You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/09/21 16:01:39 UTC
[3/3] ambari git commit: AMBARI-21919. Kerberos identity references
should use the "reference" attribute (rlevas)
AMBARI-21919. Kerberos identity references should use the "reference" attribute (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2a060210
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2a060210
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2a060210
Branch: refs/heads/trunk
Commit: 2a0602104f719d8dec7cc34f9a10fe885d55a551
Parents: 2e170e4
Author: Robert Levas <rl...@hortonworks.com>
Authored: Thu Sep 21 12:01:15 2017 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu Sep 21 12:01:29 2017 -0400
----------------------------------------------------------------------
.../HDP/2.0.8/services/HDFS/kerberos.json | 12 +-
.../AbstractKerberosDescriptorContainer.java | 9 +-
.../state/kerberos/KerberosDescriptor.java | 2 +-
.../server/upgrade/UpgradeCatalog260.java | 220 +++++++++++++++++--
.../ACCUMULO/1.6.1.2.2.0/kerberos.json | 6 +-
.../AMBARI_INFRA/0.1.0/kerberos.json | 6 +-
.../AMBARI_METRICS/0.1.0/kerberos.json | 6 +-
.../ATLAS/0.1.0.2.3/kerberos.json | 6 +-
.../ATLAS/0.7.0.2.5/kerberos.json | 9 +-
.../ATLAS/0.7.0.3.0/kerberos.json | 9 +-
.../FALCON/0.5.0.2.1/kerberos.json | 12 +-
.../common-services/HAWQ/2.0.0/kerberos.json | 9 +-
.../HBASE/0.96.0.2.0/kerberos.json | 9 +-
.../HBASE/2.0.0.3.0/kerberos.json | 15 +-
.../HDFS/2.1.0.2.0/kerberos.json | 18 +-
.../HDFS/3.0.0.3.0/kerberos.json | 21 +-
.../HIVE/0.12.0.2.0/kerberos.json | 15 +-
.../HIVE/2.1.0.3.0/kerberos.json | 30 ++-
.../KAFKA/0.10.0.3.0/kerberos.json | 9 +-
.../common-services/KAFKA/0.10.0/kerberos.json | 9 +-
.../common-services/KAFKA/0.9.0/kerberos.json | 6 +-
.../KERBEROS/1.10.3-10/kerberos.json | 3 +-
.../KERBEROS/1.10.3-30/kerberos.json | 3 +-
.../KNOX/0.5.0.3.0/kerberos.json | 3 +-
.../LOGSEARCH/0.5.0/kerberos.json | 6 +-
.../MAHOUT/1.0.0.2.3/kerberos.json | 6 +-
.../OOZIE/4.0.0.2.0/kerberos.json | 12 +-
.../OOZIE/4.2.0.2.3/kerberos.json | 12 +-
.../OOZIE/4.2.0.3.0/kerberos.json | 12 +-
.../PIG/0.12.0.2.0/kerberos.json | 3 +-
.../PIG/0.16.1.3.0/kerberos.json | 3 +-
.../common-services/RANGER/0.6.0/kerberos.json | 18 +-
.../RANGER/1.0.0.3.0/kerberos.json | 18 +-
.../RANGER_KMS/0.5.0.2.3/kerberos.json | 6 +-
.../RANGER_KMS/1.0.0.3.0/kerberos.json | 9 +-
.../SLIDER/0.60.0.2.2/kerberos.json | 3 +-
.../SLIDER/0.91.0.3.0/kerberos.json | 3 +-
.../common-services/SPARK/1.2.1/kerberos.json | 6 +-
.../common-services/SPARK/1.4.1/kerberos.json | 12 +-
.../common-services/SPARK/2.2.0/kerberos.json | 3 +-
.../common-services/SPARK2/2.0.0/kerberos.json | 12 +-
.../common-services/STORM/0.9.1/kerberos.json | 9 +-
.../STORM/1.0.1.3.0/kerberos.json | 15 +-
.../common-services/STORM/1.0.1/kerberos.json | 15 +-
.../common-services/STORM/1.1.0/kerberos.json | 15 +-
.../common-services/TEZ/0.4.0.2.1/kerberos.json | 3 +-
.../common-services/TEZ/0.9.0.3.0/kerberos.json | 3 +-
.../YARN/2.1.0.2.0/kerberos.json | 30 ++-
.../YARN/3.0.0.3.0/kerberos.json | 36 ++-
.../ZEPPELIN/0.6.0/kerberos.json | 3 +-
.../ZEPPELIN/0.7.0/kerberos.json | 3 +-
.../ZOOKEEPER/3.4.5/kerberos.json | 3 +-
.../resources/kerberos_descriptor_schema.json | 5 +-
.../stacks/HDP/2.2/services/YARN/kerberos.json | 30 ++-
.../HDP/2.3.ECS/services/ECS/kerberos.json | 3 +-
.../HDP/2.3.ECS/services/HBASE/kerberos.json | 9 +-
.../HDP/2.3.ECS/services/YARN/kerberos.json | 33 ++-
.../services/ACCUMULO/kerberos.json | 27 ++-
.../HDP/2.3/services/ACCUMULO/kerberos.json | 6 +-
.../stacks/HDP/2.3/services/TEZ/kerberos.json | 3 +-
.../stacks/HDP/2.3/services/YARN/kerberos.json | 30 ++-
.../HDP/2.5/services/FALCON/kerberos.json | 15 +-
.../stacks/HDP/2.5/services/HBASE/kerberos.json | 15 +-
.../stacks/HDP/2.5/services/HDFS/kerberos.json | 21 +-
.../stacks/HDP/2.5/services/HIVE/kerberos.json | 30 ++-
.../stacks/HDP/2.5/services/KNOX/kerberos.json | 3 +-
.../HDP/2.5/services/RANGER_KMS/kerberos.json | 9 +-
.../stacks/HDP/2.5/services/SPARK/kerberos.json | 18 +-
.../stacks/HDP/2.5/services/YARN/kerberos.json | 36 ++-
.../HDP/2.5/services/ZEPPELIN/kerberos.json | 3 +-
.../stacks/HDP/2.6/services/ATLAS/kerberos.json | 9 +-
.../stacks/HDP/2.6/services/DRUID/kerberos.json | 24 +-
.../stacks/HDP/2.6/services/HDFS/kerberos.json | 21 +-
.../stacks/HDP/2.6/services/OOZIE/kerberos.json | 12 +-
.../stacks/HDP/2.6/services/SPARK/kerberos.json | 3 +-
.../HDP/2.6/services/SPARK2/kerberos.json | 3 +-
.../HDP/2.6/services/SUPERSET/kerberos.json | 6 +-
.../stacks/HDP/2.6/services/YARN/kerberos.json | 36 ++-
.../HDP/2.6/services/ZEPPELIN/kerberos.json | 3 +-
.../PERF/1.0/services/FAKEHBASE/kerberos.json | 15 +-
.../PERF/1.0/services/FAKEHDFS/kerberos.json | 21 +-
.../PERF/1.0/services/FAKEYARN/kerberos.json | 36 ++-
.../1.0/services/FAKEZOOKEEPER/kerberos.json | 3 +-
.../PERF/1.0/services/GRUMPY/kerberos.json | 12 +-
.../PERF/1.0/services/HAPPY/kerberos.json | 12 +-
.../PERF/1.0/services/KERBEROS/kerberos.json | 3 +-
.../PERF/1.0/services/SLEEPY/kerberos.json | 12 +-
.../stacks/PERF/1.0/services/SNOW/kerberos.json | 12 +-
.../server/upgrade/UpgradeCatalog260Test.java | 163 ++++++++------
.../test_kerberos_descriptor_ranger_kms.json | 1 +
.../HDP/2.0.8/services/HDFS/kerberos.json | 12 +-
.../common-services/NIFI/1.0.0/kerberos.json | 6 +-
.../stacks/HDF/2.0/services/KAFKA/kerberos.json | 6 +-
.../MICROSOFT_R_SERVER/8.0.5/kerberos.json | 6 +-
.../stacks/ODPi/2.0/services/HIVE/kerberos.json | 18 +-
.../stacks/ODPi/2.0/services/YARN/kerberos.json | 30 ++-
