You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/06/12 12:34:52 UTC
ambari git commit: AMBARI-19369. Add Kerberos HTTP SPNEGO
authentication support to Hadoop/hbase/kafka/storm sinks (Qin Liu via rlevas)
Repository: ambari
Updated Branches:
refs/heads/branch-2.5 e1ca8d7ca -> 0569efa7e
AMBARI-19369. Add Kerberos HTTP SPNEGO authentication support to Hadoop/hbase/kafka/storm sinks (Qin Liu via rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0569efa7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0569efa7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0569efa7
Branch: refs/heads/branch-2.5
Commit: 0569efa7e477f20f3d5847e07ea84a4848fe73af
Parents: e1ca8d7
Author: Qin Liu <qi...@gmail.com>
Authored: Mon Jun 12 08:34:42 2017 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Mon Jun 12 08:34:47 2017 -0400
----------------------------------------------------------------------
ambari-metrics/ambari-metrics-common/pom.xml | 5 ++
.../timeline/AbstractTimelineMetricsSink.java | 60 ++++++++++++++++++++
.../0.1.0/configuration/ams-hbase-env.xml | 4 +-
.../package/templates/hbase_master_jaas.conf.j2 | 10 ++++
.../templates/hbase_regionserver_jaas.conf.j2 | 10 ++++
.../package/templates/hbase_master_jaas.conf.j2 | 10 ++++
.../templates/hbase_regionserver_jaas.conf.j2 | 10 ++++
.../HDFS/2.1.0.2.0/package/scripts/hdfs.py | 17 ++++++
.../KAFKA/0.8.1/configuration/kafka-env.xml | 4 ++
.../0.8.1/configuration/kafka_jaas_conf.xml | 11 ++++
.../0.8.1/package/templates/kafka_jaas.conf.j2 | 11 ++++
.../0.9.1/package/scripts/storm_yaml_utils.py | 5 +-
.../0.9.1/package/templates/storm_jaas.conf.j2 | 10 ++++
.../2.1.0.2.0/package/scripts/params_linux.py | 32 +++++++----
.../YARN/2.1.0.2.0/package/scripts/yarn.py | 17 ++++++
.../package/templates/yarn_jaas.conf.j2 | 12 +++-
.../YARN/configuration-mapred/mapred-env.xml | 4 +-
.../services/HBASE/configuration/hbase-env.xml | 4 +-
.../services/HDFS/configuration/hadoop-env.xml | 7 +++
.../services/YARN/configuration/yarn-env.xml | 16 +++++-
.../services/HDFS/configuration/hadoop-env.xml | 7 +++
.../python/stacks/2.0.6/HDFS/test_datanode.py | 10 ++++
.../stacks/2.0.6/HDFS/test_journalnode.py | 11 +++-
.../python/stacks/2.0.6/HDFS/test_namenode.py | 24 ++++++--
.../python/stacks/2.0.6/HDFS/test_nfsgateway.py | 10 ++++
.../python/stacks/2.0.6/HDFS/test_snamenode.py | 12 +++-
.../test/python/stacks/2.0.6/HDFS/test_zkfc.py | 15 +++++
.../stacks/2.0.6/YARN/test_historyserver.py | 10 ++++
.../stacks/2.0.6/YARN/test_mapreduce2_client.py | 10 ++++
.../stacks/2.0.6/YARN/test_nodemanager.py | 10 ++++
.../stacks/2.0.6/YARN/test_resourcemanager.py | 10 ++++
.../stacks/2.0.6/YARN/test_yarn_client.py | 10 ++++
32 files changed, 371 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-metrics/ambari-metrics-common/pom.xml
----------------------------------------------------------------------
diff --git a/ambari-metrics/ambari-metrics-common/pom.xml b/ambari-metrics/ambari-metrics-common/pom.xml
index e97fab2..687b704 100644
--- a/ambari-metrics/ambari-metrics-common/pom.xml
+++ b/ambari-metrics/ambari-metrics-common/pom.xml
@@ -189,5 +189,10 @@
<artifactId>powermock-module-junit4</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ <version>4.2.5</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
----------------------------------------------------------------------
diff --git a/ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java b/ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
index 2c6fae2..249d96b 100644
--- a/ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
+++ b/ambari-metrics/ambari-metrics-common/src/main/java/org/apache/hadoop/metrics2/sink/timeline/AbstractTimelineMetricsSink.java
@@ -30,6 +30,7 @@ import org.apache.hadoop.metrics2.sink.timeline.availability.MetricCollectorHAHe
import org.apache.hadoop.metrics2.sink.timeline.availability.MetricCollectorUnavailableException;
import org.apache.hadoop.metrics2.sink.timeline.availability.MetricSinkWriteShardHostnameHashingStrategy;
import org.apache.hadoop.metrics2.sink.timeline.availability.MetricSinkWriteShardStrategy;
+import org.apache.http.HttpStatus;
import org.codehaus.jackson.map.AnnotationIntrospector;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.annotate.JsonSerialize;
@@ -81,6 +82,9 @@ public abstract class AbstractTimelineMetricsSink {
public static final String COLLECTOR_LIVE_NODES_PATH = "/ws/v1/timeline/metrics/livenodes";
public static final String INSTANCE_ID_PROPERTY = "instanceId";
public static final String SET_INSTANCE_ID_PROPERTY = "set.instanceId";
+ public static final String COOKIE = "Cookie";
+ private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
+ private static final String NEGOTIATE = "Negotiate";
protected static final AtomicInteger failedCollectorConnectionsCounter = new AtomicInteger(0);
public static int NUMBER_OF_SKIPPED_COLLECTOR_EXCEPTIONS = 100;
@@ -95,6 +99,7 @@ public abstract class AbstractTimelineMetricsSink {
private long lastFailedZkRequestTime = 0l;
private SSLSocketFactory sslSocketFactory;
+ private AppCookieManager appCookieManager = null;
protected final Log LOG;
@@ -155,6 +160,18 @@ public abstract class AbstractTimelineMetricsSink {
connection = connectUrl.startsWith("https") ?
