You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sm...@apache.org on 2015/10/23 18:05:47 UTC
ambari git commit: AMBARI-13435. Ambari to support three topology
config files for Knox (Sumit Gupta via smohanty)
Repository: ambari
Updated Branches:
refs/heads/trunk 2ac17444b -> bf0e3db8e
AMBARI-13435. Ambari to support three topology config files for Knox (Sumit Gupta via smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bf0e3db8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bf0e3db8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bf0e3db8
Branch: refs/heads/trunk
Commit: bf0e3db8ea16de66b447822fd86ad4ff0a12ca79
Parents: 2ac1744
Author: Sumit Mohanty <sm...@hortonworks.com>
Authored: Fri Oct 23 09:05:30 2015 -0700
Committer: Sumit Mohanty <sm...@hortonworks.com>
Committed: Fri Oct 23 09:05:30 2015 -0700
----------------------------------------------------------------------
.../0.5.0.2.2/configuration/admin-topology.xml | 96 ++++++++++++++++++++
.../common-services/KNOX/0.5.0.2.2/metainfo.xml | 2 +
.../KNOX/0.5.0.2.2/package/scripts/knox.py | 17 ++++
.../0.5.0.2.2/package/scripts/params_linux.py | 2 +
.../0.5.0.2.2/package/scripts/params_windows.py | 2 +
.../KNOX/configuration/knoxsso-topology.xml | 93 +++++++++++++++++++
.../python/stacks/2.2/KNOX/test_knox_gateway.py | 10 ++
.../test/python/stacks/2.2/configs/default.json | 4 +
ambari-web/app/models/stack_service.js | 2 +-
9 files changed, 227 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml
new file mode 100644
index 0000000..b6b09ed
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false" supports_adding_forbidden="true">
+ <!-- topology file -->
+
+ <property>
+ <name>content</name>
+ <value>
+ <topology>
+
+ <gateway>
+
+ <provider>
+ <role>authentication</role>
+ <name>ShiroProvider</name>
+ <enabled>true</enabled>
+ <param>
+ <name>sessionTimeout</name>
+ <value>30</value>
+ </param>
+ <param>
+ <name>main.ldapRealm</name>
+ <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.userDnTemplate</name>
+ <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.url</name>
+ <value>ldap://{{knox_host_name}}:33389</value>
+ </param>
+ <param>
+ <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
+ <value>simple</value>
+ </param>
+ <param>
+ <name>urls./**</name>
+ <value>authcBasic</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>authorization</role>
+ <name>AclsAuthz</name>
+ <enabled>true</enabled>
+ <param>
+ <name>knox.acl</name>
+ <value>admin;*;*</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>identity-assertion</role>
+ <name>Default</name>
+ <enabled>true</enabled>
+ </provider>
+
+ </gateway>
+
+ <service>
+ <role>KNOX</role>
+ </service>
+
+ </topology>
+
+ </value>
+ <description>
+ The configuration specifies the Knox admin API configuration and access details. The authentication provider should be configured to match your deployment details.
+ </description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml
index 34f55ff..657a300 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml
@@ -64,6 +64,8 @@
<config-type>gateway-site</config-type>
<config-type>gateway-log4j</config-type>
<config-type>topology</config-type>
+ <config-type>admin-topology</config-type>
+ <config-type>knoxsso-topology</config-type>
<config-type>ranger-knox-plugin-properties</config-type>
<config-type>ranger-knox-audit</config-type>
<config-type>ranger-knox-policymgr-ssl</config-type>
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
index 055b76e..bb0bbfe 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
@@ -60,6 +60,18 @@ def knox():
content=InlineTemplate(params.topology_template)
)
+ File(os.path.join(params.knox_conf_dir, "topologies", "admin.xml"),
+ group=params.knox_group,
+ owner=params.knox_user,
+ content=InlineTemplate(params.admin_topology_template)
+ )
+
+ File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
+ group=params.knox_group,
+ owner=params.knox_user,
+ content=InlineTemplate(params.knoxsso_topology_template)
+ )
+
if params.security_enabled:
TemplateConfig( os.path.join(params.knox_conf_dir, "krb5JAASLogin.conf"),
owner = params.knox_user,
@@ -104,6 +116,11 @@ def knox():
owner=params.knox_user,
content=InlineTemplate(params.topology_template)
)
+ File(format("{params.knox_conf_dir}/topologies/admin.xml"),
+ group=params.knox_group,
+ owner=params.knox_user,
+ content=InlineTemplate(params.admin_topology_template)
+ )
if params.security_enabled:
TemplateConfig( format("{knox_conf_dir}/krb5JAASLogin.conf"),
owner = params.knox_user,
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
index 5d4ff69..36d542f 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
@@ -216,6 +216,8 @@ knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0]
knox_host_name_in_cluster = config['hostname']
knox_host_port = config['configurations']['gateway-site']['gateway.port']
topology_template = config['configurations']['topology']['content']
+admin_topology_template = config['configurations']['admin-topology']['content']
