You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sm...@apache.org on 2018/05/03 14:57:29 UTC
[ambari] branch trunk updated: AMBARI-23562. Updating
hadoop.proxyuser.HTTP.hosts in USER Kerberos descriptor when upgrading to
2.7 and make sure the new STACK Kerberos descriptors have the correct value
(#1164)
This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new cc72705 AMBARI-23562. Updating hadoop.proxyuser.HTTP.hosts in USER Kerberos descriptor when upgrading to 2.7 and make sure the new STACK Kerberos descriptors have the correct value (#1164)
cc72705 is described below
commit cc72705de9b6274d3043c81285ff6357d9f61509
Author: Sandor Molnar <sm...@apache.org>
AuthorDate: Thu May 3 16:57:26 2018 +0200
AMBARI-23562. Updating hadoop.proxyuser.HTTP.hosts in USER Kerberos descriptor when upgrading to 2.7 and make sure the new STACK Kerberos descriptors have the correct value (#1164)
---
.../ambari/server/upgrade/UpgradeCatalog270.java | 63 ++++++++++++++++------
.../stacks/HDP/2.5/services/HIVE/kerberos.json | 2 +-
.../server/upgrade/UpgradeCatalog270Test.java | 10 ++--
3 files changed, 55 insertions(+), 20 deletions(-)
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
index 1bde6a2..ff56cb1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog270.java
@@ -79,9 +79,11 @@ import org.apache.ambari.server.state.ServiceComponentHost;
import org.apache.ambari.server.state.State;
import org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer;
import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosConfigurationDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
+import org.apache.ambari.server.topology.validators.HiveServiceValidator;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
@@ -235,6 +237,9 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog {
protected static final String SERVICE_DESIRED_STATE_CLUSTER_SERVICES_FK = "servicedesiredstateservicename";
protected static final String COMPONENT_DESIRED_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK = "hstcmpnntdesiredstatecmpnntnme";
protected static final String COMPONENT_STATE_SERVICE_COMPONENT_DESIRED_STATE_FK = "hstcomponentstatecomponentname";
+ protected static final String HIVE_SERVICE_COMPONENT_WEBHCAT_SERVER = "WEBHCAT_SERVER";
+ protected static final String CONFIGURATION_CORE_SITE = "core-site";
+ protected static final String PROPERTY_HADOOP_PROXYUSER_HTTP_HOSTS = "hadoop.proxyuser.HTTP.hosts";
public static final String AMBARI_INFRA_OLD_NAME = "AMBARI_INFRA";
public static final String AMBARI_INFRA_NEW_NAME = "AMBARI_INFRA_SOLR";
@@ -1017,36 +1022,62 @@ public class UpgradeCatalog270 extends AbstractUpgradeCatalog {
@Override
protected void updateKerberosDescriptorArtifact(ArtifactDAO artifactDAO, ArtifactEntity artifactEntity) throws AmbariException {
- if (artifactEntity == null)
+ if (artifactEntity == null) {
return;
+ }
Map<String, Object> data = artifactEntity.getArtifactData();
- if (data == null)
+ if (data == null) {
return;
+ }
final KerberosDescriptor kerberosDescriptor = new KerberosDescriptorFactory().createInstance(data);
- if (kerberosDescriptor == null)
+ if (kerberosDescriptor == null) {
return;
+ }
Map<String, KerberosServiceDescriptor> services = kerberosDescriptor.getServices();
KerberosServiceDescriptor ambariInfraService = services.get(AMBARI_INFRA_OLD_NAME);
- if (ambariInfraService == null)
- return;
+ if (ambariInfraService != null) {
+ ambariInfraService.setName(AMBARI_INFRA_NEW_NAME);
+ services.remove(AMBARI_INFRA_OLD_NAME);
+ services.put(AMBARI_INFRA_NEW_NAME, ambariInfraService);
+ kerberosDescriptor.setServices(services);
+
+ for (KerberosServiceDescriptor serviceDescriptor : kerberosDescriptor.getServices().values()) {
+ updateKerberosIdentities(serviceDescriptor);
+ for (KerberosComponentDescriptor componentDescriptor : serviceDescriptor.getComponents().values()) {
+ updateKerberosIdentities(componentDescriptor);
+ }
+ }
+ }
- ambariInfraService.setName(AMBARI_INFRA_NEW_NAME);
- services.remove(AMBARI_INFRA_OLD_NAME);
- services.put(AMBARI_INFRA_NEW_NAME, ambariInfraService);
- kerberosDescriptor.setServices(services);