getSSLConnection(connectUrl) : getConnection(connectUrl);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("emitMetricsJson to " + connectUrl + ", " + jsonData);
+ }
+ AppCookieManager appCookieManager = getAppCookieManager();
+ String appCookie = appCookieManager.getCachedAppCookie(connectUrl);
+ if (appCookie != null) {
+ if (LOG.isInfoEnabled()) {
+ LOG.info("Using cached app cookie for URL:" + connectUrl);
+ }
+ connection.setRequestProperty(COOKIE, appCookie);
+ }
+
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/json");
connection.setRequestProperty("Connection", "Keep-Alive");
@@ -169,6 +186,37 @@ public abstract class AbstractTimelineMetricsSink {
}
int statusCode = connection.getResponseCode();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("emitMetricsJson: statusCode = " + statusCode);
+ }
+
+ if (statusCode == HttpStatus.SC_UNAUTHORIZED ) {
+ String wwwAuthHeader = connection.getHeaderField(WWW_AUTHENTICATE);
+ if (LOG.isInfoEnabled()) {
+ LOG.info("Received WWW-Authentication header:" + wwwAuthHeader + ", for URL:" + connectUrl);
+ }
+ if (wwwAuthHeader != null && wwwAuthHeader.trim().startsWith(NEGOTIATE)) {
+ appCookie = appCookieManager.getAppCookie(connectUrl, true);
+ if (appCookie != null) {
+ connection.setRequestProperty(COOKIE, appCookie);
+
+ if (jsonData != null) {
+ try (OutputStream os = connection.getOutputStream()) {
+ os.write(jsonData.getBytes("UTF-8"));
+ }
+ }
+
+ statusCode = connection.getResponseCode();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("emitMetricsJson: statusCode2 = " + statusCode);
+ }
+ }
+ } else {
+ // no supported authentication type found
+ // we would let the original response propagate
+ LOG.error("Unsupported WWW-Authentication header:" + wwwAuthHeader+ ", for URL:" + connectUrl);
+ }
+ }
if (statusCode != 200) {
LOG.info("Unable to POST metrics to collector, " + connectUrl + ", " +
@@ -257,6 +305,18 @@ public abstract class AbstractTimelineMetricsSink {
}
/**
+ * Get the associated app cookie manager.