96 files changed, 1039 insertions(+), 468 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json b/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
index a555bb5..ecbdfe9 100644
--- a/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
+++ b/ambari-funtest/src/test/resources/stacks/HDP/2.0.8/services/HDFS/kerberos.json
@@ -4,7 +4,8 @@
"name": "HDFS",
"identities": [
{
- "name": "/spnego",
+ "name": "hdfs_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
},
@@ -13,7 +14,8 @@
}
},
{
- "name": "/smokeuser"
+ "name": "hdfs_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "hdfs",
@@ -63,7 +65,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_namenode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal"
}
@@ -128,7 +131,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_secondary_namenode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
index 85d4f69..4255dd1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptorContainer.java
@@ -640,7 +640,7 @@ public abstract class AbstractKerberosDescriptorContainer extends AbstractKerber
* @param path a String declaring the path to a KerberosIdentityDescriptor
* @return a KerberosIdentityDescriptor identified by the path or null if not found
*/
- protected KerberosIdentityDescriptor getReferencedIdentityDescriptor(String path)
+ public KerberosIdentityDescriptor getReferencedIdentityDescriptor(String path)
throws AmbariException {
KerberosIdentityDescriptor identityDescriptor = null;
@@ -855,12 +855,7 @@ public abstract class AbstractKerberosDescriptorContainer extends AbstractKerber
if (identity != null) {
KerberosIdentityDescriptor referencedIdentity;
try {
- if (identity.getReference() != null) {
- referencedIdentity = getReferencedIdentityDescriptor(identity.getReference());
- } else {
- // For backwards compatibility, see if the identity's name indicates a reference...
- referencedIdentity = getReferencedIdentityDescriptor(identity.getName());
- }
+ referencedIdentity = getReferencedIdentityDescriptor(identity.getReference());
} catch (AmbariException e) {
throw new AmbariException(String.format("Invalid Kerberos identity reference: %s", identity.getReference()), e);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
index a1d373b..0c7a9a9 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java
@@ -456,7 +456,7 @@ public class KerberosDescriptor extends AbstractKerberosDescriptorContainer {
private static void collectFromIdentities(String service, String component, Collection<KerberosIdentityDescriptor> identities, Map<String, String> result) {
for (KerberosIdentityDescriptor each : identities) {
- if (each.getPrincipalDescriptor() != null && !each.getReferencedServiceName().isPresent() && !each.getName().startsWith("/")) {
+ if (each.getPrincipalDescriptor() != null && !each.getReferencedServiceName().isPresent()) {
String path = StringUtils.isBlank(component)
? String.format("%s/%s", service, each.getName())
: String.format("%s/%s/%s", service, component, each.getName());
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
index c92b3dc..5003c13 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog260.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -6,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -41,10 +41,13 @@ import org.apache.ambari.server.orm.entities.RepositoryVersionEntity;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
+import org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptor;
+import org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer;
import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory;
import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosPrincipalDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
@@ -541,21 +544,9 @@ public class UpgradeCatalog260 extends AbstractUpgradeCatalog {
if (data != null) {
final KerberosDescriptor kerberosDescriptor = new KerberosDescriptorFactory().createInstance(data);
if (kerberosDescriptor != null) {
- KerberosServiceDescriptor rangerKmsServiceDescriptor = kerberosDescriptor.getService("RANGER_KMS");
- if (rangerKmsServiceDescriptor != null) {
+ fixRangerKMSKerberosDescriptor(kerberosDescriptor);
+ fixIdentityReferences(getCluster(artifactEntity), kerberosDescriptor);
- KerberosIdentityDescriptor rangerKmsServiceIdentity = rangerKmsServiceDescriptor.getIdentity("/smokeuser");
- if (rangerKmsServiceIdentity != null) {
- rangerKmsServiceDescriptor.removeIdentity("/smokeuser");
- }
- KerberosComponentDescriptor rangerKmscomponentDescriptor = rangerKmsServiceDescriptor.getComponent("RANGER_KMS_SERVER");
- if (rangerKmscomponentDescriptor != null) {
- KerberosIdentityDescriptor rangerKmsComponentIdentity = rangerKmscomponentDescriptor.getIdentity("/smokeuser");
- if (rangerKmsComponentIdentity != null) {
- rangerKmscomponentDescriptor.removeIdentity("/smokeuser");
- }
- }
- }
artifactEntity.setArtifactData(kerberosDescriptor.toMap());
artifactDAO.merge(artifactEntity);
}
@@ -563,6 +554,24 @@ public class UpgradeCatalog260 extends AbstractUpgradeCatalog {
}
}
+ protected void fixRangerKMSKerberosDescriptor(KerberosDescriptor kerberosDescriptor) {
+ KerberosServiceDescriptor rangerKmsServiceDescriptor = kerberosDescriptor.getService("RANGER_KMS");
+ if (rangerKmsServiceDescriptor != null) {
+
+ KerberosIdentityDescriptor rangerKmsServiceIdentity = rangerKmsServiceDescriptor.getIdentity("/smokeuser");
+ if (rangerKmsServiceIdentity != null) {
+ rangerKmsServiceDescriptor.removeIdentity("/smokeuser");
+ }
