You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2017/04/01 07:07:47 UTC
[03/17] ambari git commit: AMBARI-20586. Add (optional) master_kdcs
to kerberos-env and generated krb5.conf file (Balazs Bence Sari via
adoroszlai)
AMBARI-20586. Add (optional) master_kdcs to kerberos-env and generated krb5.conf file (Balazs Bence Sari via adoroszlai)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c17979cb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c17979cb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c17979cb
Branch: refs/heads/branch-3.0-perf
Commit: c17979cb734779f0a8511e5c852399f56cbcfa97
Parents: 00f269b
Author: Balazs Bence Sari <bs...@hortonworks.com>
Authored: Fri Mar 31 19:53:10 2017 +0200
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Sat Apr 1 10:07:36 2017 +0300
----------------------------------------------------------------------
.../BlueprintConfigurationProcessor.java | 1 +
.../1.10.3-10/configuration/kerberos-env.xml | 15 +++++
.../1.10.3-10/configuration/krb5-conf.xml | 43 ++------------
.../package/scripts/kerberos_common.py | 5 +-
.../1.10.3-10/package/scripts/params.py | 2 +
.../1.10.3-10/package/templates/krb5_conf.j2 | 54 ------------------
.../KERBEROS/1.10.3-10/properties/krb5_conf.j2 | 60 ++++++++++++++++++++
.../KERBEROS/configuration/kerberos-env.xml | 15 +++++
.../KERBEROS/configuration/krb5-conf.xml | 43 ++------------
.../KERBEROS/package/scripts/kerberos_common.py | 5 +-
.../services/KERBEROS/package/scripts/params.py | 2 +
.../KERBEROS/package/templates/krb5_conf.j2 | 54 ------------------
.../services/KERBEROS/properties/krb5_conf.j2 | 60 ++++++++++++++++++++
.../BlueprintConfigurationProcessorTest.java | 5 +-
.../stacks/2.2/KERBEROS/test_kerberos_client.py | 4 +-
.../python/stacks/2.2/KERBEROS/use_cases.py | 5 +-
16 files changed, 174 insertions(+), 199 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
index e5927d6..db1aa07 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessor.java
@@ -160,6 +160,7 @@ public class BlueprintConfigurationProcessor {
new SimplePropertyNameExportFilter("tez.tez-ui.history-url.base", "tez-site"),
new SimplePropertyNameExportFilter("admin_server_host", "kerberos-env"),
new SimplePropertyNameExportFilter("kdc_hosts", "kerberos-env"),
+ new SimplePropertyNameExportFilter("master_kdc", "kerberos-env"),
new SimplePropertyNameExportFilter("realm", "kerberos-env"),
new SimplePropertyNameExportFilter("kdc_type", "kerberos-env"),
new SimplePropertyNameExportFilter("ldap-url", "kerberos-env"),
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
index 965ee13..e07e28e 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml
@@ -147,6 +147,21 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
+ <name>master_kdc</name>
+ <description>
+ The IP address or FQDN of the master KDC host in a master-slave KDC deployment.
+ Optionally a port number may be included.
+ Example: kdc1.example.com:88
+ </description>
+ <display-name>Master KDC host</display-name>
+ <value/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
<name>admin_server_host</name>
<display-name>Kadmin host</display-name>
<description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
index c692b92..1963e2c 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/krb5-conf.xml
@@ -61,48 +61,13 @@
<name>content</name>
<display-name>krb5-conf template</display-name>
<description>Customizable krb5.conf template (Jinja template engine)</description>
- <value>
-[libdefaults]
- renew_lifetime = 7d
- forwardable = true
- default_realm = {{realm}}
- ticket_lifetime = 24h
- dns_lookup_realm = false
- dns_lookup_kdc = false
- default_ccache_name = /tmp/krb5cc_%{uid}
- #default_tgs_enctypes = {{encryption_types}}
- #default_tkt_enctypes = {{encryption_types}}
-{% if domains %}
-[domain_realm]
-{%- for domain in domains.split(',') %}
- {{domain|trim()}} = {{realm}}
-{%- endfor %}
-{% endif %}
-[logging]
- default = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- kdc = FILE:/var/log/krb5kdc.log
-
-[realms]
- {{realm}} = {
-{%- if kdc_hosts > 0 -%}
-{%- set kdc_host_list = kdc_hosts.split(',') -%}
-{%- if kdc_host_list and kdc_host_list|length > 0 %}
- admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}}
-{%- if kdc_host_list -%}
-{% for kdc_host in kdc_host_list %}
- kdc = {{kdc_host|trim()}}
-{%- endfor -%}
-{% endif %}
-{%- endif %}
-{%- endif %}
- }
-
-{# Append additional realm declarations below #}
- </value>
+ <property-type>VALUE_FROM_PROPERTY_FILE</property-type>
+ <value/>
<value-attributes>
<type>content</type>