+ *
+ * @return the app cookie manager
+ */
+ public synchronized AppCookieManager getAppCookieManager() {
+ if (appCookieManager == null) {
+ appCookieManager = new AppCookieManager();
+ }
+ return appCookieManager;
+ }
+
+ /**
* Cleans up and closes an input stream
* see http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-keepalive.html
* @param is the InputStream to clean up
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-env.xml b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-env.xml
index a620c5b..b8af05d 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-env.xml
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/configuration/ams-hbase-env.xml
@@ -252,8 +252,8 @@ export HBASE_MANAGES_ZK=false
{% if security_enabled %}
export HBASE_OPTS="$HBASE_OPTS -Djava.security.auth.login.config={{client_jaas_config_file}}"
-export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Djava.security.auth.login.config={{master_jaas_config_file}}"
-export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config={{regionserver_jaas_config_file}}"
+export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Djava.security.auth.login.config={{master_jaas_config_file}} -Djavax.security.auth.useSubjectCredsOnly=false"
+export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Djava.security.auth.login.config={{regionserver_jaas_config_file}} -Djavax.security.auth.useSubjectCredsOnly=false"
export HBASE_ZOOKEEPER_OPTS="$HBASE_ZOOKEEPER_OPTS -Djava.security.auth.login.config={{ams_zookeeper_jaas_config_file}}"
{% endif %}
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_master_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_master_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_master_jaas.conf.j2
index a93c36c..4bb0fc1 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_master_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_master_jaas.conf.j2
@@ -24,3 +24,13 @@ useTicketCache=false
keyTab="{{master_keytab_path}}"
principal="{{master_jaas_princ}}";
};
+com.sun.security.jgss.krb5.initiate {
+com.sun.security.auth.module.Krb5LoginModule required
+renewTGT=false
+doNotPrompt=true
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="{{master_keytab_path}}"
+principal="{{master_jaas_princ}}";
+};
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_regionserver_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_regionserver_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_regionserver_jaas.conf.j2
index 7097481..c9973ca 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_regionserver_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/templates/hbase_regionserver_jaas.conf.j2
@@ -24,3 +24,13 @@ useTicketCache=false
keyTab="{{regionserver_keytab_path}}"
principal="{{regionserver_jaas_princ}}";
};
+com.sun.security.jgss.krb5.initiate {
+com.sun.security.auth.module.Krb5LoginModule required
+renewTGT=false
+doNotPrompt=true
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="{{regionserver_keytab_path}}"
+principal="{{regionserver_jaas_princ}}";
+};
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_master_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_master_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_master_jaas.conf.j2
index a93c36c..4bb0fc1 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_master_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_master_jaas.conf.j2
@@ -24,3 +24,13 @@ useTicketCache=false
keyTab="{{master_keytab_path}}"
principal="{{master_jaas_princ}}";
};
+com.sun.security.jgss.krb5.initiate {
+com.sun.security.auth.module.Krb5LoginModule required
+renewTGT=false
+doNotPrompt=true
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="{{master_keytab_path}}"
+principal="{{master_jaas_princ}}";
+};
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_regionserver_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_regionserver_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_regionserver_jaas.conf.j2
index 7097481..c9973ca 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_regionserver_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_regionserver_jaas.conf.j2
@@ -24,3 +24,13 @@ useTicketCache=false
keyTab="{{regionserver_keytab_path}}"
principal="{{regionserver_jaas_princ}}";
};
+com.sun.security.jgss.krb5.initiate {
+com.sun.security.auth.module.Krb5LoginModule required
+renewTGT=false
+doNotPrompt=true
+useKeyTab=true
+storeKey=true
+useTicketCache=false
+keyTab="{{regionserver_keytab_path}}"
+principal="{{regionserver_jaas_princ}}";
+};
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
index 1264284..f15c5d6 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
@@ -46,6 +46,23 @@ def hdfs(name=None):
)
if params.security_enabled:
+ File(os.path.join(params.hadoop_conf_dir, 'hdfs_dn_jaas.conf'),
+ owner=params.hdfs_user,
+ group=params.user_group,
+ content=Template("hdfs_dn_jaas.conf.j2")
+ )
+ File(os.path.join(params.hadoop_conf_dir, 'hdfs_nn_jaas.conf'),
