You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2015/08/17 20:17:01 UTC

ambari git commit: AMBARI-12756. Generate KafkaClient JaaS for Storm if Kafka is Kerberoized. (sriharsha via jaimin)

Repository: ambari
Updated Branches:
  refs/heads/branch-2.1.1 398bd0a12 -> 5e4782a20


AMBARI-12756. Generate KafkaClient JaaS for Storm if Kafka is Kerberoized. (sriharsha via jaimin)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5e4782a2
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5e4782a2
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5e4782a2

Branch: refs/heads/branch-2.1.1
Commit: 5e4782a20fd3dace9e9d9a7f79a64fa648a6bf01
Parents: 398bd0a
Author: Jaimin Jetly <ja...@hortonworks.com>
Authored: Mon Aug 17 11:16:10 2015 -0700
Committer: Jaimin Jetly <ja...@hortonworks.com>
Committed: Mon Aug 17 11:16:10 2015 -0700

----------------------------------------------------------------------
 .../STORM/0.9.1.2.1/metainfo.xml                |  2 +-
 .../0.9.1.2.1/package/scripts/params_linux.py   | 20 +++++++++++++-------
 .../package/templates/storm_jaas.conf.j2        | 14 +++++++++++++-
 3 files changed, 27 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4782a2/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
index 01ae032..fd5e58d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml
@@ -117,7 +117,7 @@
         <scriptType>PYTHON</scriptType>
         <timeout>300</timeout>
       </commandScript>
-      
+
       <requiredServices>
         <service>ZOOKEEPER</service>
       </requiredServices>

http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4782a2/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
index ec7573a..e7d524d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params_linux.py
@@ -103,11 +103,11 @@ if len(nimbus_hosts) > 1:
 else:
   # for non-HA Nimbus
   actual_topology_max_replication_wait_time_sec = default_topology_max_replication_wait_time_sec
-  actual_topology_min_replication_count = default_topology_min_replication_count 
-  
+  actual_topology_min_replication_count = default_topology_min_replication_count
+
 if 'topology.max.replication.wait.time.sec.default' in config['configurations']['storm-site']:
   del config['configurations']['storm-site']['topology.max.replication.wait.time.sec.default']
-if 'topology.min.replication.count.default' in config['configurations']['storm-site']:  
+if 'topology.min.replication.count.default' in config['configurations']['storm-site']:
   del config['configurations']['storm-site']['topology.min.replication.count.default']
 
 rest_api_port = "8745"
@@ -145,12 +145,18 @@ if security_enabled:
     nimbus_bare_jaas_principal = get_bare_principal(_nimbus_principal_name)
     nimbus_keytab_path = config['configurations']['storm-env']['nimbus_keytab']
 
+kafka_bare_jaas_principal = None
 if stack_is_hdp22_or_further:
   if security_enabled:
     storm_thrift_transport = config['configurations']['storm-site']['_storm.thrift.secure.transport']
+    # generate KafkaClient jaas config if kafka is kerberoized
+    _kafka_principal_name = default("/configurations/kafka-env/kafka_principal_name", None)
+    kafka_bare_jaas_principal = get_bare_principal(_kafka_principal_name)
+
   else:
     storm_thrift_transport = config['configurations']['storm-site']['_storm.thrift.nonsecure.transport']
 
+
 ams_collector_hosts = default("/clusterHostInfo/metrics_collector_hosts", [])
 has_metric_collector = not len(ams_collector_hosts) == 0
 if has_metric_collector:
@@ -195,7 +201,7 @@ if has_ranger_admin:
   xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
   repo_config_password = unicode(config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
   xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
-  
+
   if xa_audit_db_flavor == 'mysql':
     jdbc_symlink_name = "mysql-jdbc-driver.jar"
     jdbc_jar_name = "mysql-connector-java.jar"
@@ -218,7 +224,7 @@ if has_ranger_admin:
     jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
 
   downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
-  
+
   driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}")
   driver_curl_target = format("{storm_component_home_dir}/lib/{jdbc_jar_name}")
 
@@ -228,7 +234,7 @@ if has_ranger_admin:
     'nimbus.url': 'http://' + storm_ui_host[0].lower() + ':' + str(storm_ui_port),
     'commonNameForCertificate': common_name_for_certificate
   }
-  
+
   storm_ranger_plugin_repo = {
     'isActive': 'true',
     'config': json.dumps(storm_ranger_plugin_config),
@@ -237,7 +243,7 @@ if has_ranger_admin:
     'repositoryType': 'storm',
     'assetType': '6'
   }
-   
+
   ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
   xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.db'] if xml_configurations_supported else None
   ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) if xml_configurations_supported else None

http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4782a2/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
index 75cf178..a3d226e 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/templates/storm_jaas.conf.j2
@@ -42,4 +42,16 @@ Client {
    useTicketCache=false
    serviceName="zookeeper"
    principal="{{storm_jaas_principal}}";
-};
\ No newline at end of file
+};
+
+{% if kafka_bare_jaas_principal %}
+KafkaClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{storm_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   serviceName="{{kafka_bare_jaas_principal}}"
+   principal="{{storm_jaas_principal}}";
+};
+{% endif %}