<overridable>false</overridable>
+ <property-file-name>krb5_conf.j2</property-file-name>
+ <property-file-type>text</property-file-type>
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
index 8cb1f0c..fcd57af 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
@@ -116,10 +116,7 @@ class KerberosScript(Script):
mode=0755
)
- if (params.krb5_conf_template is None) or not params.krb5_conf_template.strip():
- content = Template('krb5_conf.j2')
- else:
- content = InlineTemplate(params.krb5_conf_template)
+ content = InlineTemplate(params.krb5_conf_template)
File(params.krb5_conf_path,
content=content,
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
index 57f062a..0f2acca 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/params.py
@@ -104,6 +104,7 @@ if config is not None:
realm = 'EXAMPLE.COM'
domains = ''
kdc_hosts = 'localhost'
+ master_kdc = None
admin_server_host = None
admin_principal = None
admin_password = None
@@ -125,6 +126,7 @@ if config is not None:
encryption_types = get_property_value(kerberos_env, "encryption_types", None, True, None)
realm = get_property_value(kerberos_env, "realm", None, True, None)
kdc_hosts = get_property_value(kerberos_env, 'kdc_hosts', kdc_hosts)
+ master_kdc = get_property_value(kerberos_env, 'master_kdc')
admin_server_host = get_property_value(kerberos_env, 'admin_server_host', admin_server_host)
if krb5_conf_data is not None:
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2 b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
deleted file mode 100644
index 0191953..0000000
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/templates/krb5_conf.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-[libdefaults]
- renew_lifetime = 7d
- forwardable = true
- default_realm = {{realm}}
- ticket_lifetime = 24h
- dns_lookup_realm = false
- dns_lookup_kdc = false
- default_ccache_name = /tmp/krb5cc_%{uid}
- #default_tgs_enctypes = {{encryption_types}}
- #default_tkt_enctypes = {{encryption_types}}
-{% if domains %}
-[domain_realm]
-{%- for domain in domains.split(',') %}
- {{domain|trim()}} = {{realm}}
-{%- endfor %}
-{% endif %}
-[logging]
- default = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- kdc = FILE:/var/log/krb5kdc.log
-
-[realms]
- {{realm}} = {
-{%- if kdc_hosts > 0 -%}
-{%- set kdc_host_list = kdc_hosts.split(',') -%}
-{%- if kdc_host_list and kdc_host_list|length > 0 %}
- admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}}
-{%- if kdc_host_list -%}
-{% for kdc_host in kdc_host_list %}
- kdc = {{kdc_host|trim()}}
-{%- endfor -%}
-{% endif %}
-{%- endif %}
-{%- endif %}
- }
-
-{# Append additional realm declarations below #}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2 b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2
new file mode 100644
index 0000000..612751b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/properties/krb5_conf.j2
@@ -0,0 +1,60 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+[libdefaults]
+ renew_lifetime = 7d
+ forwardable = true
+ default_realm = {{realm}}
+ ticket_lifetime = 24h
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ default_ccache_name = /tmp/krb5cc_%{uid}
+ #default_tgs_enctypes = {{encryption_types}}
+ #default_tkt_enctypes = {{encryption_types}}
+{% if domains %}
+[domain_realm]
+{%- for domain in domains.split(',') %}
+ {{domain|trim()}} = {{realm}}
+{%- endfor %}
+{% endif %}
+[logging]
+ default = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+ kdc = FILE:/var/log/krb5kdc.log
+
+[realms]
+ {{realm}} = {
+{%- if master_kdc %}
+ master_kdc = {{master_kdc|trim()}}
+{%- endif -%}
+{%- if kdc_hosts > 0 -%}
+{%- set kdc_host_list = kdc_hosts.split(',') -%}
+{%- if kdc_host_list and kdc_host_list|length > 0 %}
+ admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}}
+{%- if kdc_host_list -%}
+{%- if master_kdc and (master_kdc not in kdc_host_list) %}
+ kdc = {{master_kdc|trim()}}
+{%- endif -%}
+{% for kdc_host in kdc_host_list %}
+ kdc = {{kdc_host|trim()}}
+{%- endfor -%}
+{% endif %}
+{%- endif %}
+{%- endif %}
+ }
+
+{# Append additional realm declarations below #}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml
index 7016437..66e81db 100644
--- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml
+++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/kerberos-env.xml
@@ -147,6 +147,21 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
+ <name>master_kdc</name>
+ <description>
+ The IP address or FQDN of the master KDC host in a master-slave KDC deployment.
+ Optionally a port number may be included.
