You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by dm...@apache.org on 2015/12/14 14:48:20 UTC
[1/2] ambari git commit: AMBARI-14364. Express Upgrade: Knox gateway
restart failed during EU from 2.2.9 to 2.3.2 with customized service user
accounts (dgrinenko via dlysnichenko)
Repository: ambari
Updated Branches:
refs/heads/branch-2.2 0ee5b323c -> 57c9b34a0
refs/heads/trunk 9a22519f4 -> 77cf8477b
AMBARI-14364. Express Upgrade: Knox gateway restart failed during EU from 2.2.9 to 2.3.2 with customized service user accounts (dgrinenko via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/77cf8477
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/77cf8477
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/77cf8477
Branch: refs/heads/trunk
Commit: 77cf8477b049113925a91a7b62842afb88765454
Parents: 9a22519
Author: Lisnichenko Dmitro <dl...@hortonworks.com>
Authored: Mon Dec 14 15:47:10 2015 +0200
Committer: Lisnichenko Dmitro <dl...@hortonworks.com>
Committed: Mon Dec 14 15:48:08 2015 +0200
----------------------------------------------------------------------
.../KNOX/0.5.0.2.2/package/scripts/knox.py | 35 ++++++++++++++++++++
.../0.5.0.2.2/package/scripts/knox_gateway.py | 14 +++++---
.../0.5.0.2.2/package/scripts/params_linux.py | 2 --
.../python/stacks/2.2/KNOX/test_knox_gateway.py | 10 ++++++
4 files changed, 55 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/77cf8477/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
index 7a9b1ab..806cec8 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
@@ -163,3 +163,38 @@ def knox():
not_if=cert_store_exist,
)
+
+@OsFamilyFuncImpl(os_family=OSConst.WINSRV_FAMILY)
+def update_knox_folder_permissions():
+ import params
+ Directory(params.knox_logs_dir,
+ owner = params.knox_user,
+ group = params.knox_group
+ )
+
+
+@OsFamilyFuncImpl(os_family=OsFamilyImpl.DEFAULT)
+def update_knox_logfolder_permissions():
+ """
+ Fix for the bug with rpm/deb packages. During installation of the package, they re-apply permissions to the
+ folders below; such behaviour will affect installations with non-standard user name/group and will put
+ cluster in non-working state
+ """
+ import params
+ knox_dirs = [params.knox_logs_dir]
+
+ Directory(params.knox_logs_dir,
+ owner = params.knox_user,
+ group = params.knox_group,
+ recursive = True,
+ cd_access = "a",
+ mode = 0755,
+ )
+
+ for d in knox_dirs:
+ if len(d) > 1: # If path is empty or a single slash, may corrupt filesystem permissions
+ Execute(('chown', '-R', format("{knox_user}:{knox_group}"), d),
+ sudo=True
+ )
+ else:
+ Logger.warning("Permissions for the Knox folder \"%s\" was not updated due to empty path passed" % d)
http://git-wip-us.apache.org/repos/asf/ambari/blob/77cf8477/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
index 8d6d7d8..4285c6e 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
@@ -43,10 +43,11 @@ if OSCheck.is_windows_family():
from resource_management.libraries.functions.windows_service_utils import check_windows_service_status
import upgrade
-from knox import knox
+from knox import knox, update_knox_logfolder_permissions
from knox_ldap import ldap
from setup_ranger_knox import setup_ranger_knox
+
class KnoxGateway(Script):
def get_stack_to_component(self):
return {"HDP": "knox-server"}
@@ -60,7 +61,7 @@ class KnoxGateway(Script):
action = "delete",
)
- def configure(self, env):
+ def configure(self, env, upgrade_type=None):
import params
env.set_params(params)
knox()
@@ -75,14 +76,14 @@ class KnoxGateway(Script):
@OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY)
class KnoxGatewayWindows(KnoxGateway):
- def start(self, env):
+ def start(self, env, upgrade_type=None):
import params
env.set_params(params)
self.configure(env)
# setup_ranger_knox(env)
Service(params.knox_gateway_win_service_name, action="start")
- def stop(self, env):
+ def stop(self, env, upgrade_type=None):
import params
env.set_params(params)
