You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jo...@apache.org on 2017/06/05 20:00:40 UTC
[01/17] ambari git commit: Merge branch 'branch-feature-AMBARI-12556'
into trunk
Repository: ambari
Updated Branches:
refs/heads/branch-feature-AMBARI-12556 cd3fb8595 -> 64e3ad776
Merge branch 'branch-feature-AMBARI-12556' into trunk
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/851c8571
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/851c8571
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/851c8571
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 851c85718b8a239392d51c937f51b3c070b27356
Parents: 81f64bf 9a42d40
Author: Jonathan Hurley <jh...@hortonworks.com>
Authored: Thu Jun 1 09:31:13 2017 -0400
Committer: Jonathan Hurley <jh...@hortonworks.com>
Committed: Thu Jun 1 09:31:13 2017 -0400
----------------------------------------------------------------------
.../AmbariCustomCommandExecutionHelper.java | 10 ++--
.../server/controller/KerberosHelperImpl.java | 10 +++-
.../internal/UpgradeResourceProvider.java | 26 +++++++---
.../0.12.0.2.0/package/scripts/params_linux.py | 2 +-
.../2.1.0.3.0/package/scripts/params_linux.py | 2 +-
.../AmbariManagementControllerTest.java | 6 +--
.../server/controller/KerberosHelperTest.java | 7 +++
.../internal/UpgradeResourceProviderTest.java | 54 ++++++++++++++++++++
.../upgrades/upgrade_execute_task_test.xml | 42 +++++++++++++++
9 files changed, 139 insertions(+), 20 deletions(-)
----------------------------------------------------------------------
[09/17] ambari git commit: Fix minor typo in ambari site.xml
Posted by jo...@apache.org.
Fix minor typo in ambari site.xml
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/201c6d01
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/201c6d01
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/201c6d01
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 201c6d01bad70aec8ebee1e2a6633bcd0062c1c6
Parents: 28e20a1
Author: Aravindan Vijayan <av...@hortonworks.com>
Authored: Fri Jun 2 11:55:09 2017 -0700
Committer: Aravindan Vijayan <av...@hortonworks.com>
Committed: Fri Jun 2 11:55:09 2017 -0700
----------------------------------------------------------------------
docs/src/site/site.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/201c6d01/docs/src/site/site.xml
----------------------------------------------------------------------
diff --git a/docs/src/site/site.xml b/docs/src/site/site.xml
index db45a35..ec5de8d 100644
--- a/docs/src/site/site.xml
+++ b/docs/src/site/site.xml
@@ -109,7 +109,7 @@
<item name="API Reference" href="https://github.com/apache/ambari/blob/trunk/ambari-server/docs/api/v1/index.md"/>
<item name="Install Guide for 2.5.1" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.5.1"/>
<item name="Install Guide for 2.5.0" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.5.0"/>
- <item name="Install Guide for 2.4.2" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.4.3"/>
+ <item name="Install Guide for 2.4.3" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.4.3"/>
<item name="Install Guide for 2.4.2" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.4.2"/>
<item name="Install Guide for 2.4.1" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.4.1"/>
<item name="Install Guide for 2.4.0" href="https://cwiki.apache.org/confluence/display/AMBARI/Installation+Guide+for+Ambari+2.4.0"/>
[08/17] ambari git commit: AMBARI-21156. Yarn service check failure
after moving resource manager to a different host - on wire encrypted cluster
(akovalenko)
Posted by jo...@apache.org.