+ Example: kdc1.example.com:88
+ </description>
+ <display-name>Master KDC host</display-name>
+ <value/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
<name>admin_server_host</name>
<display-name>Kadmin host</display-name>
<description>
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml
index c692b92..1963e2c 100644
--- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml
+++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/configuration/krb5-conf.xml
@@ -61,48 +61,13 @@
<name>content</name>
<display-name>krb5-conf template</display-name>
<description>Customizable krb5.conf template (Jinja template engine)</description>
- <value>
-[libdefaults]
- renew_lifetime = 7d
- forwardable = true
- default_realm = {{realm}}
- ticket_lifetime = 24h
- dns_lookup_realm = false
- dns_lookup_kdc = false
- default_ccache_name = /tmp/krb5cc_%{uid}
- #default_tgs_enctypes = {{encryption_types}}
- #default_tkt_enctypes = {{encryption_types}}
-{% if domains %}
-[domain_realm]
-{%- for domain in domains.split(',') %}
- {{domain|trim()}} = {{realm}}
-{%- endfor %}
-{% endif %}
-[logging]
- default = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- kdc = FILE:/var/log/krb5kdc.log
-
-[realms]
- {{realm}} = {
-{%- if kdc_hosts > 0 -%}
-{%- set kdc_host_list = kdc_hosts.split(',') -%}
-{%- if kdc_host_list and kdc_host_list|length > 0 %}
- admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}}
-{%- if kdc_host_list -%}
-{% for kdc_host in kdc_host_list %}
- kdc = {{kdc_host|trim()}}
-{%- endfor -%}
-{% endif %}
-{%- endif %}
-{%- endif %}
- }
-
-{# Append additional realm declarations below #}
- </value>
+ <property-type>VALUE_FROM_PROPERTY_FILE</property-type>
+ <value/>
<value-attributes>
<type>content</type>
<overridable>false</overridable>
+ <property-file-name>krb5_conf.j2</property-file-name>
+ <property-file-type>text</property-file-type>
</value-attributes>
<on-ambari-upgrade add="true"/>
</property>
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py
index 70c81e7..abf58ee 100644
--- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py
+++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_common.py
@@ -110,10 +110,7 @@ class KerberosScript(Script):
mode=0755
)
- if (params.krb5_conf_template is None) or not params.krb5_conf_template.strip():
- content = Template('krb5_conf.j2')
- else:
- content = InlineTemplate(params.krb5_conf_template)
+ content = InlineTemplate(params.krb5_conf_template)
File(params.krb5_conf_path,
content=content,
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py
index 3533b35..4eb5b02 100644
--- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py
+++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/params.py
@@ -101,6 +101,7 @@ if config is not None:
realm = 'EXAMPLE.COM'
domains = ''
kdc_hosts = 'localhost'
+ master_kdc = None
admin_server_host = None
admin_principal = None
admin_password = None
@@ -122,6 +123,7 @@ if config is not None:
encryption_types = get_property_value(kerberos_env, "encryption_types", None, True, None)
realm = get_property_value(kerberos_env, "realm", None, True, None)
kdc_hosts = get_property_value(kerberos_env, 'kdc_hosts', kdc_hosts)
+ master_kdc = get_property_value(kerberos_env, 'master_kdc')
admin_server_host = get_property_value(kerberos_env, 'admin_server_host', admin_server_host)
if krb5_conf_data is not None:
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2 b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2
deleted file mode 100644
index 0191953..0000000
--- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/templates/krb5_conf.j2
+++ /dev/null
@@ -1,54 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-[libdefaults]
- renew_lifetime = 7d
- forwardable = true
- default_realm = {{realm}}
- ticket_lifetime = 24h
- dns_lookup_realm = false
- dns_lookup_kdc = false
- default_ccache_name = /tmp/krb5cc_%{uid}
- #default_tgs_enctypes = {{encryption_types}}
- #default_tkt_enctypes = {{encryption_types}}
-{% if domains %}
-[domain_realm]
-{%- for domain in domains.split(',') %}
- {{domain|trim()}} = {{realm}}
-{%- endfor %}
-{% endif %}
-[logging]
- default = FILE:/var/log/krb5kdc.log
- admin_server = FILE:/var/log/kadmind.log
- kdc = FILE:/var/log/krb5kdc.log
-
-[realms]
- {{realm}} = {
-{%- if kdc_hosts > 0 -%}
-{%- set kdc_host_list = kdc_hosts.split(',') -%}
-{%- if kdc_host_list and kdc_host_list|length > 0 %}
- admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}}
-{%- if kdc_host_list -%}
-{% for kdc_host in kdc_host_list %}
- kdc = {{kdc_host|trim()}}
-{%- endfor -%}