+ KerberosComponentDescriptor rangerKmscomponentDescriptor = rangerKmsServiceDescriptor.getComponent("RANGER_KMS_SERVER");
+ if (rangerKmscomponentDescriptor != null) {
+ KerberosIdentityDescriptor rangerKmsComponentIdentity = rangerKmscomponentDescriptor.getIdentity("/smokeuser");
+ if (rangerKmsComponentIdentity != null) {
+ rangerKmscomponentDescriptor.removeIdentity("/smokeuser");
+ }
+ }
+ }
+ }
+
protected void updateAmsConfigs() throws AmbariException {
AmbariManagementController ambariManagementController = injector.getInstance(AmbariManagementController.class);
Clusters clusters = ambariManagementController.getClusters();
@@ -602,6 +611,181 @@ public class UpgradeCatalog260 extends AbstractUpgradeCatalog {
}
/**
+ * Retrieves the relevant {@link Cluster} given information from the suppliied {@link ArtifactEntity}.
+ * <p>
+ * The cluster id value is taken from the entity's foreign key value and then used to obtain the cluster object.
+ *
+ * @param artifactEntity an {@link ArtifactEntity}
+ * @return a {@link Cluster}
+ */
+ private Cluster getCluster(ArtifactEntity artifactEntity) {
+ if (artifactEntity != null) {
+ Map<String, String> keys = artifactEntity.getForeignKeys();
+ if (keys != null) {
+ String clusterId = keys.get("cluster");
+ if (StringUtils.isNumeric(clusterId)) {
+ Clusters clusters = injector.getInstance(Clusters.class);
+ try {
+ return clusters.getCluster(Long.valueOf(clusterId));
+ } catch (AmbariException e) {
+ LOG.error(String.format("Failed to obtain cluster using cluster id %s - %s", clusterId, e.getMessage()), e);
+ }
+ } else {
+ LOG.error(String.format("Failed to obtain cluster id from artifact entity with foreign keys: %s", keys));
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Recursively traverses the Kerberos descriptor to find and fix the identity references.
+ * <p>
+ * Each found identity descriptor that indicates it is a reference by having a <code>name</code>
+ * value that starts with a "/" or a "./" is fixed by clearing the <code>principal name</code>value,
+ * setting the <code>reference</code> value to the <code>name</code> value and changing the
+ * <code>name</code> value to a name with the following pattern:
+ * <code>SERVICE_COMPONENT_IDENTITY</code>
+ * <p>
+ * For example, if the identity is for the "SERVICE1" service and is a reference to "HDFS/NAMENODE/hdfs";
+ * then the name is set to "<code>service1_hdfs</code>"
+ * <p>
+ * For example, if the identity is for the "COMPONENT21" component of the "SERVICE2" service and is a reference to "HDFS/NAMENODE/hdfs";
+ * then the name is set to "<code>service2_component21_hdfs</code>"
+ * <p>
+ * Once the identity descriptor properties of the identity are fixed, the relevant configuration
+ * value is fixed to match the value if the referenced identity. This may lead to a new version
+ * of the relevant configuration type.
+ *
+ * @param cluster the cluster
+ * @param container the current Kerberos descriptor container
+ * @throws AmbariException if an error occurs
+ */
+ private void fixIdentityReferences(Cluster cluster, AbstractKerberosDescriptorContainer container)
+ throws AmbariException {
+ List<KerberosIdentityDescriptor> identities = container.getIdentities();
+ if (identities != null) {
+ for (KerberosIdentityDescriptor identity : identities) {
+ String name = identity.getName();
+
+ if (!StringUtils.isEmpty(name) && (name.startsWith("/") || name.startsWith("./"))) {
+ String[] parts = name.split("/");
+ String newName = buildName(identity.getParent(), parts[parts.length - 1]);
+
+ identity.setName(newName);
+ identity.setReference(name);
+ }
+
+ String identityReference = identity.getReference();
+ if (!StringUtils.isEmpty(identityReference)) {
+ // If this identity references another identity:
+ // * The principal name needs to be the same as the referenced identity
+ // - ensure that no principal name is being set for this identity
+ // * Any configuration set to contain the reference principal name needs to be fixed to
+ // be the correct principal name
+ KerberosPrincipalDescriptor principal = identity.getPrincipalDescriptor();
+ if (principal != null) {
+ // Fix the value
+ principal.setValue(null);
+
+ // Fix the relative configuration
+ if (!StringUtils.isEmpty(principal.getConfiguration())) {
+ String referencedPrincipalName = getConfiguredPrincipalNameFromReference(cluster, container, identityReference);
+
+ if(!StringUtils.isEmpty(referencedPrincipalName)) {
+ String[] parts = principal.getConfiguration().split("/");
+ if (parts.length == 2) {
+ String type = parts[0];
+ String property = parts[1];
+
+ updateConfigurationPropertiesForCluster(cluster,
+ type,
+ Collections.singletonMap(property, referencedPrincipalName),
+ true,
+ false);
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if (container instanceof KerberosDescriptor) {
+ Map<String, KerberosServiceDescriptor> services = ((KerberosDescriptor) container).getServices();
+ if (services != null) {
+ for (KerberosServiceDescriptor serviceDescriptor : services.values()) {
+ fixIdentityReferences(cluster, serviceDescriptor);
+ }
+ }
+ } else if (container instanceof KerberosServiceDescriptor) {
+ Map<String, KerberosComponentDescriptor> components = ((KerberosServiceDescriptor) container).getComponents();
+ if (components != null) {
+ for (KerberosComponentDescriptor componentDescriptor : components.values()) {
+ fixIdentityReferences(cluster, componentDescriptor);
+ }
+ }
+ }
+ }
+
+ /**
+ * Finds the value of the configuration found for the principal in the referenced identity
+ * descriptor.
