You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2015/01/16 00:18:00 UTC
accumulo git commit: ACCUMULO-3482 Update bootstrap_config.sh for
kerberos
Repository: accumulo
Updated Branches:
refs/heads/master fb7540629 -> a4274f9bf
ACCUMULO-3482 Update bootstrap_config.sh for kerberos
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/a4274f9b
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/a4274f9b
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/a4274f9b
Branch: refs/heads/master
Commit: a4274f9bf729eff5242f4bf51f0221758b24f8b1
Parents: fb75406
Author: Josh Elser <el...@apache.org>
Authored: Thu Jan 15 18:15:43 2015 -0500
Committer: Josh Elser <el...@apache.org>
Committed: Thu Jan 15 18:17:45 2015 -0500
----------------------------------------------------------------------
assemble/bin/bootstrap_config.sh | 33 ++++++++++++++++++++--
assemble/conf/templates/accumulo-site.xml | 39 +++++++++++++++++++++++++-
2 files changed, 69 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/a4274f9b/assemble/bin/bootstrap_config.sh
----------------------------------------------------------------------
diff --git a/assemble/bin/bootstrap_config.sh b/assemble/bin/bootstrap_config.sh
index c6257cf..5268272 100755
--- a/assemble/bin/bootstrap_config.sh
+++ b/assemble/bin/bootstrap_config.sh
@@ -25,6 +25,7 @@ where options include (long options not available on all platforms):
-j, --jvm Configure to use the jvm
-o, --overwrite Overwrite the default config directory
-v, --version Specify the Apache Hadoop version supported versions: '1' '2'
+ -k, --kerberos Configure for use with Kerberos
-h, --help Print this help message
EOF
}
@@ -54,12 +55,13 @@ TYPE=
HADOOP_VERSION=
OVERWRITE="0"
BASE_DIR=
+KERBEROS=
#Execute getopt
if [[ $(uname -s) == "Linux" ]]; then
- args=$(getopt -o "b:d:s:njov:h" -l "basedir:,dir:,size:,native,jvm,overwrite,version:,help" -q -- "$@")
+ args=$(getopt -o "b:d:s:njokv:h" -l "basedir:,dir:,size:,native,jvm,overwrite,kerberos,version:,help" -q -- "$@")
else # Darwin, BSD
- args=$(getopt b:d:s:njov:h $*)
+ args=$(getopt b:d:s:njokv:h $*)
fi
#Bad arguments
@@ -93,6 +95,9 @@ do
-v|--version)
HADOOP_VERSION=$2; shift
shift;;
+ -k|--kerberos)
+ KERBEROS="true"
+ shift;;
-h|--help)
usage
exit 0
@@ -250,6 +255,15 @@ elif [[ "${HADOOP_VERSION}" != "2" && "${HADOOP_VERSION}" != "HDP2" && "${HADOOP
exit 1
fi
+TRACE_USER="root"
+
+if [[ ! -z "${KERBEROS}" ]]; then
+ echo
+ read -p "Enter server's Kerberos principal: " PRINCIPAL
+ read -p "Enter server's Kerberos keytab: " KEYTAB
+ TRACE_USER="${PRINCIPAL}"
+fi
+
for var in SIZE TYPE HADOOP_VERSION; do
if [[ -z ${!var} ]]; then
echo "Invalid $var configuration"
@@ -292,8 +306,23 @@ sed -e "s/\${memMapMax}/${!MEMORY_MAP_MAX}/" \
-e "s/\${cacheIndexSize}/${!CACHE_INDEX_SIZE}/" \
-e "s/\${sortBufferSize}/${!SORT_BUFFER_SIZE}/" \
-e "s/\${waLogMaxSize}/${!WAL_MAX_SIZE}/" \
+ -e "s=\${traceUser}=${TRACE_USER}=" \
-e "s=\${mvnProjBaseDir}=${MAVEN_PROJ_BASEDIR}=" ${TEMPLATE_CONF_DIR}/$ACCUMULO_SITE > ${CONF_DIR}/$ACCUMULO_SITE
+# If we're not using kerberos, filter out the krb properties
+if [[ -z "${KERBEROS}" ]]; then
+ sed -e 's/<!-- Kerberos requirements -->/<!-- Kerberos requirements --><!--/' \
+ -e 's/<!-- End Kerberos requirements -->/--><!-- End Kerberos requirements -->/' \
+ "${CONF_DIR}/$ACCUMULO_SITE" > temp
+ mv temp "${CONF_DIR}/$ACCUMULO_SITE"
+else
+ # Make the substitutions
+ sed -e "s!\${keytab}!${KEYTAB}!" \
+ -e "s!\${principal}!${PRINCIPAL}!" \
+ ${CONF_DIR}/${ACCUMULO_SITE} > temp
+ mv temp ${CONF_DIR}/${ACCUMULO_SITE}
+fi
+
#Configure for hadoop 1
if [[ "${HADOOP_VERSION}" == "2" ]]; then
sed -e 's/<!-- HDP 2.0 requirements -->/<!-- HDP 2.0 requirements --><!--/' \
http://git-wip-us.apache.org/repos/asf/accumulo/blob/a4274f9b/assemble/conf/templates/accumulo-site.xml
----------------------------------------------------------------------
diff --git a/assemble/conf/templates/accumulo-site.xml b/assemble/conf/templates/accumulo-site.xml
index ab8fb03..def9fa0 100644
--- a/assemble/conf/templates/accumulo-site.xml
+++ b/assemble/conf/templates/accumulo-site.xml
@@ -72,9 +72,46 @@
<value>secret</value>
</property>
+ <!-- Kerberos requirements -->
+ <property>
+ <name>instance.rpc.sasl.enabled</name>
+ <value>true</value>
+ </property>
+
+ <property>
+ <name>general.kerberos.keytab</name>
+ <value>${keytab}</value>
+ </property>
+
+ <property>
+ <name>general.kerberos.principal</name>
+ <value>${principal}</value>
+ </property>
+
+ <property>
+ <name>trace.token.type</name>
+ <value>org.apache.accumulo.core.client.security.tokens.KerberosToken</value>
+ </property>
+
+ <property>
+ <name>instance.security.authenticator</name>
+ <value>org.apache.accumulo.server.security.handler.KerberosAuthenticator</value>
+ </property>
+
+ <property>
+ <name>instance.security.authorizor</name>
+ <value>org.apache.accumulo.server.security.handler.KerberosAuthorizor</value>
+ </property>
+
+ <property>
+ <name>instance.security.permissionHandler</name>
+ <value>org.apache.accumulo.server.security.handler.KerberosPermissionHandler</value>
+ </property>
+ <!-- End Kerberos requirements -->
+
<property>
<name>trace.user</name>
- <value>root</value>
+ <value>${traceUser}</value>
</property>
<property>