-{% endif %}
-{%- endif %}
-{%- endif %}
- }
-
-{# Append additional realm declarations below #}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2 b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2
new file mode 100644
index 0000000..612751b
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/properties/krb5_conf.j2
@@ -0,0 +1,60 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+[libdefaults]
+ renew_lifetime = 7d
+ forwardable = true
+ default_realm = {{realm}}
+ ticket_lifetime = 24h
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ default_ccache_name = /tmp/krb5cc_%{uid}
+ #default_tgs_enctypes = {{encryption_types}}
+ #default_tkt_enctypes = {{encryption_types}}
+{% if domains %}
+[domain_realm]
+{%- for domain in domains.split(',') %}
+ {{domain|trim()}} = {{realm}}
+{%- endfor %}
+{% endif %}
+[logging]
+ default = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+ kdc = FILE:/var/log/krb5kdc.log
+
+[realms]
+ {{realm}} = {
+{%- if master_kdc %}
+ master_kdc = {{master_kdc|trim()}}
+{%- endif -%}
+{%- if kdc_hosts > 0 -%}
+{%- set kdc_host_list = kdc_hosts.split(',') -%}
+{%- if kdc_host_list and kdc_host_list|length > 0 %}
+ admin_server = {{admin_server_host|default(kdc_host_list[0]|trim(), True)}}
+{%- if kdc_host_list -%}
+{%- if master_kdc and (master_kdc not in kdc_host_list) %}
+ kdc = {{master_kdc|trim()}}
+{%- endif -%}
+{% for kdc_host in kdc_host_list %}
+ kdc = {{kdc_host|trim()}}
+{%- endfor -%}
+{% endif %}
+{%- endif %}
+{%- endif %}
+ }
+
+{# Append additional realm declarations below #}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
index 54d4fcc..dba4043 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/BlueprintConfigurationProcessorTest.java
@@ -894,7 +894,8 @@ public class BlueprintConfigurationProcessorTest {
// simulate the case of a Kerberized cluster, including config
// added by the Kerberos service
kerberosEnvProperties.put("admin_server_host", expectedHostName);
- kerberosEnvProperties.put("kdc_hosts", expectedHostName);
+ kerberosEnvProperties.put("kdc_hosts", expectedHostName + ",secondary.kdc.org");
+ kerberosEnvProperties.put("master_kdc", expectedHostName);
coreSiteProperties.put("hadoop.proxyuser.yarn.hosts", expectedHostName);
Configuration clusterConfig = new Configuration(configProperties,
@@ -923,6 +924,8 @@ public class BlueprintConfigurationProcessorTest {
kerberosEnvProperties.containsKey("admin_server_host"));
assertFalse("kdc_hosts should not be present in exported blueprint in kerberos-env",
kerberosEnvProperties.containsKey("kdc_hosts"));
+ assertFalse("master_kdc should not be present in exported blueprint in kerberos-env",
+ kerberosEnvProperties.containsKey("master_kdc"));
assertEquals("hadoop.proxyuser.yarn.hosts was not exported correctly",
createExportedHostName("host_group_1"), coreSiteProperties.get("hadoop.proxyuser.yarn.hosts"));
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py
index 6727b2f..f638845 100644
--- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py
+++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py
@@ -32,7 +32,7 @@ class TestKerberosClient(RMFTestCase):
STACK_VERSION = "2.2"
def test_configure_managed_kdc(self):
- json_data = use_cases.get_manged_kdc_use_case()
+ json_data = use_cases.get_managed_kdc_use_case()
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/kerberos_client.py",
classname="KerberosClient",
@@ -52,7 +52,7 @@ class TestKerberosClient(RMFTestCase):
"/" +
use_cases.get_krb5_conf_file(json_data))
self.assertResourceCalled('File', file_path,
- content=Template('krb5_conf.j2'),
+ content=InlineTemplate(use_cases.get_krb5_conf_template(json_data)),
owner='root',
group='root',
mode=0644)
http://git-wip-us.apache.org/repos/asf/ambari/blob/c17979cb/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py b/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py
index 17d9f88..08a6be8 100644
--- a/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py
+++ b/ambari-server/src/test/python/stacks/2.2/KERBEROS/use_cases.py
@@ -74,7 +74,7 @@ kdc_conf_template = \
kadm5_acl_template = '*/admin@{{realm}} *'
-def get_manged_kdc_use_case():
+def get_managed_kdc_use_case():
config_file = "stacks/2.2/configs/default.json"
with open(config_file, "r") as f:
json_data = json.load(f)
@@ -88,7 +88,8 @@ def get_manged_kdc_use_case():
json_data['configurations']['krb5-conf'] = {
'realm': 'MANAGED_REALM.COM',
'admin_principal': "admin/admin",
- 'admin_password': "hadoop"
+ 'admin_password': "hadoop",
+ 'content': krb5_conf_template
}
return json_data