+ owner=params.hdfs_user,
+ group=params.user_group,
+ content=Template("hdfs_nn_jaas.conf.j2")
+ )
+ if params.dfs_ha_enabled:
+ File(os.path.join(params.hadoop_conf_dir, 'hdfs_jn_jaas.conf'),
+ owner=params.hdfs_user,
+ group=params.user_group,
+ content=Template("hdfs_jn_jaas.conf.j2")
+ )
+
tc_mode = 0644
tc_owner = "root"
else:
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml
index 91af58e..ad81d66 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka-env.xml
@@ -88,7 +88,11 @@ export JAVA_HOME={{java64_home}}
export PATH=$PATH:$JAVA_HOME/bin
export PID_DIR={{kafka_pid_dir}}
export LOG_DIR={{kafka_log_dir}}
+{% if security_enabled %}
+export KAFKA_KERBEROS_PARAMS="-Djavax.security.auth.useSubjectCredsOnly=false {{kafka_kerberos_params}}"
+{% else %}
export KAFKA_KERBEROS_PARAMS={{kafka_kerberos_params}}
+{% endif %}
# Add kafka sink to classpath and related depenencies
if [ -e "/usr/lib/ambari-metrics-kafka-sink/ambari-metrics-kafka-sink.jar" ]; then
export CLASSPATH=$CLASSPATH:/usr/lib/ambari-metrics-kafka-sink/ambari-metrics-kafka-sink.jar
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
index fdde8f2..8ceb891 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
@@ -49,6 +49,17 @@ useTicketCache=false
serviceName="zookeeper"
principal="{{kafka_jaas_principal}}";
};
+com.sun.security.jgss.krb5.initiate {
+ com.sun.security.auth.module.Krb5LoginModule required
+ renewTGT=false
+ doNotPrompt=true
+ useKeyTab=true
+ keyTab="{{kafka_keytab_path}}"
+ storeKey=true
+ useTicketCache=false
+ serviceName="{{kafka_bare_jaas_principal}}"
+ principal="{{kafka_jaas_principal}}";
+};
</value>
<value-attributes>
<type>content</type>
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/templates/kafka_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/templates/kafka_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/templates/kafka_jaas.conf.j2
index 56c558d..1d9e61d 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/templates/kafka_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/templates/kafka_jaas.conf.j2
@@ -39,3 +39,14 @@ Client {
serviceName="zookeeper"
principal="{{kafka_jaas_principal}}";
};
+com.sun.security.jgss.krb5.initiate {
+ com.sun.security.auth.module.Krb5LoginModule required
+ renewTGT=false
+ doNotPrompt=true
+ useKeyTab=true
+ keyTab="{{kafka_keytab_path}}"
+ storeKey=true
+ useTicketCache=false
+ serviceName="{{kafka_bare_jaas_principal}}"
+ principal="{{kafka_jaas_principal}}";
+};
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/storm_yaml_utils.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/storm_yaml_utils.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/storm_yaml_utils.py
index 9d78e71..557c9dc 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/storm_yaml_utils.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/storm_yaml_utils.py
@@ -27,7 +27,10 @@ from resource_management.core.resources.system import File
def replace_jaas_placeholder(name, security_enabled, conf_dir):
if name.find('_JAAS_PLACEHOLDER') > -1:
if security_enabled:
- return name.replace('_JAAS_PLACEHOLDER', '-Djava.security.auth.login.config=' + conf_dir + '/storm_jaas.conf')
+ if name.find('Nimbus_JVM') > -1:
+ return name.replace('_JAAS_PLACEHOLDER', '-Djava.security.auth.login.config=' + conf_dir + '/storm_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false')
+ else:
+ return name.replace('_JAAS_PLACEHOLDER', '-Djava.security.auth.login.config=' + conf_dir + '/storm_jaas.conf')
else:
return name.replace('_JAAS_PLACEHOLDER', '')
else:
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
index c22cb51..d131e62 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/templates/storm_jaas.conf.j2
@@ -41,6 +41,16 @@ RegistryClient {
useTicketCache=false
principal="{{storm_jaas_principal}}";
};
+com.sun.security.jgss.krb5.initiate {
+ com.sun.security.auth.module.Krb5LoginModule required
+ renewTGT=false
+ doNotPrompt=true
+ useKeyTab=true
+ keyTab="{{nimbus_keytab_path}}"
+ principal="{{nimbus_jaas_principal}}"
+ storeKey=true
+ useTicketCache=false;
+};
{% endif %}
Client {
com.sun.security.auth.module.Krb5LoginModule required
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index 03f53d4..f28274b 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -242,6 +242,9 @@ nm_hosts = default("/clusterHostInfo/nm_hosts", [])
# don't using len(nm_hosts) here, because check can take too much time on large clusters
number_of_nm = 1
+hs_host = default("/clusterHostInfo/hs_host", [])
+has_hs = not len(hs_host) == 0
+
# default kinit commands
rm_kinit_cmd = ""
yarn_timelineservice_kinit_cmd = ""
@@ -265,19 +268,26 @@ if security_enabled:
# YARN timeline security options
if has_ats:
- _yarn_timelineservice_principal_name = config['configurations']['yarn-site']['yarn.timeline-service.principal']
- _yarn_timelineservice_principal_name = _yarn_timelineservice_principal_name.replace('_HOST', hostname.lower())
- _yarn_timelineservice_keytab = config['configurations']['yarn-site']['yarn.timeline-service.keytab']
