You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2016/10/07 19:14:22 UTC
[25/32] ambari git commit: AMBARI-18521. Stack upgrade fix for Ranger
in secure env (mugdha)
AMBARI-18521. Stack upgrade fix for Ranger in secure env (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bce5dbe3
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bce5dbe3
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bce5dbe3
Branch: refs/heads/branch-dev-patch-upgrade
Commit: bce5dbe3eacda9d35e645a776f1f9aa3edf06e9c
Parents: 8b6e45e
Author: Mugdha Varadkar <mu...@apache.org>
Authored: Thu Oct 6 10:27:02 2016 +0530
Committer: Mugdha Varadkar <mu...@apache.org>
Committed: Thu Oct 6 11:40:02 2016 +0530
----------------------------------------------------------------------
.../RangerKerberosConfigCalculation.java | 32 ++++++++++++--------
.../RangerKerberosConfigCalculationTest.java | 6 ++--
2 files changed, 22 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/bce5dbe3/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculation.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculation.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculation.java
index c3d71c0..ba0da79 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculation.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculation.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.Clusters;
import org.apache.ambari.server.state.Config;
import org.apache.ambari.server.state.SecurityType;
+import org.apache.commons.lang.StringUtils;
import com.google.inject.Inject;
@@ -47,7 +48,6 @@ public class RangerKerberosConfigCalculation extends AbstractServerAction {
private static final String KAFKA_ENV_CONFIG_TYPE = "kafka-env";
private static final String RANGER_KMS_ENV_CONFIG_TYPE = "kms-env";
private static final String HDFS_SITE_CONFIG_TYPE = "hdfs-site";
- private static final String RANGER_SPNEGO_PRINCIPAL = "ranger.spnego.kerberos.principal";
private static final String RANGER_SPNEGO_KEYTAB = "ranger.spnego.kerberos.keytab";
private static final String RANGER_PLUGINS_HDFS_SERVICE_USER = "ranger.plugins.hdfs.serviceuser";
private static final String RANGER_PLUGINS_HIVE_SERVICE_USER = "ranger.plugins.hive.serviceuser";
@@ -168,9 +168,27 @@ public class RangerKerberosConfigCalculation extends AbstractServerAction {
Config stormConfig = cluster.getDesiredConfigByType(STORM_ENV_CONFIG_TYPE);
if (null != stormConfig) {
+ String stormValue = null;
String stormUser = stormConfig.getProperties().get("storm_user");
+
+ if (cluster.getSecurityType() == SecurityType.KERBEROS) {
+ String stormPrincipal = stormConfig.getProperties().get("storm_principal_name");
+ if (null != stormPrincipal) {
+ String[] stormPrincipalParts = stormPrincipal.split("@");
+ if(null != stormPrincipalParts && stormPrincipalParts.length > 1) {
+ String stormPrincipalBareName = stormPrincipalParts[0];
+ stormValue = stormPrincipalBareName;
+ }
+ }
+ }
+
if (null != stormUser) {
- targetValues.put(RANGER_PLUGINS_STORM_SERVICE_USER, stormUser);
+ if(!StringUtils.isBlank(stormValue)) {
+ stormValue = stormValue + "," + stormUser;
+ } else {
+ stormValue = stormUser;
+ }
+ targetValues.put(RANGER_PLUGINS_STORM_SERVICE_USER, stormValue);
rangerAdminconfig.setProperties(targetValues);
rangerAdminconfig.persist(false);
sucessMsg = sucessMsg + MessageFormat.format("{0}\n", RANGER_PLUGINS_STORM_SERVICE_USER);
@@ -220,18 +238,8 @@ public class RangerKerberosConfigCalculation extends AbstractServerAction {
Config hdfsSiteConfig = cluster.getDesiredConfigByType(HDFS_SITE_CONFIG_TYPE);
if (null != hdfsSiteConfig) {
- String spnegoPrincipal = hdfsSiteConfig.getProperties().get("dfs.web.authentication.kerberos.principal");
String spnegoKeytab = hdfsSiteConfig.getProperties().get("dfs.web.authentication.kerberos.keytab");
- if (null != spnegoPrincipal) {
- targetValues.put(RANGER_SPNEGO_PRINCIPAL, spnegoPrincipal);
- rangerAdminconfig.setProperties(targetValues);
- rangerAdminconfig.persist(false);
- sucessMsg = sucessMsg + MessageFormat.format("{0}\n", RANGER_SPNEGO_PRINCIPAL);
- } else {
- errMsg = errMsg + MessageFormat.format("{0} not found in {1}\n", "dfs.web.authentication.kerberos.principal", HDFS_SITE_CONFIG_TYPE);
- }
-
if (null != spnegoKeytab) {
targetValues.put(RANGER_SPNEGO_KEYTAB, spnegoKeytab);
rangerAdminconfig.setProperties(targetValues);
http://git-wip-us.apache.org/repos/asf/ambari/blob/bce5dbe3/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculationTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculationTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculationTest.java
index 133a9e3..25acb45 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculationTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/upgrades/RangerKerberosConfigCalculationTest.java
@@ -118,6 +118,7 @@ public class RangerKerberosConfigCalculationTest {
Config stormConfig = new ConfigImpl("storm-env") {
Map<String, String> mockProperties = new HashMap<String, String>() {{
put("storm_user", "storm");
+ put("storm_principal_name", "storm-c1@EXAMLE.COM");
}};
@Override
@@ -150,7 +151,6 @@ public class RangerKerberosConfigCalculationTest {
Config hdfsSiteConfig = new ConfigImpl("hdfs-site") {
Map<String, String> mockProperties = new HashMap<String, String>() {{
- put("dfs.web.authentication.kerberos.principal", "HTTP/_HOST.COM");
put("dfs.web.authentication.kerberos.keytab", "/etc/security/keytabs/spnego.kytab");
}};
@@ -236,7 +236,6 @@ public class RangerKerberosConfigCalculationTest {
assertTrue(map.containsKey("ranger.plugins.storm.serviceuser"));
assertTrue(map.containsKey("ranger.plugins.kafka.serviceuser"));
assertTrue(map.containsKey("ranger.plugins.kms.serviceuser"));
- assertTrue(map.containsKey("ranger.spnego.kerberos.principal"));
assertTrue(map.containsKey("ranger.spnego.kerberos.keytab"));
@@ -245,10 +244,9 @@ public class RangerKerberosConfigCalculationTest {
assertEquals("yarn", map.get("ranger.plugins.yarn.serviceuser"));
assertEquals("hbase", map.get("ranger.plugins.hbase.serviceuser"));
assertEquals("knox", map.get("ranger.plugins.knox.serviceuser"));
- assertEquals("storm", map.get("ranger.plugins.storm.serviceuser"));
+ assertEquals("storm-c1,storm", map.get("ranger.plugins.storm.serviceuser"));
assertEquals("kafka", map.get("ranger.plugins.kafka.serviceuser"));
assertEquals("kms", map.get("ranger.plugins.kms.serviceuser"));
- assertEquals("HTTP/_HOST.COM", map.get("ranger.spnego.kerberos.principal"));
assertEquals("/etc/security/keytabs/spnego.kytab", map.get("ranger.spnego.kerberos.keytab"));
report = action.execute(null);