Service(params.knox_gateway_win_service_name, action="stop")
@@ -154,6 +155,8 @@ class KnoxGatewayDefault(KnoxGateway):
to = params.knox_pid_dir,
)
+ update_knox_logfolder_permissions()
+
Execute(daemon_cmd,
user=params.knox_user,
environment={'JAVA_HOME': params.java_home},
@@ -164,6 +167,9 @@ class KnoxGatewayDefault(KnoxGateway):
import params
env.set_params(params)
daemon_cmd = format('{knox_bin} stop')
+
+ update_knox_logfolder_permissions()
+
Execute(daemon_cmd,
environment={'JAVA_HOME': params.java_home},
user=params.knox_user,
http://git-wip-us.apache.org/repos/asf/ambari/blob/77cf8477/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
index c327c42..0ff329d 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
@@ -69,8 +69,6 @@ if stack_name and stack_name.upper() == "HDP":
Logger.info(format("Detected HDP with stack version {version}, will use knox_data_dir = {knox_data_dir}"))
-knox_logs_dir = '/var/log/knox'
-
knox_master_secret_path = format('{knox_data_dir}/security/master')
knox_cert_store_path = format('{knox_data_dir}/security/keystores/gateway.jks')
knox_user = default("/configurations/knox-env/knox_user", "knox")
http://git-wip-us.apache.org/repos/asf/ambari/blob/77cf8477/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
index 78fc07f..5f4e6fc 100644
--- a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
+++ b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
@@ -585,6 +585,16 @@ class TestKnoxGateway(RMFTestCase):
self.assertResourceCalled('Link', '/usr/hdp/current/knox-server/pids',
to = '/var/run/knox',
)
+ self.assertResourceCalled('Directory', '/var/log/knox',
+ owner = 'knox',
+ mode = 0755,
+ group = 'knox',
+ recursive = True,
+ cd_access = 'a',
+ )
+ self.assertResourceCalled('Execute', ('chown', '-R', u'knox:knox', u'/var/log/knox'),
+ sudo = True,
+ )
self.assertResourceCalled("Execute", "/usr/hdp/current/knox-server/bin/gateway.sh start",
environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
not_if = u'ls /var/run/knox/gateway.pid >/dev/null 2>&1 && ps -p `cat /var/run/knox/gateway.pid` >/dev/null 2>&1',
[2/2] ambari git commit: AMBARI-14364. Express Upgrade: Knox gateway
restart failed during EU from 2.2.9 to 2.3.2 with customized service user
accounts (dgrinenko via dlysnichenko)
Posted by dm...@apache.org.
AMBARI-14364. Express Upgrade: Knox gateway restart failed during EU from 2.2.9 to 2.3.2 with customized service user accounts (dgrinenko via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/57c9b34a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/57c9b34a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/57c9b34a
Branch: refs/heads/branch-2.2
Commit: 57c9b34a05c324360b43db426831465ddc5cda4e
Parents: 0ee5b32
Author: Lisnichenko Dmitro <dl...@hortonworks.com>
Authored: Mon Dec 14 15:47:10 2015 +0200
Committer: Lisnichenko Dmitro <dl...@hortonworks.com>
Committed: Mon Dec 14 15:48:24 2015 +0200
----------------------------------------------------------------------
.../KNOX/0.5.0.2.2/package/scripts/knox.py | 35 ++++++++++++++++++++
.../0.5.0.2.2/package/scripts/knox_gateway.py | 14 +++++---
.../0.5.0.2.2/package/scripts/params_linux.py | 2 --
.../python/stacks/2.2/KNOX/test_knox_gateway.py | 10 ++++++
4 files changed, 55 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/57c9b34a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
index 73556e3..6ea764a 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
@@ -136,3 +136,38 @@ def knox():
not_if=cert_store_exist,
)
+
+@OsFamilyFuncImpl(os_family=OSConst.WINSRV_FAMILY)
+def update_knox_folder_permissions():
+ import params
+ Directory(params.knox_logs_dir,
+ owner = params.knox_user,
+ group = params.knox_group
+ )
+
+
+@OsFamilyFuncImpl(os_family=OsFamilyImpl.DEFAULT)
+def update_knox_logfolder_permissions():
+ """
+ Fix for the bug with rpm/deb packages. During installation of the package, they re-apply permissions to the
+ folders below; such behaviour will affect installations with non-standard user name/group and will put