+ final boolean updatedWebHCatHostsInHadoopProxyuserHttpHostsForHive = updateWebHCatHostsInHadoopProxyuserHttpHostsForHive(kerberosDescriptor);
- for (KerberosServiceDescriptor serviceDescriptor : kerberosDescriptor.getServices().values()) {
- updateKerberosIdentities(serviceDescriptor);
- for (KerberosComponentDescriptor componentDescriptor : serviceDescriptor.getComponents().values()) {
- updateKerberosIdentities(componentDescriptor);
- }
+ if (ambariInfraService != null || updatedWebHCatHostsInHadoopProxyuserHttpHostsForHive) {
+ artifactEntity.setArtifactData(kerberosDescriptor.toMap());
+ artifactDAO.merge(artifactEntity);
}
+ }
- artifactEntity.setArtifactData(kerberosDescriptor.toMap());
- artifactDAO.merge(artifactEntity);
+ private boolean updateWebHCatHostsInHadoopProxyuserHttpHostsForHive(KerberosDescriptor kerberosDescriptor) {
+ boolean updated = false;
+ final KerberosServiceDescriptor hiveService = kerberosDescriptor.getServices().get(HiveServiceValidator.HIVE_SERVICE);
+ if (hiveService != null) {
+ final KerberosComponentDescriptor webhcatServer = hiveService.getComponent(HIVE_SERVICE_COMPONENT_WEBHCAT_SERVER);
+ if (webhcatServer != null) {
+ final KerberosConfigurationDescriptor coreSiteConfiguration = webhcatServer.getConfiguration(CONFIGURATION_CORE_SITE);
+ if (coreSiteConfiguration != null) {
+ final String currentHadoopProxyuserHttpHosts = coreSiteConfiguration.getProperty(PROPERTY_HADOOP_PROXYUSER_HTTP_HOSTS);
+ if (StringUtils.isNotBlank(currentHadoopProxyuserHttpHosts)) {
+ LOG.info("Updating hadoop.proxyuser.HTTP.hosts...");
+ coreSiteConfiguration.putProperty(PROPERTY_HADOOP_PROXYUSER_HTTP_HOSTS, currentHadoopProxyuserHttpHosts.replace("webhcat_server_host|", "webhcat_server_hosts|"));
+ updated = true;
+ }
+ }
+ }
+ }
+ return updated;
}
protected void addUserAuthenticationSequence() throws SQLException {
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
index 6e2b25c..3d6fa39 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/kerberos.json
@@ -144,7 +144,7 @@
"configurations": [
{
"core-site": {
- "hadoop.proxyuser.HTTP.hosts": "${clusterHostInfo/webhcat_server_host|append(core-site/hadoop.proxyuser.HTTP.hosts, \\\\,, true)}"
+ "hadoop.proxyuser.HTTP.hosts": "${clusterHostInfo/webhcat_server_hosts|append(core-site/hadoop.proxyuser.HTTP.hosts, \\\\,, true)}"
}
},
{
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
index fb367ad..7a1b686 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog270Test.java
@@ -1232,14 +1232,14 @@ public class UpgradeCatalog270Test {
@Test
public void testupdateKerberosDescriptorArtifact() throws Exception {
+ //there is HIVE -> WEBHCAT_SERVER -> configurations -> core-site -> hadoop.proxyuser.HTTP.hosts
String kerberosDescriptorJson = IOUtils.toString(getClass().getClassLoader().getResourceAsStream("org/apache/ambari/server/upgrade/kerberos_descriptor.json"), "UTF-8");
ArtifactEntity artifactEntity = new ArtifactEntity();
artifactEntity.setArtifactName("kerberos_descriptor");
artifactEntity.setArtifactData(GSON.<Map<String, Object>>fromJson(kerberosDescriptorJson, Map.class));
- UpgradeCatalog270 upgradeCatalog270 = createMockBuilder(UpgradeCatalog270.class)
- .createMock();
+ UpgradeCatalog270 upgradeCatalog270 = createMockBuilder(UpgradeCatalog270.class).createMock();
expect(artifactDAO.merge(artifactEntity)).andReturn(artifactEntity);
@@ -1247,10 +1247,14 @@ public class UpgradeCatalog270Test {
upgradeCatalog270.updateKerberosDescriptorArtifact(artifactDAO, artifactEntity);
+ final String newKerberosDescriptorJson = GSON.toJson(artifactEntity.getArtifactData());
+
int oldCount = substringCount(kerberosDescriptorJson, AMBARI_INFRA_OLD_NAME);
- int newCount = substringCount(GSON.toJson(artifactEntity.getArtifactData()), AMBARI_INFRA_NEW_NAME);
+ int newCount = substringCount(newKerberosDescriptorJson, AMBARI_INFRA_NEW_NAME);
assertThat(newCount, is(oldCount));
+ assertTrue(newKerberosDescriptorJson.contains("webhcat_server_hosts|"));
+
verify(upgradeCatalog270);
}
--
To stop receiving notification emails like this one, please contact
smolnar@apache.org.