+ *
+ * @param cluster the cluster
+ * @param container the current {@link KerberosIdentityDescriptor}, ideally the identity's parent descriptor
+ * @param identityReference the path to the referenced identity
+ * @return the value of the configuration specified in the referenced identity's principal descriptor
+ * @throws AmbariException if an error occurs
+ */
+ private String getConfiguredPrincipalNameFromReference(Cluster cluster,
+ AbstractKerberosDescriptorContainer container,
+ String identityReference)
+ throws AmbariException {
+ KerberosIdentityDescriptor identityDescriptor = container.getReferencedIdentityDescriptor(identityReference);
+
+ if (identityDescriptor != null) {
+ KerberosPrincipalDescriptor principal = identityDescriptor.getPrincipalDescriptor();
+ if ((principal != null) && (!StringUtils.isEmpty(principal.getConfiguration()))) {
+ String[] parts = principal.getConfiguration().split("/");
+ if (parts.length == 2) {
+ String type = parts[0];
+ String property = parts[1];
+
+ Config config = cluster.getDesiredConfigByType(type);
+
+ if (config != null) {
+ return config.getProperties().get(property);
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Builds the name of an identity based on the identity's container and the referenced identity's name.
+ * <p>
+ * The calculated name will be in the following format and converted to all lowercase characters:
+ * <code>SERVICE_COMPONENT_IDENTITY</code>
+ *
+ * @param container the current {@link KerberosIdentityDescriptor}, ideally the identity's parent descriptor
+ * @param identityName the referenced identity's name
+ * @return a name
+ */
+ private String buildName(AbstractKerberosDescriptor container, String identityName) {
+ if (container instanceof KerberosServiceDescriptor) {
+ return container.getName().toLowerCase() + "_" + identityName;
+ } else if (container instanceof KerberosComponentDescriptor) {
+ return container.getParent().getName().toLowerCase() + "_" + container.getName().toLowerCase() + "_" + identityName;
+ } else {
+ return identityName;
+ }
+ }
+
+ /**
* Sets all existing repository versions to be resolved (we have to assume
* that they are good since they've been using them to run stuff).
*
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
index 7e3f449..ed9c0fb 100644
--- a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/kerberos.json
@@ -47,7 +47,8 @@
}
},
{
- "name": "/smokeuser"
+ "name": "accumulo_smokeuser",
+ "reference": "/smokeuser"
}
],
"components": [
@@ -55,7 +56,8 @@
"name": "ACCUMULO_MASTER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "accumulo_accumulo_master_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json
index 94b1b14..46183ee 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "AMBARI_INFRA",
"identities": [
{
- "name": "/smokeuser"
+ "name": "ambari_infra_smokeuser",
+ "reference": "/smokeuser"
},
{
- "name": "/spnego",
+ "name": "ambari_infra_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "infra-solr-env/infra_solr_web_kerberos_principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
index a6afda5..675de45 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "AMBARI_METRICS",
"identities": [
{
- "name": "/spnego"
+ "name": "ambari_metrics_spnego",
+ "reference": "/spnego"
}
],
"components": [
@@ -38,7 +39,8 @@
"name": "METRICS_COLLECTOR",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs",
+ "name": "ambari_metrics_metrics_collector_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs",
"when" : {
"contains" : ["services", "HDFS"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
index 4fe4d32..3246a83 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/kerberos.json
@@ -40,7 +40,8 @@
}
},
{
- "name": "/spnego",
+ "name": "atlas_atlas_server_spnego",
+ "reference": "/spnego",
"principal": {
"value": "HTTP/_HOST@${realm}",
"configuration": "application-properties/atlas.http.authentication.kerberos.principal"
@@ -50,7 +51,8 @@
}
},
{
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "name": "atlas_atlas_server_infra-solr",
+ "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
"when" : {
"contains" : ["services", "AMBARI_INFRA"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
index e136bcf..22dba86 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.2.5/kerberos.json
@@ -66,7 +66,8 @@
}
},
{
- "name": "/spnego",
+ "name": "atlas_atlas_server_spnego",
+ "reference": "/spnego",
"principal": {
"value": "HTTP/_HOST@${realm}",
"configuration": "application-properties/atlas.authentication.method.kerberos.principal"
@@ -86,10 +87,12 @@
}
},
{
- "name": "/KAFKA/KAFKA_BROKER/kafka_broker"
+ "name": "atlas_atlas_server_kafka_broker",
+ "reference": "/KAFKA/KAFKA_BROKER/kafka_broker"
},
{
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "name": "atlas_atlas_server_infra-solr",
+ "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
"when" : {
"contains" : ["services", "AMBARI_INFRA"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.3.0/kerberos.json
index 7d10ccc..6600534 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.7.0.3.0/kerberos.json
@@ -67,7 +67,8 @@
}
},
{
- "name": "/spnego",
+ "name": "atlas_atlas_server_spnego",
+ "reference": "/spnego",
"principal": {
"value": "HTTP/_HOST@${realm}",
"configuration": "application-properties/atlas.authentication.method.kerberos.principal"
@@ -87,10 +88,12 @@
}
},
{
- "name": "/KAFKA/KAFKA_BROKER/kafka_broker"
+ "name": "atlas_atlas_server_kafka_broker",
+ "reference": "/KAFKA/KAFKA_BROKER/kafka_broker"
},
{
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr"
+ "name": "atlas_atlas_server_infra-solr",
+ "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
index 08af720..902d9ae 100644
--- a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/kerberos.json
@@ -4,10 +4,12 @@
"name": "FALCON",
"identities": [
{
- "name": "/spnego"
+ "name": "falcon_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "falcon_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -27,7 +29,8 @@
"name": "FALCON_SERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "falcon_falcon_server_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "falcon_server",
@@ -51,7 +54,8 @@
}
},
{
- "name": "/spnego",
+ "name": "falcon_falcon_server_spnego",
+ "reference": "/spnego",
"principal": {
"value": "HTTP/_HOST@${realm}",
"configuration": "falcon-startup.properties/*.falcon.http.authentication.kerberos.principal"
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
index 4ed6b78..0a0fb99 100644
--- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "HAWQ",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hawq_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "hawq_identity",
@@ -53,7 +54,8 @@
"name": "HAWQMASTER",
"identities": [
{
- "name": "/HAWQ/hawq_identity"
+ "name": "hawq_hawqmaster_hawq_identity",
+ "reference": "/HAWQ/hawq_identity"
}
]
},
@@ -61,7 +63,8 @@
"name": "HAWQSTANDBY",
"identities": [
{
- "name": "/HAWQ/hawq_identity"
+ "name": "hawq_hawqstandby_hawq_identity",
+ "reference": "/HAWQ/hawq_identity"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 63e9298..7988801 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "HBASE",
"identities": [
{
- "name": "/spnego"
+ "name": "hbase_spnego",
+ "reference": "/spnego"
},
{
"name": "hbase",
@@ -28,7 +29,8 @@
}
},
{
- "name": "/smokeuser"
+ "name": "hbase_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -49,7 +51,8 @@
"name": "HBASE_MASTER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hbase_hbase_master_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "hbase_master_hbase",
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/kerberos.json
index 011921b..0b06003 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/2.0.0.3.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "HBASE",
"identities": [
{
- "name": "/spnego"
+ "name": "hbase_spnego",
+ "reference": "/spnego"
},
{
"name": "hbase",
@@ -28,7 +29,8 @@
}
},
{
- "name": "/smokeuser"
+ "name": "hbase_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -60,7 +62,8 @@
"name": "HBASE_MASTER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hbase_hbase_master_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "hbase_master_hbase",
@@ -84,7 +87,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hbase_hbase_master_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal"
},
@@ -129,7 +133,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hbase_hbase_regionserver_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hbase-site/hbase.security.authentication.spnego.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index 1cf1603..1cce2cc 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "HDFS",
"identities": [
{
- "name": "/spnego",
+ "name": "hdfs_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
},
@@ -13,7 +14,8 @@
}
},
{
- "name": "/smokeuser"
+ "name": "hdfs_smokeuser",
+ "reference": "/smokeuser"
}
],
"auth_to_local_properties" : [
@@ -33,7 +35,8 @@
"name": "HDFS_CLIENT",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hdfs_hdfs_client_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
},
@@ -83,7 +86,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_namenode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal"
}
@@ -156,7 +160,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_secondary_namenode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal"
}
@@ -214,7 +219,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_journalnode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json
index b5acf92..f8bdc5c 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "HDFS",
"identities": [
{
- "name": "/spnego",
+ "name": "hdfs_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.web.authentication.kerberos.principal"
},
@@ -13,7 +14,8 @@
}
},
{
- "name": "/smokeuser"
+ "name": "hdfs_smokeuser",
+ "reference": "/smokeuser"
}
],
"auth_to_local_properties" : [
@@ -44,7 +46,8 @@
"name": "HDFS_CLIENT",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hdfs_hdfs_client_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
},
@@ -94,13 +97,15 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_namenode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.namenode.kerberos.internal.spnego.principal"
}
},
{
- "name": "/HDFS/NAMENODE/namenode_nn",
+ "name": "hdfs_namenode_namenode_nn",
+ "reference": "/HDFS/NAMENODE/namenode_nn",
"principal": {
"configuration": "ranger-hdfs-audit/xasecure.audit.jaas.Client.option.principal"
},
@@ -176,7 +181,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_secondary_namenode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal"
}
@@ -234,7 +240,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hdfs_journalnode_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hdfs-site/dfs.journalnode.kerberos.internal.spnego.principal"
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
index c34026a..e25fa03 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "HIVE",
"identities": [
{
- "name": "/spnego"
+ "name": "hive_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "hive_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -49,7 +51,8 @@
"name": "HIVE_SERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hive_hive_server_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "hive_server_hive",
@@ -73,7 +76,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hive_hive_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hive-site/hive.server2.authentication.spnego.principal"
},
@@ -87,7 +91,8 @@
"name": "WEBHCAT_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "hive_webhcat_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "webhcat-site/templeton.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/kerberos.json
index af1130d..5650498 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "HIVE",
"identities": [
{
- "name": "/spnego"
+ "name": "hive_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "hive_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -33,7 +35,8 @@
"name": "HIVE_METASTORE",
"identities": [
{
- "name": "/HIVE/HIVE_SERVER/hive_server_hive",
+ "name": "hive_hive_metastore_hive_server_hive",
+ "reference": "/HIVE/HIVE_SERVER/hive_server_hive",
"principal": {
"configuration": "hive-site/hive.metastore.kerberos.principal"
},
@@ -47,7 +50,8 @@
"name": "HIVE_SERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hive_hive_server_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "hive_server_hive",
@@ -81,7 +85,8 @@
}
},
{
- "name": "/spnego",
+ "name": "hive_hive_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "hive-site/hive.server2.authentication.spnego.principal"
},
@@ -105,16 +110,20 @@
"name": "HIVE_SERVER_INTERACTIVE",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "hive_hive_server_interactive_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
- "name": "/HIVE/HIVE_SERVER/hive_server_hive"
+ "name": "hive_hive_server_interactive_hive_server_hive",
+ "reference": "/HIVE/HIVE_SERVER/hive_server_hive"
},
{
- "name": "/HIVE/HIVE_SERVER/spnego"