- yarn_timelineservice_kinit_cmd = format("{kinit_path_local} -kt {_yarn_timelineservice_keytab} {_yarn_timelineservice_principal_name};")
+ yarn_timelineservice_principal_name = config['configurations']['yarn-site']['yarn.timeline-service.principal']
+ yarn_timelineservice_principal_name = yarn_timelineservice_principal_name.replace('_HOST', hostname.lower())
+ yarn_timelineservice_keytab = config['configurations']['yarn-site']['yarn.timeline-service.keytab']
+ yarn_timelineservice_kinit_cmd = format("{kinit_path_local} -kt {yarn_timelineservice_keytab} {yarn_timelineservice_principal_name};")
+ yarn_ats_jaas_file = os.path.join(config_dir, 'yarn_ats_jaas.conf')
if 'yarn.nodemanager.principal' in config['configurations']['yarn-site']:
- _nodemanager_principal_name = default('/configurations/yarn-site/yarn.nodemanager.principal', None)
- if _nodemanager_principal_name:
- _nodemanager_principal_name = _nodemanager_principal_name.replace('_HOST', hostname.lower())
-
- _nodemanager_keytab = config['configurations']['yarn-site']['yarn.nodemanager.keytab']
- nodemanager_kinit_cmd = format("{kinit_path_local} -kt {_nodemanager_keytab} {_nodemanager_principal_name};")
-
+ nodemanager_principal_name = default('/configurations/yarn-site/yarn.nodemanager.principal', None)
+ if nodemanager_principal_name:
+ nodemanager_principal_name = nodemanager_principal_name.replace('_HOST', hostname.lower())
+
+ nodemanager_keytab = config['configurations']['yarn-site']['yarn.nodemanager.keytab']
+ nodemanager_kinit_cmd = format("{kinit_path_local} -kt {nodemanager_keytab} {nodemanager_principal_name};")
+ yarn_nm_jaas_file = os.path.join(config_dir, 'yarn_nm_jaas.conf')
+
+ if has_hs:
+ mapred_jhs_principal_name = config['configurations']['mapred-site']['mapreduce.jobhistory.principal']
+ mapred_jhs_principal_name = mapred_jhs_principal_name.replace('_HOST', hostname.lower())
+ mapred_jhs_keytab = config['configurations']['mapred-site']['mapreduce.jobhistory.keytab']
+ mapred_jaas_file = os.path.join(config_dir, 'mapred_jaas.conf')
yarn_log_aggregation_enabled = config['configurations']['yarn-site']['yarn.log-aggregation-enable']
yarn_nm_app_log_dir = config['configurations']['yarn-site']['yarn.nodemanager.remote-app-log-dir']
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
index 3e5c51d..3300875 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
@@ -434,6 +434,23 @@ def yarn(name=None, config_dir=None):
group=params.user_group,
content=Template("yarn_jaas.conf.j2")
)
+ if params.has_ats:
+ File(os.path.join(config_dir, 'yarn_ats_jaas.conf'),
+ owner=params.yarn_user,
+ group=params.user_group,
+ content=Template("yarn_ats_jaas.conf.j2")
+ )
+ File(os.path.join(config_dir, 'yarn_nm_jaas.conf'),
+ owner=params.yarn_user,
+ group=params.user_group,
+ content=Template("yarn_nm_jaas.conf.j2")
+ )
+ if params.has_hs:
+ File(os.path.join(config_dir, 'mapred_jaas.conf'),
+ owner=params.mapred_user,
+ group=params.user_group,
+ content=Template("mapred_jaas.conf.j2")
+ )
else:
File(os.path.join(config_dir, 'taskcontroller.cfg'),
owner=tc_owner,
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/templates/yarn_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/templates/yarn_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/templates/yarn_jaas.conf.j2
index 483c815..99f0a1b 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/templates/yarn_jaas.conf.j2
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/templates/yarn_jaas.conf.j2
@@ -23,4 +23,14 @@ Client {
useTicketCache=false
keyTab="{{rm_keytab}}"
principal="{{rm_principal_name}}";
-};
\ No newline at end of file
+};
+com.sun.security.jgss.krb5.initiate {
+ com.sun.security.auth.module.Krb5LoginModule required
+ renewTGT=false
+ doNotPrompt=true
+ useKeyTab=true
+ keyTab="{{rm_keytab}}"
+ principal="{{rm_principal_name}}"
+ storeKey=true
+ useTicketCache=false;
+};
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/configuration-mapred/mapred-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/configuration-mapred/mapred-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/configuration-mapred/mapred-env.xml
index 869f44a..67d33db 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/configuration-mapred/mapred-env.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/configuration-mapred/mapred-env.xml
@@ -32,7 +32,9 @@ export HADOOP_JOB_HISTORYSERVER_HEAPSIZE={{jobhistory_heapsize}}
export HADOOP_MAPRED_ROOT_LOGGER=INFO,RFA
-#export HADOOP_JOB_HISTORYSERVER_OPTS=
+{% if security_enabled %}
+export HADOOP_JOB_HISTORYSERVER_OPTS="-Djava.security.auth.login.config={{mapred_jaas_file}} -Djavax.security.auth.useSubjectCredsOnly=false"
+{% endif %}
#export HADOOP_MAPRED_LOG_DIR="" # Where log files are stored. $HADOOP_MAPRED_HOME/logs by default.
#export HADOOP_JHS_LOGGER=INFO,RFA # Hadoop JobSummary logger.
#export HADOOP_MAPRED_PID_DIR= # The pid files are stored. /tmp by default.