+knoxsso_topology_template = config['configurations']['knoxsso-topology']['content']
gateway_log4j = config['configurations']['gateway-log4j']['content']
ldap_log4j = config['configurations']['ldap-log4j']['content']
users_ldif = config['configurations']['users-ldif']['content']
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py
index 50acbe7..e044d9a 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py
@@ -57,6 +57,8 @@ knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0]
knox_host_name_in_cluster = config['hostname']
knox_master_secret = config['configurations']['knox-env']['knox_master_secret']
topology_template = config['configurations']['topology']['content']
+admin_topology_template = config['configurations']['admin-topology']['content']
+knoxsso_topology_template = config['configurations']['knoxsso-topology']['content']
gateway_log4j = config['configurations']['gateway-log4j']['content']
security_enabled = config['configurations']['cluster-env']['security_enabled']
ldap_log4j = config['configurations']['ldap-log4j']['content']
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
new file mode 100644
index 0000000..0a617ad
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false" supports_adding_forbidden="true">
+ <!-- topology file -->
+
+ <property>
+ <name>content</name>
+ <value>
+ <topology>
+
+ <gateway>
+
+ <provider>
+ <role>federation</role>
+ <name>Picketlink</name>
+ <enabled>true</enabled>
+ <param>
+ <name>identity.url</name>
+ <value>https://SSO_PROVIDER_HOST_NAME:SSO_PROVIDER_PORT/idp/profile/SAML2/POST/SSO</value>
+ </param>
+ <param>
+ <name>service.url</name>
+ <value>http://{{knox_host_name}}:{{knox_port}}/gateway/idp/knoxsso/api/v1/websso</value>
+ </param>
+ <param>
+ <name>keystore.url</name>
+ <value>{{knox_cert_store_path}}</value>
+ </param>
+ <param>
+ <name>validating.alias.key</name>
+ <value>SSO_PROVIDER_DOMAIN</value>
+ </param>
+ <param>
+ <name>validating.alias.value</name>
+ <value>SSO_PROVIDER_CERT_ALIAS</value>
+ </param>
+ <param>
+ <name>clock.skew.milis</name>
+ <value>2000</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>identity-assertion</role>
+ <name>Default</name>
+ <enabled>true</enabled>
+ </provider>
+
+ </gateway>
+
+ <service>
+ <role>KNOXSSO</role>
+ <param>
+ <name>knoxsso.cookie.secure.only</name>
+ <value>true</value>
+ </param>
+ <param>
+ <name>knoxsso.cookie.max.age</name>
+ <value>600</value>
+ </param>
+ </service>
+
+ </topology>
+ </value>
+ <description>
+ The configuration specifies the KnoxSSO provider integration, cookie and token management details.
+ </description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
index 817b87d..6f72038 100644
--- a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
+++ b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
@@ -84,6 +84,11 @@ class TestKnoxGateway(RMFTestCase):
owner = 'knox',
content = InlineTemplate(self.getConfig()['configurations']['topology']['content'])
)
+ self.assertResourceCalled('File', '/usr/hdp/current/knox-server/conf/topologies/admin.xml',
+ group='knox',
+ owner = 'knox',
+ content = InlineTemplate(self.getConfig()['configurations']['admin-topology']['content'])
+ )
self.assertResourceCalled('Execute', ('chown',
'-R',
'knox:knox',
@@ -525,6 +530,11 @@ class TestKnoxGateway(RMFTestCase):
owner = 'knox',
content = InlineTemplate(self.getConfig()['configurations']['topology']['content'])
)
+ self.assertResourceCalled('File', '/usr/hdp/current/knox-server/conf/topologies/admin.xml',
+ group='knox',
+ owner = 'knox',
+ content = InlineTemplate(self.getConfig()['configurations']['admin-topology']['content'])
+ )
self.assertResourceCalled('Execute', ('chown',
'-R',
'knox:knox',
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/test/python/stacks/2.2/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/configs/default.json b/ambari-server/src/test/python/stacks/2.2/configs/default.json
index 5a5554e..f759f49 100644
--- a/ambari-server/src/test/python/stacks/2.2/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.2/configs/default.json
@@ -255,6 +255,10 @@
"content": "\n <topology>\n\n <gateway>\n\n <provider>\n <role>authentication</role>\n <name>ShiroProvider</name>\n <enabled>true</enabled>\n <param>\n <name>sessionTimeout</name>\n <value>30</value>\n </param>\n <param>\n <name>main.ldapRealm</name>\n <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>\n </param>\n <param>\n <name>main.ldapRealm.userDnTemplate</name>\n <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>\n </param>\n <param>\n <name>main.ldapRealm.contextFactory.url</name>\n <value>ldap://{{knox_host_name}}:33389</value>\n
</param>\n <param>\n <name>main.ldapRealm.contextFactory.authenticationMechanism</name>\n <value>simple</value>\n </param>\n <param>\n <name>urls./**</name>\n <value>authcBasic</value>\n </param>\n </provider>\n\n <provider>\n <role>identity-assertion</role>\n <name>Default</name>\n <enabled>true</enabled>\n </provider>\n\n </gateway>\n\n <service>\n <role>NAMENODE</role>\n <url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>\n </service>\n\n <service>\n <role>JOBTRACKER</role>\n <url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>\n </service>\n\n <service>\n <role>WEBHDFS</ro