+ "name": "hive_hive_server_interactive_spnego",
+ "reference": "/HIVE/HIVE_SERVER/spnego"
},
{
- "name": "/YARN/NODEMANAGER/llap_zk_hive"
+ "name": "hive_hive_server_interactive_llap_zk_hive",
+ "reference": "/YARN/NODEMANAGER/llap_zk_hive"
}
]
},
@@ -122,7 +131,8 @@
"name": "WEBHCAT_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "hive_webhcat_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "webhcat-site/templeton.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json
index b4d0018..2f8d20c 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0.3.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "KAFKA",
"identities": [
{
- "name": "/smokeuser"
+ "name": "kafka_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -57,7 +58,8 @@
}
},
{
- "name": "/KAFKA/KAFKA_BROKER/kafka_broker",
+ "name": "kafka_kafka_broker_kafka_broker",
+ "reference": "/KAFKA/KAFKA_BROKER/kafka_broker",
"principal": {
"configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal"
},
@@ -66,7 +68,8 @@
}
},
{
- "name": "/HDFS/NAMENODE/hdfs",
+ "name": "kafka_kafka_broker_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs",
"when" : {
"contains" : ["services", "HDFS"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json
index b4d0018..2f8d20c 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "KAFKA",
"identities": [
{
- "name": "/smokeuser"
+ "name": "kafka_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -57,7 +58,8 @@
}
},
{
- "name": "/KAFKA/KAFKA_BROKER/kafka_broker",
+ "name": "kafka_kafka_broker_kafka_broker",
+ "reference": "/KAFKA/KAFKA_BROKER/kafka_broker",
"principal": {
"configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal"
},
@@ -66,7 +68,8 @@
}
},
{
- "name": "/HDFS/NAMENODE/hdfs",
+ "name": "kafka_kafka_broker_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs",
"when" : {
"contains" : ["services", "HDFS"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json
index 247a602..7f33abe 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.9.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "KAFKA",
"identities": [
{
- "name": "/smokeuser"
+ "name": "kafka_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -47,7 +48,8 @@
}
},
{
- "name": "/HDFS/NAMENODE/hdfs",
+ "name": "kafka_kafka_broker_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs",
"when" : {
"contains" : ["services", "HDFS"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/kerberos.json b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/kerberos.json
index 6ab7610..e5860cf 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/kerberos.json
@@ -4,7 +4,8 @@
"name": "KERBEROS",
"identities": [
{
- "name": "/smokeuser"
+ "name": "kerberos_smokeuser",
+ "reference": "/smokeuser"
}
],
"components": [
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/kerberos.json b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/kerberos.json
index 6ab7610..e5860cf 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-30/kerberos.json
@@ -4,7 +4,8 @@
"name": "KERBEROS",
"identities": [
{
- "name": "/smokeuser"
+ "name": "kerberos_smokeuser",
+ "reference": "/smokeuser"
}
],
"components": [
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/kerberos.json
index 2d8aa0d..c205d7d 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.3.0/kerberos.json
@@ -29,7 +29,8 @@
}
},
{
- "name": "/KNOX/KNOX_GATEWAY/knox_principal",
+ "name": "knox_knox_gateway_knox_principal",
+ "reference": "/KNOX/KNOX_GATEWAY/knox_principal",
"principal": {
"configuration": "ranger-knox-audit/xasecure.audit.jaas.Client.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
index 9e0f12d..e4be47f 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "LOGSEARCH",
"identities": [
{
- "name": "/smokeuser"
+ "name": "logsearch_smokeuser",
+ "reference": "/smokeuser"
}
],
"components": [
@@ -32,7 +33,8 @@
}
},
{
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "name": "logsearch_logsearch_server_infra-solr",
+ "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
"when" : {
"contains" : ["services", "AMBARI_INFRA"]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
index 1f87a6c..bcbc129 100644
--- a/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/MAHOUT/1.0.0.2.3/kerberos.json
@@ -4,7 +4,8 @@
"name": "MAHOUT",
"identities": [
{
- "name": "/smokeuser"
+ "name": "mahout_smokeuser",
+ "reference": "/smokeuser"
}
],
"components": [
@@ -12,7 +13,8 @@
"name": "MAHOUT",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "mahout_mahout_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
index b3f932b..e9419bb 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "OOZIE",
"identities": [
{
- "name": "/spnego"
+ "name": "oozie_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "oozie_smokeuser",
+ "reference": "/smokeuser"
}
],
"auth_to_local_properties" : [
@@ -28,7 +30,8 @@
"name": "OOZIE_SERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "oozie_oozie_server_hdfs",
+ "reference" : "/HDFS/NAMENODE/hdfs"
},
{
"name": "oozie_server",
@@ -52,7 +55,8 @@
}
},
{
- "name": "/spnego",
+ "name": "oozie_oozie_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "oozie-site/oozie.authentication.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
index d2e2ab8..a322358 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.2.3/kerberos.json
@@ -4,10 +4,12 @@
"name": "OOZIE",
"identities": [
{
- "name": "/spnego"
+ "name": "oozie_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "oozie_smokeuser",
+ "reference": "/smokeuser"
}
],
"auth_to_local_properties" : [
@@ -29,7 +31,8 @@
"name": "OOZIE_SERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "oozie_oozie_server_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "oozie_server",
@@ -53,7 +56,8 @@
}
},
{
- "name": "/spnego",
+ "name": "oozie_oozie_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "oozie-site/oozie.authentication.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/kerberos.json
index f1092f5..ca21770 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "OOZIE",
"identities": [
{
- "name": "/spnego"
+ "name": "oozie_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "oozie_smokeuser",
+ "reference": "/smokeuser"
}
],
"auth_to_local_properties" : [
@@ -30,7 +32,8 @@
"name": "OOZIE_SERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "oozie_oozie_server_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
"name": "oozie_server",
@@ -54,7 +57,8 @@
}
},
{
- "name": "/spnego",
