primary_name", "namenode_primary_name", "hdfs_user", "datanode_primary_name", "hbase_primary_name", "hbase_user"],
"foreignKey": null,
- "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ RULE:[2:$1@$0](<templateName[9]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
+ "value": "RULE:[2:$1@$0](<templateName[0]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[3]>@.*<templateName[1]>)s/.*/<templateName[2]>/ RULE:[2:$1@$0](<templateName[4]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[6]>@.*<templateName[1]>)s/.*/<templateName[5]>/ RULE:[2:$1@$0](<templateName[7]>@.*<templateName[1]>)s/.*/<templateName[8]>/ DEFAULT",
"filename": "oozie-site.xml"
},
{
Modified: incubator/ambari/trunk/ambari-web/app/data/secure_properties.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/data/secure_properties.js?rev=1463323&r1=1463322&r2=1463323&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/data/secure_properties.js (original)
+++ incubator/ambari/trunk/ambari-web/app/data/secure_properties.js Mon Apr 1 22:23:20 2013
@@ -149,20 +149,6 @@ module.exports =
"serviceName": "HDFS",
"category": "General"
},
- /*
- {
- "id": "puppet var",
- "name": "snamenode_primary_name",
- "displayName": "Primary name",
- "value": "",
- "defaultValue": "sn",
- "description": "Primary name for SecondaryNameNode",
- "displayType": "principal",
- "isVisible": true,
- "serviceName": "HDFS",
- "category": "SNameNode"
- },
- */
{
"id": "puppet var",
"name": "snamenode_keytab",
@@ -259,10 +245,10 @@ module.exports =
//HBASE
{
"id": "puppet var",
- "name": "hbase_master_primary_name",
+ "name": "hbase_primary_name",
"displayName": "Primary name",
"value": "",
- "defaultValue": "hm",
+ "defaultValue": "hbase",
"description": "Primary name for HBase master",
"displayType": "principal",
"isVisible": true,
@@ -275,7 +261,7 @@ module.exports =
"name": "hbase_master_keytab",
"displayName": "Path to Keytab file",
"value": "",
- "defaultValue": "/etc/security/keytabs",
+ "defaultValue": "/etc/security/keytabs/hm.service.keytab",
"description": "keytab for HBase master",
"displayType": "directory",
"isVisible": true,
@@ -285,23 +271,10 @@ module.exports =
},
{
"id": "puppet var",
- "name": "regionserver_primary_name",
- "displayName": "Primary name",
- "value": "",
- "defaultValue": "rs",
- "description": "Primary name for regionServer",
- "displayType": "principal",
- "isVisible": true,
- "isOverrideable": false,
- "serviceName": "HBASE",
- "category": "RegionServer"
- },
- {
- "id": "puppet var",
"name": "regionserver_keytab",
"displayName": "Path to Keytab file",
"value": "",
- "defaultValue": "/etc/security/keytabs",
+ "defaultValue": "/etc/security/keytabs/rs.service.keytab",
"description": "keytab for RegionServer",
"displayType": "directory",
"isVisible": true,
@@ -478,6 +451,34 @@ module.exports =
"isOverrideable": false,
"serviceName": "NAGIOS",
"category": "General"
+ },
+
+ //ZooKeeper
+ {
+ "id": "puppet var",
+ "name": "zooKeeper_primary_name",
+ "displayName": "Primary name",
+ "value": "",
+ "defaultValue": "zk",
+ "description": "Primary name for ZooKeeper",
+ "displayType": "principal",
+ "isVisible": true,
+ "isOverrideable": false,
+ "serviceName": "ZOOKEEPER",
+ "category": "ZooKeeper Server"
+ },
+ {
+ "id": "puppet var",
+ "name": "zooKeeper_keytab",
+ "displayName": "Path to keytab file",
+ "value": "",
+ "defaultValue": "/etc/security/keytabs/zk.service.keytab",
+ "description": "Keytab for ZooKeeper",
+ "displayType": "directory",
+ "isVisible": true,
+ "isOverrideable": false,
+ "serviceName": "ZOOKEEPER",
+ "category": "ZooKeeper Server"
}
]