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/hbase-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/hbase-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/hbase-env.xml
index d2b3671..45e137c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/hbase-env.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/hbase-env.xml
@@ -90,8 +90,8 @@ JDK_DEPENDED_OPTS="-XX:PermSize=128m -XX:MaxPermSize=128m"
{% if security_enabled %}
export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC -XX:ErrorFile={{log_dir}}/hs_err_pid%p.log -Djava.security.auth.login.config={{client_jaas_config_file}} -Djava.io.tmpdir={{java_io_tmpdir}}"
-export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx{{master_heapsize}} -Djava.security.auth.login.config={{master_jaas_config_file}} $JDK_DEPENDED_OPTS"
-export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70 -Xms{{regionserver_heapsize}} -Xmx{{regionserver_heapsize}} -Djava.security.auth.login.config={{regionserver_jaas_config_file}} $JDK_DEPENDED_OPTS"
+export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Xmx{{master_heapsize}} -Djava.security.auth.login.config={{master_jaas_config_file}} -Djavax.security.auth.useSubjectCredsOnly=false $JDK_DEPENDED_OPTS"
+export HBASE_REGIONSERVER_OPTS="$HBASE_REGIONSERVER_OPTS -Xmn{{regionserver_xmn_size}} -XX:CMSInitiatingOccupancyFraction=70 -Xms{{regionserver_heapsize}} -Xmx{{regionserver_heapsize}} -Djava.security.auth.login.config={{regionserver_jaas_config_file}} -Djavax.security.auth.useSubjectCredsOnly=false $JDK_DEPENDED_OPTS"
export PHOENIX_QUERYSERVER_OPTS="$PHOENIX_QUERYSERVER_OPTS -Djava.security.auth.login.config={{queryserver_jaas_config_file}}"
{% else %}
export HBASE_OPTS="$HBASE_OPTS -XX:+UseConcMarkSweepGC -XX:ErrorFile={{log_dir}}/hs_err_pid%p.log -Djava.io.tmpdir={{java_io_tmpdir}}"
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml
index bcee896..7ff98ab 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/hadoop-env.xml
@@ -81,6 +81,13 @@ export HADOOP_SECONDARYNAMENODE_OPTS="${SHARED_HADOOP_NAMENODE_OPTS} -XX:OnOutOf
export HADOOP_CLIENT_OPTS="-Xmx${HADOOP_HEAPSIZE}m $HADOOP_CLIENT_OPTS"
{% endif %}
+{% if security_enabled %}
+export HADOOP_NAMENODE_OPTS="$HADOOP_NAMENODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_nn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+export HADOOP_SECONDARYNAMENODE_OPTS="$HADOOP_SECONDARYNAMENODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_nn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+export HADOOP_DATANODE_OPTS="$HADOOP_DATANODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_dn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+export HADOOP_JOURNALNODE_OPTS="$HADOOP_JOURNALNODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_jn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+{% endif %}
+
HADOOP_NFS3_OPTS="-Xmx{{nfsgateway_heapsize}}m -Dhadoop.security.logger=ERROR,DRFAS ${HADOOP_NFS3_OPTS}"
HADOOP_BALANCER_OPTS="-server -Xmx{{hadoop_heapsize}}m ${HADOOP_BALANCER_OPTS}"
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/yarn-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/yarn-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/yarn-env.xml
index 190684c..9bfa2fe 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/yarn-env.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/yarn-env.xml
@@ -90,8 +90,9 @@
# Specify the JVM options to be used when starting the ResourceManager.
# These options will be appended to the options specified as YARN_OPTS
# and therefore may override any similar flags set in YARN_OPTS
- #export YARN_RESOURCEMANAGER_OPTS=
-
+ {% if security_enabled %}
+ export YARN_RESOURCEMANAGER_OPTS="-Djava.security.auth.login.config={{yarn_jaas_file}}"
+ {% endif %}
# Node Manager specific parameters
# Specify the max Heapsize for the NodeManager using a numerical value
@@ -112,10 +113,16 @@
# or JAVA_HEAP_MAX with YARN_HEAPMAX as the preferred option of the two.
export YARN_TIMELINESERVER_HEAPSIZE={{apptimelineserver_heapsize}}
+ {% if security_enabled %}
+ export YARN_TIMELINESERVER_OPTS="-Djava.security.auth.login.config={{yarn_ats_jaas_file}}"