+ "name": "oozie_oozie_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "oozie-site/oozie.authentication.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
index 22dd6cb..4599396 100644
--- a/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/PIG/0.12.0.2.0/kerberos.json
@@ -7,7 +7,8 @@
"name": "PIG",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "pig_pig_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/PIG/0.16.1.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/PIG/0.16.1.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/PIG/0.16.1.3.0/kerberos.json
index 22dd6cb..4599396 100644
--- a/ambari-server/src/main/resources/common-services/PIG/0.16.1.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/PIG/0.16.1.3.0/kerberos.json
@@ -7,7 +7,8 @@
"name": "PIG",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "pig_pig_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
index 1fc8acf..9d86bb4 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "RANGER",
"identities": [
{
- "name": "/spnego"
+ "name": "ranger_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "ranger_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -59,13 +61,15 @@
}
},
{
- "name": "/spnego",
+ "name": "ranger_ranger_admin_spnego",
+ "reference": "/spnego",
"keytab": {
"configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
}
},
{
- "name": "/RANGER/RANGER_ADMIN/rangeradmin",
+ "name": "ranger_ranger_admin_rangeradmin",
+ "reference": "/RANGER/RANGER_ADMIN/rangeradmin",
"principal": {
"configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
},
@@ -74,7 +78,8 @@
}
},
{
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "name": "ranger_ranger_admin_infra-solr",
+ "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
"when" : {
"contains" : ["services", "AMBARI_INFRA"]
}
@@ -124,7 +129,8 @@
}
},
{
- "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
+ "name": "ranger_ranger_tagsync_rangertagsync",
+ "reference": "/RANGER/RANGER_TAGSYNC/rangertagsync",
"principal": {
"configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
index 1fc8acf..9d86bb4 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "RANGER",
"identities": [
{
- "name": "/spnego"
+ "name": "ranger_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "ranger_smokeuser",
+ "reference": "/smokeuser"
}
],
"configurations": [
@@ -59,13 +61,15 @@
}
},
{
- "name": "/spnego",
+ "name": "ranger_ranger_admin_spnego",
+ "reference": "/spnego",
"keytab": {
"configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
}
},
{
- "name": "/RANGER/RANGER_ADMIN/rangeradmin",
+ "name": "ranger_ranger_admin_rangeradmin",
+ "reference": "/RANGER/RANGER_ADMIN/rangeradmin",
"principal": {
"configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
},
@@ -74,7 +78,8 @@
}
},
{
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "name": "ranger_ranger_admin_infra-solr",
+ "reference": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
"when" : {
"contains" : ["services", "AMBARI_INFRA"]
}
@@ -124,7 +129,8 @@
}
},
{
- "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
+ "name": "ranger_ranger_tagsync_rangertagsync",
+ "reference": "/RANGER/RANGER_TAGSYNC/rangertagsync",
"principal": {
"configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/kerberos.json
index 208a04d..9ff5277 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/kerberos.json
@@ -4,7 +4,8 @@
"name": "RANGER_KMS",
"identities": [
{
- "name": "/spnego",
+ "name": "ranger_kms_spnego",
+ "reference": "/spnego",
"keytab": {
"configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
}
@@ -23,7 +24,8 @@
"name": "RANGER_KMS_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "ranger_kms_ranger_kms_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
index 8bf4cd8..1ef4568 100644
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "RANGER_KMS",
"identities": [
{
- "name": "/spnego",
+ "name": "ranger_kms_spnego",
+ "reference": "/spnego",
"keytab": {
"configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
}
@@ -36,7 +37,8 @@
"name": "RANGER_KMS_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "ranger_kms_ranger_kms_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
},
@@ -62,7 +64,8 @@
}
},
{
- "name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
+ "name": "ranger_kms_ranger_kms_server_rangerkms",
+ "reference": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
"principal": {
"configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json b/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
index 0ebeb7d..8f07b42 100644
--- a/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SLIDER/0.60.0.2.2/kerberos.json
@@ -7,7 +7,8 @@
"name": "SLIDER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "slider_slider_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/SLIDER/0.91.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SLIDER/0.91.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/SLIDER/0.91.0.3.0/kerberos.json
index 0ebeb7d..8f07b42 100644
--- a/ambari-server/src/main/resources/common-services/SLIDER/0.91.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SLIDER/0.91.0.3.0/kerberos.json
@@ -7,7 +7,8 @@
"name": "SLIDER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "slider_slider_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json b/ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json
index 96df126..166adbd 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.1/kerberos.json
@@ -4,7 +4,8 @@
"name": "SPARK",
"identities": [
{
- "name": "/smokeuser"
+ "name": "spark_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "sparkuser",
@@ -40,7 +41,8 @@
"name": "SPARK_JOBHISTORYSERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "spark_spark_jobhistoryserver_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json b/ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json
index fb43657..f2dd9e7 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json
@@ -4,7 +4,8 @@
"name": "SPARK",
"identities": [
{
- "name": "/smokeuser"
+ "name": "spark_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "sparkuser",
@@ -46,7 +47,8 @@
"name": "SPARK_JOBHISTORYSERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "spark_spark_jobhistoryserver_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
},
@@ -57,10 +59,12 @@
"name": "SPARK_THRIFTSERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "spark_spark_thriftserver_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
- "name": "/HIVE/HIVE_SERVER/hive_server_hive"
+ "name": "spark_spark_thriftserver_hive_server_hive",