+ cluster in non-working state
+ """
+ import params
+ knox_dirs = [params.knox_logs_dir]
+
+ Directory(params.knox_logs_dir,
+ owner = params.knox_user,
+ group = params.knox_group,
+ recursive = True,
+ cd_access = "a",
+ mode = 0755,
+ )
+
+ for d in knox_dirs:
+ if len(d) > 1: # If path is empty or a single slash, may corrupt filesystem permissions
+ Execute(('chown', '-R', format("{knox_user}:{knox_group}"), d),
+ sudo=True
+ )
+ else:
+ Logger.warning("Permissions for the Knox folder \"%s\" was not updated due to empty path passed" % d)
http://git-wip-us.apache.org/repos/asf/ambari/blob/57c9b34a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
index 8d6d7d8..4285c6e 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
@@ -43,10 +43,11 @@ if OSCheck.is_windows_family():
from resource_management.libraries.functions.windows_service_utils import check_windows_service_status
import upgrade
-from knox import knox
+from knox import knox, update_knox_logfolder_permissions
from knox_ldap import ldap
from setup_ranger_knox import setup_ranger_knox
+
class KnoxGateway(Script):
def get_stack_to_component(self):
return {"HDP": "knox-server"}
@@ -60,7 +61,7 @@ class KnoxGateway(Script):
action = "delete",
)
- def configure(self, env):
+ def configure(self, env, upgrade_type=None):
import params
env.set_params(params)
knox()
@@ -75,14 +76,14 @@ class KnoxGateway(Script):
@OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY)
class KnoxGatewayWindows(KnoxGateway):
- def start(self, env):
+ def start(self, env, upgrade_type=None):
import params
env.set_params(params)
self.configure(env)
# setup_ranger_knox(env)
Service(params.knox_gateway_win_service_name, action="start")
- def stop(self, env):
+ def stop(self, env, upgrade_type=None):
import params
env.set_params(params)
Service(params.knox_gateway_win_service_name, action="stop")
@@ -154,6 +155,8 @@ class KnoxGatewayDefault(KnoxGateway):
to = params.knox_pid_dir,
)
+ update_knox_logfolder_permissions()
+
Execute(daemon_cmd,
user=params.knox_user,
environment={'JAVA_HOME': params.java_home},
@@ -164,6 +167,9 @@ class KnoxGatewayDefault(KnoxGateway):
import params
env.set_params(params)
daemon_cmd = format('{knox_bin} stop')
+
+ update_knox_logfolder_permissions()
+
Execute(daemon_cmd,
environment={'JAVA_HOME': params.java_home},
user=params.knox_user,
http://git-wip-us.apache.org/repos/asf/ambari/blob/57c9b34a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
index a4e31bf..46a6f9a 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py
@@ -69,8 +69,6 @@ if stack_name and stack_name.upper() == "HDP":
Logger.info(format("Detected HDP with stack version {version}, will use knox_data_dir = {knox_data_dir}"))
-knox_logs_dir = '/var/log/knox'
-
knox_master_secret_path = format('{knox_data_dir}/security/master')
knox_cert_store_path = format('{knox_data_dir}/security/keystores/gateway.jks')
knox_user = default("/configurations/knox-env/knox_user", "knox")
http://git-wip-us.apache.org/repos/asf/ambari/blob/57c9b34a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
index 80422b5..be0f951 100644
--- a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
+++ b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
@@ -579,6 +579,16 @@ class TestKnoxGateway(RMFTestCase):
self.assertResourceCalled('Link', '/usr/hdp/current/knox-server/pids',
to = '/var/run/knox',
)
+ self.assertResourceCalled('Directory', '/var/log/knox',
+ owner = 'knox',
+ mode = 0755,
+ group = 'knox',
+ recursive = True,
+ cd_access = 'a',
+ )
+ self.assertResourceCalled('Execute', ('chown', '-R', u'knox:knox', u'/var/log/knox'),
+ sudo = True,
+ )
self.assertResourceCalled("Execute", "/usr/hdp/current/knox-server/bin/gateway.sh start",
environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'},
not_if = u'ls /var/run/knox/gateway.pid >/dev/null 2>&1 && ps -p `cat /var/run/knox/gateway.pid` >/dev/null 2>&1',