+ {% endif %}
+
# Specify the JVM options to be used when starting the NodeManager.
# These options will be appended to the options specified as YARN_OPTS
# and therefore may override any similar flags set in YARN_OPTS
- #export YARN_NODEMANAGER_OPTS=
+ {% if security_enabled %}
+ export YARN_NODEMANAGER_OPTS="-Djava.security.auth.login.config={{yarn_nm_jaas_file}}"
+ {% endif %}
# so that filenames w/ spaces are handled correctly in loops below
IFS=
@@ -153,6 +160,9 @@
fi
YARN_OPTS="$YARN_OPTS -Dyarn.policy.file=$YARN_POLICYFILE"
YARN_OPTS="$YARN_OPTS -Djava.io.tmpdir={{hadoop_java_io_tmpdir}}"
+ {% if security_enabled %}
+ YARN_OPTS="$YARN_OPTS -Djavax.security.auth.useSubjectCredsOnly=false"
+ {% endif %}
</value>
<value-attributes>
<type>content</type>
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml
index 1bfd2fe..eb04aa4 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/services/HDFS/configuration/hadoop-env.xml
@@ -81,6 +81,13 @@ export HADOOP_SECONDARYNAMENODE_OPTS="${SHARED_HADOOP_NAMENODE_OPTS} -XX:OnOutOf
export HADOOP_CLIENT_OPTS="-Xmx${HADOOP_HEAPSIZE}m $HADOOP_CLIENT_OPTS"
{% endif %}
+{% if security_enabled %}
+export HADOOP_NAMENODE_OPTS="$HADOOP_NAMENODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_nn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+export HADOOP_SECONDARYNAMENODE_OPTS="$HADOOP_SECONDARYNAMENODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_nn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+export HADOOP_DATANODE_OPTS="$HADOOP_DATANODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_dn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+export HADOOP_JOURNALNODE_OPTS="$HADOOP_JOURNALNODE_OPTS -Djava.security.auth.login.config={{hadoop_conf_dir}}/hdfs_jn_jaas.conf -Djavax.security.auth.useSubjectCredsOnly=false"
+{% endif %}
+
HADOOP_NFS3_OPTS="-Xmx{{nfsgateway_heapsize}}m -Dhadoop.security.logger=ERROR,DRFAS ${HADOOP_NFS3_OPTS}"
HADOOP_BALANCER_OPTS="-server -Xmx{{hadoop_heapsize}}m ${HADOOP_BALANCER_OPTS}"
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
index 5702b57..d2968f8 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
@@ -416,6 +416,16 @@ class TestDatanode(RMFTestCase):
group = 'root',
mode = 0644,
)
+ self.assertResourceCalled('File', conf_dir + '/hdfs_dn_jaas.conf',
+ content = Template('hdfs_dn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', conf_dir + '/hdfs_nn_jaas.conf',
+ content = Template('hdfs_nn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'hdfs-site.xml',
owner = 'hdfs',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
index 2202661..ff8f92e 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
@@ -230,6 +230,16 @@ class TestJournalnode(RMFTestCase):
group = 'root',
mode = 0644,
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_dn_jaas.conf',
+ content = Template('hdfs_dn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_nn_jaas.conf',
+ content = Template('hdfs_nn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'hdfs-site.xml',
owner = 'hdfs',
group = 'hadoop',
@@ -251,7 +261,6 @@ class TestJournalnode(RMFTestCase):
)
-
@patch('time.sleep')
def test_post_upgrade_restart(self, time_mock):
# load the NN and JN JMX files so that the urllib2.urlopen mock has data
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
index 02edff4..acd40b0 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
@@ -289,7 +289,7 @@ class TestNamenode(RMFTestCase):
stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
- self.assert_configure_secured()
+ self.assert_configure_secured(False)
self.assertNoMoreResources()
@@ -302,7 +302,7 @@ class TestNamenode(RMFTestCase):
target = RMFTestCase.TARGET_COMMON_SERVICES,
call_mocks = [(0,"")],
)
- self.assert_configure_secured()
+ self.assert_configure_secured(False)
self.assertResourceCalled('File', '/etc/hadoop/conf/dfs.exclude',
owner = 'hdfs',
content = Template('exclude_hosts_list.j2'),
@@ -622,7 +622,7 @@ class TestNamenode(RMFTestCase):
stack_version = self.STACK_VERSION,
target = RMFTestCase.TARGET_COMMON_SERVICES
)
- self.assert_configure_secured()
+ self.assert_configure_secured(True)
self.assertResourceCalled('File', '/etc/hadoop/conf/dfs.exclude',
owner = 'hdfs',
content = Template('exclude_hosts_list.j2'),
@@ -1153,7 +1153,7 @@ class TestNamenode(RMFTestCase):
cd_access='a'
)
- def assert_configure_secured(self):
+ def assert_configure_secured(self, ha_enabled):
self.assertResourceCalled('Directory', '/usr/lib/hadoop/lib/native/Linux-i386-32',
create_parents = True,
)
@@ -1177,6 +1177,22 @@ class TestNamenode(RMFTestCase):
group = 'root',
mode = 0644,
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_dn_jaas.conf',
+ content = Template('hdfs_dn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_nn_jaas.conf',
+ content = Template('hdfs_nn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ if ha_enabled:
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_jn_jaas.conf',
