You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rz...@apache.org on 2017/02/17 22:56:55 UTC

[17/51] [abbrv] ambari git commit: AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty)

AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty)

(cherry picked from commit caa69171b163a547341da5f4341ba6d0df66ceb5)

Change-Id: I01f34e79965ad7b8fb74d7ae8b08ec66e0dfc7f6


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b09247fb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b09247fb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b09247fb

Branch: refs/heads/branch-feature-BUG-74026
Commit: b09247fbf47477e41f977ac217419538078f3e5d
Parents: 14d78ab
Author: Sumit Mohanty <sm...@hortonworks.com>
Authored: Fri Feb 3 13:24:24 2017 -0800
Committer: Zuul <re...@hortonworks.com>
Committed: Tue Feb 7 00:39:01 2017 -0800

----------------------------------------------------------------------
 .../DRUID/0.9.2/configuration/druid-common.xml   |  6 ++++++
 .../DRUID/0.9.2/package/scripts/druid.py         |  2 ++
 .../DRUID/0.9.2/package/scripts/params.py        |  5 ++++-
 .../stacks/HDP/2.6/services/DRUID/kerberos.json  | 19 ++++++++++++++++++-
 .../test/python/stacks/2.6/DRUID/test_druid.py   |  2 ++
 .../test/python/stacks/2.6/configs/default.json  |  3 ++-
 6 files changed, 34 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/b09247fb/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
index e00480e..a494750 100644
--- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
+++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
@@ -46,6 +46,12 @@
     <on-ambari-upgrade add="false"/>
   </property>
   <property>
+    <name>druid.security.extensions.loadList</name>
+    <value>[]</value>
+    <description>A comma-separated list of one or more druid security extensions to load. This property will be set via the kerberos wizard and User will not be allowed to modify this when security is enabled.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
     <name>druid.zk.service.host</name>
     <value>localhost:2181</value>
     <description>

http://git-wip-us.apache.org/repos/asf/ambari/blob/b09247fb/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
index 20eda92..18febeb 100644
--- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
+++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
@@ -48,6 +48,8 @@ def druid(upgrade_type=None, nodeType=None):
     'druid.service']
   druid_common_config['druid.selectors.coordinator.serviceName'] = \
     params.config['configurations']['druid-coordinator']['druid.service']
+  druid_common_config['druid.extensions.loadList'] = json.dumps(eval(params.druid_extensions_load_list) +
+                                                     eval(params.druid_security_extensions_load_list))
 
   # delete the password and user if empty otherwiswe derby will fail.
   if 'derby' == druid_common_config['druid.metadata.storage.type']:

http://git-wip-us.apache.org/repos/asf/ambari/blob/b09247fb/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
index 558087d..aed4043 100644
--- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
@@ -74,6 +74,9 @@ druid_log_dir = config['configurations']['druid-env']['druid_log_dir']
 druid_classpath = config['configurations']['druid-env']['druid_classpath']
 druid_extensions = config['configurations']['druid-common']['druid.extensions.pullList']
 druid_repo_list = config['configurations']['druid-common']['druid.extensions.repositoryList']
+druid_extensions_load_list = config['configurations']['druid-common']['druid.extensions.loadList']
+druid_security_extensions_load_list = config['configurations']['druid-common']['druid.security.extensions.loadList']
+
 
 # status params
 druid_pid_dir = status_params.druid_pid_dir
@@ -121,7 +124,7 @@ hdfs_site = config['configurations']['hdfs-site']
 default_fs = config['configurations']['core-site']['fs.defaultFS']
 dfs_type = default("/commandParams/dfs_type", "")
 
-# Kerberose
+# Kerberos
 druid_principal_name = default('/configurations/druid-common/druid.hadoop.security.kerberos.principal',
                                'missing_principal')
 druid_user_keytab = default('/configurations/druid-common/druid.hadoop.security.kerberos.keytab', 'missing_keytab')

http://git-wip-us.apache.org/repos/asf/ambari/blob/b09247fb/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
index 1661285..251975b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
@@ -4,7 +4,13 @@
       "name": "DRUID",
       "identities": [
         {
-          "name": "/spnego"
+          "name": "/spnego",
+          "principal": {
+            "configuration": "druid-common/druid.hadoop.security.spnego.principal"
+          },
+          "keytab": {
+            "configuration": "druid-common/druid.hadoop.security.spnego.keytab"
+          }
         },
         {
           "name": "druid",
@@ -72,6 +78,17 @@
             }
           ]
         }
+      ],
+      "configurations": [
+        {
+          "druid-common": {
+            "druid.hadoop.security.spnego.excludedPaths": "[\"/status\"]",
+            "druid.security.extensions.loadList" : "[\"druid-kerberos\"]"
+          }
+        }
+      ],
+      "auth_to_local_properties" : [
+        "druid-common/druid.hadoop.security.spnego.authToLocal|new_lines_escaped"
       ]
     }
   ]

http://git-wip-us.apache.org/repos/asf/ambari/blob/b09247fb/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
index 0a143ae..422e9ba 100644
--- a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
+++ b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
@@ -445,6 +445,8 @@ class TestDruid(RMFTestCase):
     druid_common_config['druid.extensions.hadoopDependenciesDir'] = format('/usr/hdp/current/{role}/hadoop-dependencies')
     druid_common_config['druid.selectors.indexing.serviceName'] = 'druid/overlord'
     druid_common_config['druid.selectors.coordinator.serviceName'] = 'druid/coordinator'
+    druid_common_config['druid.extensions.loadList'] = '["mysql-metadata-storage", "druid-datasketches", "druid-kerberos"]'
+
 
     self.assertResourceCalled('PropertiesFile', 'common.runtime.properties',
                               dir=format("/usr/hdp/current/{role}/conf/_common"),

http://git-wip-us.apache.org/repos/asf/ambari/blob/b09247fb/ambari-server/src/test/python/stacks/2.6/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/configs/default.json b/ambari-server/src/test/python/stacks/2.6/configs/default.json
index 963c4a4..4d9f98c 100644
--- a/ambari-server/src/test/python/stacks/2.6/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.6/configs/default.json
@@ -430,7 +430,8 @@
       "druid.indexer.logs.directory": "/user/druid/logs",
       "druid.extensions.pullList": "[\"custom-druid-extension\"]",
       "druid.extensions.repositoryList": "[\"http://custom-mvn-repo/public/release\"]",
-      "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]"
+      "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]",
+      "druid.security.extensions.loadList": "[\"druid-kerberos\"]"
     },
     "druid-historical" : {
       "druid.segmentCache.infoDir" : "/apps/druid/segmentCache/info_dir",