+ "reference": "/HIVE/HIVE_SERVER/hive_server_hive"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
index 9912af1..bf763de 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SPARK/2.2.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "SPARK",
"identities": [
{
- "name": "/smokeuser"
+ "name": "spark_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "sparkuser",
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json
index a787d33..95d735b 100755
--- a/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json
@@ -4,7 +4,8 @@
"name": "SPARK2",
"identities": [
{
- "name": "/smokeuser"
+ "name": "spark2_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "spark2user",
@@ -46,7 +47,8 @@
"name": "SPARK2_JOBHISTORYSERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "spark2_spark2_jobhistoryserver_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
},
@@ -57,10 +59,12 @@
"name": "SPARK2_THRIFTSERVER",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "spark2_spark2_thriftserver_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
},
{
- "name": "/HIVE/HIVE_SERVER/hive_server_hive"
+ "name": "spark2_spark2_thriftserver_hive_server_hive",
+ "reference": "/HIVE/HIVE_SERVER/hive_server_hive"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/STORM/0.9.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/kerberos.json b/ambari-server/src/main/resources/common-services/STORM/0.9.1/kerberos.json
index 692b557..592e4cf 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/kerberos.json
@@ -4,10 +4,12 @@
"name": "STORM",
"identities": [
{
- "name": "/spnego"
+ "name": "storm_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "storm_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "storm_components",
@@ -51,7 +53,8 @@
"name": "STORM_UI_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "storm_storm_ui_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "storm-env/storm_ui_principal_name"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/STORM/1.0.1.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/STORM/1.0.1.3.0/kerberos.json
index a034411..8964c26 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.0.1.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1.3.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "STORM",
"identities": [
{
- "name": "/spnego"
+ "name": "storm_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "storm_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "storm_components",
@@ -30,7 +32,8 @@
}
},
{
- "name": "/STORM/storm_components",
+ "name": "storm_storm_components",
+ "reference": "/STORM/storm_components",
"principal": {
"configuration": "storm-atlas-application.properties/atlas.jaas.KafkaClient.option.principal"
},
@@ -72,7 +75,8 @@
"name": "STORM_UI_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "storm_storm_ui_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "storm-env/storm_ui_principal_name"
},
@@ -106,7 +110,8 @@
}
},
{
- "name": "/STORM/storm_components",
+ "name": "storm_nimbus_storm_components",
+ "reference": "/STORM/storm_components",
"principal": {
"configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json b/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
index a034411..f885500 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/STORM/1.0.1/kerberos.json
@@ -4,10 +4,12 @@
"name": "STORM",
"identities": [
{
- "name": "/spnego"
+ "name": "storm_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "storm_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "storm_components",
@@ -30,7 +32,8 @@
}
},
{
- "name": "/STORM/storm_components",
+ "name": "storm_storm_components",
+ "reference": "/STORM/storm_components",
"principal": {
"configuration": "storm-atlas-application.properties/atlas.jaas.KafkaClient.option.principal"
},
@@ -72,7 +75,8 @@
"name": "STORM_UI_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "storm_storm_ui_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "storm-env/storm_ui_principal_name"
},
@@ -106,7 +110,8 @@
}
},
{
- "name": "/STORM/storm_components",
+ "name": "storm_numbus_storm_components",
+ "reference": "/STORM/storm_components",
"principal": {
"configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/STORM/1.1.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/1.1.0/kerberos.json b/ambari-server/src/main/resources/common-services/STORM/1.1.0/kerberos.json
index a034411..f885500 100644
--- a/ambari-server/src/main/resources/common-services/STORM/1.1.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/STORM/1.1.0/kerberos.json
@@ -4,10 +4,12 @@
"name": "STORM",
"identities": [
{
- "name": "/spnego"
+ "name": "storm_spnego",
+ "reference": "/spnego"
},
{
- "name": "/smokeuser"
+ "name": "storm_smokeuser",
+ "reference": "/smokeuser"
},
{
"name": "storm_components",
@@ -30,7 +32,8 @@
}
},
{
- "name": "/STORM/storm_components",
+ "name": "storm_storm_components",
+ "reference": "/STORM/storm_components",
"principal": {
"configuration": "storm-atlas-application.properties/atlas.jaas.KafkaClient.option.principal"
},
@@ -72,7 +75,8 @@
"name": "STORM_UI_SERVER",
"identities": [
{
- "name": "/spnego",
+ "name": "storm_storm_ui_server_spnego",
+ "reference": "/spnego",
"principal": {
"configuration": "storm-env/storm_ui_principal_name"
},
@@ -106,7 +110,8 @@
}
},
{
- "name": "/STORM/storm_components",
+ "name": "storm_numbus_storm_components",
+ "reference": "/STORM/storm_components",
"principal": {
"configuration": "ranger-storm-audit/xasecure.audit.jaas.Client.option.principal"
},
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json b/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
index 65dcd33..2a14a65 100644
--- a/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/TEZ/0.4.0.2.1/kerberos.json
@@ -7,7 +7,8 @@
"name": "TEZ_CLIENT",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "tez_tez_client_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
]
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/2a060210/ambari-server/src/main/resources/common-services/TEZ/0.9.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/TEZ/0.9.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/TEZ/0.9.0.3.0/kerberos.json
index 00c8ac5..6be8292 100644
--- a/ambari-server/src/main/resources/common-services/TEZ/0.9.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/TEZ/0.9.0.3.0/kerberos.json
@@ -7,7 +7,8 @@
"name": "TEZ_CLIENT",
"identities": [
{
- "name": "/HDFS/NAMENODE/hdfs"
+ "name": "tez_tez_client_hdfs",
+ "reference": "/HDFS/NAMENODE/hdfs"
}
],
"configurations": [