le>\n <url>http://{{namenode_host}}:{{namenode_http_port}}/webhdfs</url>\n </service>\n\n <service>\n <role>WEBHCAT</role>\n <url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>\n </service>\n\n <service>\n <role>OOZIE</role>\n <url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>\n </service>\n\n <service>\n <role>WEBHBASE</role>\n <url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>\n </service>\n\n <service>\n <role>HIVE</role>\n <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>\n </service>\n\n <service>\n <role>RESOURCEMANAGER</role>\n <url>http://{{rm_host}}:{{rm_port}}/ws</url>\n </service>\n </topology>"
},
+ "admin-topology": {
+ "content": "\n <topology>\n\n <gateway>\n\n <provider>\n <role>authentication</role>\n <name>ShiroProvider</name>\n <enabled>true</enabled>\n <param>\n <name>sessionTimeout</name>\n <value>30</value>\n </param>\n <param>\n <name>main.ldapRealm</name>\n <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>\n </param>\n <param>\n <name>main.ldapRealm.userDnTemplate</name>\n <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>\n </param>\n <param>\n <name>main.ldapRealm.contextFactory.url</name>\n <value>ldap://{{knox_host_name}}:33389</value>\n
</param>\n <param>\n <name>main.ldapRealm.contextFactory.authenticationMechanism</name>\n <value>simple</value>\n </param>\n <param>\n <name>urls./**</name>\n <value>authcBasic</value>\n </param>\n </provider>\n\n <provider>\n <role>identity-assertion</role>\n <name>Default</name>\n <enabled>true</enabled>\n </provider>\n\n </gateway>\n\n <service>\n <role>NAMENODE</role>\n <url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>\n </service>\n\n <service>\n <role>JOBTRACKER</role>\n <url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>\n </service>\n\n <service>\n <role>WEBHDFS</ro
le>\n <url>http://{{namenode_host}}:{{namenode_http_port}}/webhdfs</url>\n </service>\n\n <service>\n <role>WEBHCAT</role>\n <url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>\n </service>\n\n <service>\n <role>OOZIE</role>\n <url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>\n </service>\n\n <service>\n <role>WEBHBASE</role>\n <url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>\n </service>\n\n <service>\n <role>HIVE</role>\n <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>\n </service>\n\n <service>\n <role>RESOURCEMANAGER</role>\n <url>http://{{rm_host}}:{{rm_port}}/ws</url>\n </service>\n </topology>"
+ },
+
"ldap-log4j": {
"content": "\n # Licensed to the Apache Software Foundation (ASF) under one\n # or more contributor license agreements. See the NOTICE file\n # distributed with this work for additional information\n # regarding copyright ownership. The ASF licenses this file\n # to you under the Apache License, Version 2.0 (the\n # \"License\"); you may not use this file except in compliance\n # with the License. You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n # Unless required by applicable law or agreed to in writing, software\n # distributed under the License is distributed on an \"AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n # See the License for the specific language governing permissions and\n # limitations under the License.\n #testing\n\n app.log.dir=${launcher.d
ir}/../logs\n app.log.file=${launcher.name}.log\n\n log4j.rootLogger=ERROR, drfa\n log4j.logger.org.apache.directory.server.ldap.LdapServer=INFO\n log4j.logger.org.apache.directory=WARN\n\n log4j.appender.stdout=org.apache.log4j.ConsoleAppender\n log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\n log4j.appender.stdout.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n\n\n log4j.appender.drfa=org.apache.log4j.DailyRollingFileAppender\n log4j.appender.drfa.File=${app.log.dir}/${app.log.file}\n log4j.appender.drfa.DatePattern=.yyyy-MM-dd\n log4j.appender.drfa.layout=org.apache.log4j.PatternLayout\n log4j.appender.drfa.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-web/app/models/stack_service.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/models/stack_service.js b/ambari-web/app/models/stack_service.js
index ce4278e..3d5e795 100644
--- a/ambari-web/app/models/stack_service.js
+++ b/ambari-web/app/models/stack_service.js
@@ -397,7 +397,7 @@ App.StackService.configCategories = function () {
// Add custom section for every configType to all the services
configTypes.forEach(function (type) {
- var configTypesWithNoCustomSection = ['capacity-scheduler','mapred-queue-acls','flume-conf', 'pig-properties','topology','users-ldif'];
+ var configTypesWithNoCustomSection = ['capacity-scheduler','mapred-queue-acls','flume-conf', 'pig-properties','topology','users-ldif', 'admin-topology', 'knoxsso-topology'];
if (type.endsWith('-env') || type.endsWith('-log4j') || configTypesWithNoCustomSection.contains(type)) {
return;
}