+ content = Template('hdfs_jn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'hdfs-site.xml',
owner = 'hdfs',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
index b8fee12..de425cd 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
@@ -243,6 +243,16 @@ class TestNFSGateway(RMFTestCase):
group = 'root',
mode = 0644,
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_dn_jaas.conf',
+ content = Template('hdfs_dn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_nn_jaas.conf',
+ content = Template('hdfs_nn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'hdfs-site.xml',
owner = 'hdfs',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
index 9e9366d..b3d7016 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
@@ -248,6 +248,16 @@ class TestSNamenode(RMFTestCase):
group = 'root',
mode = 0644,
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_dn_jaas.conf',
+ content = Template('hdfs_dn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_nn_jaas.conf',
+ content = Template('hdfs_nn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'hdfs-site.xml',
owner = 'hdfs',
group = 'hadoop',
@@ -274,4 +284,4 @@ class TestSNamenode(RMFTestCase):
mode = 0755,
create_parents = True,
cd_access='a'
- )
\ No newline at end of file
+ )
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
index ca1a5ba..0fe200c 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
@@ -154,6 +154,21 @@ class TestZkfc(RMFTestCase):
group = 'root',
mode = 0644,
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_dn_jaas.conf',
+ content = Template('hdfs_dn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_nn_jaas.conf',
+ content = Template('hdfs_nn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/hdfs_jn_jaas.conf',
+ content = Template('hdfs_jn_jaas.conf.j2'),
+ owner = 'hdfs',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'hdfs-site.xml',
owner = 'hdfs',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
index 4f22416..dfeb4be 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
@@ -715,6 +715,16 @@ class TestHistoryServer(RMFTestCase):
owner = 'yarn',
group = 'hadoop',
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/yarn_nm_jaas.conf',
+ content = Template('yarn_nm_jaas.conf.j2'),
+ owner = 'yarn',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/mapred_jaas.conf',
+ content = Template('mapred_jaas.conf.j2'),
+ owner = 'mapred',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'mapred-site.xml',
owner = 'mapred',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py
index b05d9f2..7e06969 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_client.py
@@ -346,6 +346,16 @@ class TestMapReduce2Client(RMFTestCase):
owner = 'yarn',
group = 'hadoop',
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/yarn_nm_jaas.conf',
+ content = Template('yarn_nm_jaas.conf.j2'),
+ owner = 'yarn',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/mapred_jaas.conf',
+ content = Template('mapred_jaas.conf.j2'),
+ owner = 'mapred',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'mapred-site.xml',
owner = 'mapred',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
index 63c8a90..ed8fb27 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
@@ -526,6 +526,16 @@ class TestNodeManager(RMFTestCase):
owner = 'yarn',
group = 'hadoop',
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/yarn_nm_jaas.conf',
+ content = Template('yarn_nm_jaas.conf.j2'),
+ owner = 'yarn',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/mapred_jaas.conf',
+ content = Template('mapred_jaas.conf.j2'),
+ owner = 'mapred',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'mapred-site.xml',
owner = 'mapred',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
index 1616e18..e8b5f78 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
@@ -500,6 +500,16 @@ class TestResourceManager(RMFTestCase):
owner = 'yarn',
group = 'hadoop',
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/yarn_nm_jaas.conf',
+ content = Template('yarn_nm_jaas.conf.j2'),
+ owner = 'yarn',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/mapred_jaas.conf',
+ content = Template('mapred_jaas.conf.j2'),
+ owner = 'mapred',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'mapred-site.xml',
owner = 'mapred',
group = 'hadoop',
http://git-wip-us.apache.org/repos/asf/ambari/blob/0569efa7/ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py
index 8873fbf..f71c93a 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_yarn_client.py
@@ -346,6 +346,16 @@ class TestYarnClient(RMFTestCase):
owner = 'yarn',
group = 'hadoop',
)
+ self.assertResourceCalled('File', '/etc/hadoop/conf/yarn_nm_jaas.conf',
+ content = Template('yarn_nm_jaas.conf.j2'),
+ owner = 'yarn',
+ group = 'hadoop',
+ )
+ self.assertResourceCalled('File', '/etc/hadoop/conf/mapred_jaas.conf',
+ content = Template('mapred_jaas.conf.j2'),
+ owner = 'mapred',
+ group = 'hadoop',
+ )
self.assertResourceCalled('XmlConfig', 'mapred-site.xml',
owner = 'mapred',
group = 'hadoop',