You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2015/08/17 20:17:01 UTC
ambari git commit: AMBARI-12756. Generate KafkaClient JaaS for Storm
if Kafka is Kerberoized. (sriharsha via jaimin)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1.1 398bd0a12 -> 5e4782a20
AMBARI-12756. Generate KafkaClient JaaS for Storm if Kafka is Kerberoized. (sriharsha via jaimin)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5e4782a2
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5e4782a2
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5e4782a2
Branch: refs/heads/branch-2.1.1
Commit: 5e4782a20fd3dace9e9d9a7f79a64fa648a6bf01
Parents: 398bd0a
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Mon Aug 17 11:16:10 2015 -0700
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Mon Aug 17 11:16:10 2015 -0700
----------------------------------------------------------------------
.../STORM/0.9.1.2.1/metainfo.xml | 2 +-
.../0.9.1.2.1/package/scripts/params_linux.py | 20 +++++++++++++-------
.../package/templates/storm_jaas.conf.j2 | 14 +++++++++++++-
3 files changed, 27 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4782a2/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
index 01ae032..fd5e58d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
@@ -117,7 +117,7 @@
<scriptType>PYTHON</scriptType>
<timeout>300</timeout>
</commandScript>
-
+
<requiredServices>
<service>ZOOKEEPER</service>
</requiredServices>
http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4782a2/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
index ec7573a..e7d524d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
@@ -103,11 +103,11 @@ if len(nimbus_hosts) > 1:
else:
# for non-HA Nimbus
actual_topology_max_replication_wait_time_sec = default_topology_max_replication_wait_time_sec
- actual_topology_min_replication_count = default_topology_min_replication_count
-
+ actual_topology_min_replication_count = default_topology_min_replication_count
+
if 'topology.max.replication.wait.time.sec.default' in config['configurations']['storm-site']:
del config['configurations']['storm-site']['topology.max.replication.wait.time.sec.default']
-if 'topology.min.replication.count.default' in config['configurations']['storm-site']:
+if 'topology.min.replication.count.default' in config['configurations']['storm-site']:
del config['configurations']['storm-site']['topology.min.replication.count.default']
rest_api_port = "8745"
@@ -145,12 +145,18 @@ if security_enabled:
nimbus_bare_jaas_principal = get_bare_principal(_nimbus_principal_name)
nimbus_keytab_path = config['configurations']['storm-env']['nimbus_keytab']
+kafka_bare_jaas_principal = None
if stack_is_hdp22_or_further:
if security_enabled:
storm_thrift_transport = config['configurations']['storm-site']['_storm.thrift.secure.transport']
+ # generate KafkaClient jaas config if kafka is kerberoized
+ _kafka_principal_name = default("/configurations/kafka-env/kafka_principal_name", None)
+ kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name)
+
else:
storm_thrift_transport = config['configurations']['storm-site']['_storm.thrift.nonsecure.transport']
+
ams_collector_hosts = default("/clusterHostInfo/metrics_collector_hosts", [])
has_metric_collector = not len(ams_collector_hosts) == 0
if has_metric_collector:
@@ -195,7 +201,7 @@ if has_ranger_admin:
xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
repo_config_password = unicode(config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
-
+
if xa_audit_db_flavor == 'mysql':
jdbc_symlink_name = "mysql-jdbc-driver.jar"
jdbc_jar_name = "mysql-connector-java.jar"
@@ -218,7 +224,7 @@ if has_ranger_admin:
jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
-
+
driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
driver_curl_target = format("{storm_component_home_dir}/lib/{jdbc_jar_name}")
@@ -228,7 +234,7 @@ if has_ranger_admin:
'nimbus.url': 'http://' + storm_ui_host[0].lower() + ':' + str(storm_ui_port),
'commonNameForCertificate': common_name_for_certificate
}
-
+
storm_ranger_plugin_repo = {
'isActive': 'true',
'config': json.dumps(storm_ranger_plugin_config),
@@ -237,7 +243,7 @@ if has_ranger_admin:
'repositoryType': 'storm',
'assetType': '6'
}
-
+
ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None
ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None
http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4782a2/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
index 75cf178..a3d226e 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
@@ -42,4 +42,16 @@ Client {
useTicketCache=false
serviceName="zookeeper"
principal="{{storm_jaas_principal}}";
-};
\ No newline at end of file
+};
+
+{% if kafka_bare_jaas_principal %}
+KafkaClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="{{storm_keytab_path}}"
+ storeKey=true
+ useTicketCache=false
+ serviceName="{{kafka_bare_jaas_principal}}"
+ principal="{{storm_jaas_principal}}";
+};
+{% endif %}