AMBARI-21156. Yarn service check failure after moving resource manager to a different host - on wire encrypted cluster (akovalenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/28e20a16
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/28e20a16
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/28e20a16
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 28e20a16879a6db4b48107738891d714cd2217b9
Parents: 4283211
Author: Aleksandr Kovalenko <ak...@hortonworks.com>
Authored: Wed May 31 14:13:28 2017 +0300
Committer: Aleksandr Kovalenko <ak...@hortonworks.com>
Committed: Fri Jun 2 20:56:38 2017 +0300
----------------------------------------------------------------------
.../app/controllers/main/service/reassign/step3_controller.js | 1 +
1 file changed, 1 insertion(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/28e20a16/ambari-web/app/controllers/main/service/reassign/step3_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/main/service/reassign/step3_controller.js b/ambari-web/app/controllers/main/service/reassign/step3_controller.js
index d4edb1e..c44c4f3 100644
--- a/ambari-web/app/controllers/main/service/reassign/step3_controller.js
+++ b/ambari-web/app/controllers/main/service/reassign/step3_controller.js
@@ -58,6 +58,7 @@ App.ReassignMasterWizardStep3Controller = Em.Controller.extend({
'yarn.resourcemanager.resource-tracker.address': '<replace-value>:8025',
'yarn.resourcemanager.scheduler.address': '<replace-value>:8030',
'yarn.resourcemanager.webapp.address': '<replace-value>:8088',
+ 'yarn.resourcemanager.webapp.https.address': '<replace-value>:8090',
'yarn.resourcemanager.hostname': '<replace-value>'
}
}
[17/17] ambari git commit: Merge branch 'trunk' into
branch-feature-AMBARI-12556
Posted by jo...@apache.org.
Merge branch 'trunk' into branch-feature-AMBARI-12556
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/64e3ad77
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/64e3ad77
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/64e3ad77
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 64e3ad77685dd934324947225889e76429ad5813
Parents: cd3fb85 601a7cd
Author: Jonathan Hurley <jh...@hortonworks.com>
Authored: Mon Jun 5 15:43:28 2017 -0400
Committer: Jonathan Hurley <jh...@hortonworks.com>
Committed: Mon Jun 5 15:43:28 2017 -0400
----------------------------------------------------------------------
.../scripts/controllers/users/UsersShowCtrl.js | 13 ++
.../ui/admin-web/app/views/users/show.html | 5 +-
.../src/main/python/ambari_agent/Controller.py | 6 +-
ambari-server/conf/unix/ambari.properties | 4 +
ambari-server/docs/configuration/index.md | 5 +-
.../ambari/server/agent/HeartBeatHandler.java | 18 ++-
.../server/configuration/Configuration.java | 31 ++++-
.../AmbariManagementControllerImpl.java | 126 ++++++++++++++++++-
.../server/controller/KerberosHelperImpl.java | 6 +
.../internal/ConfigGroupResourceProvider.java | 41 ++++--
.../internal/HostResourceProvider.java | 2 +-
.../listeners/tasks/TaskStatusListener.java | 2 +-
.../scheduler/ExecutionSchedulerImpl.java | 2 +
.../security/InternalSSLSocketFactory.java | 112 +++++++++++++++++
.../InternalSSLSocketFactoryNonTrusting.java | 49 ++++++++
.../InternalSSLSocketFactoryTrusting.java | 48 +++++++
.../kerberos/ADKerberosOperationHandler.java | 34 +++--
.../KerberosKDCSSLConnectionException.java | 45 +++++++
.../kerberos/TrustingSSLSocketFactory.java | 101 ---------------
.../server/state/cluster/ClusterImpl.java | 13 +-
.../svccomphost/ServiceComponentHostImpl.java | 2 +-
.../server/upgrade/UpgradeCatalog251.java | 45 ++++++-
.../OOZIE/4.0.0.2.0/package/scripts/oozie.py | 9 +-
.../OOZIE/4.2.0.3.0/package/scripts/oozie.py | 9 +-
.../internal/UpgradeResourceProviderTest.java | 1 -
.../ADKerberosOperationHandlerTest.java | 96 +++++++++++++-
.../server/upgrade/UpgradeCatalog251Test.java | 13 +-
.../main/service/reassign/step3_controller.js | 1 +
.../app/controllers/wizard/step8_controller.js | 3 +-
.../app/styles/theme/bootstrap-ambari.css | 18 +--
.../stack_upgrade/upgrade_version_box_view.js | 4 +-
.../upgrade_version_box_view_test.js | 4 +-
.../view/filebrowser/DownloadService.java | 9 +-
.../ambari/view/hive2/actor/DeathWatch.java | 5 +-
.../view/hive2/client/NonPersistentCursor.java | 4 +-
.../ambari/view/hive20/actor/DeathWatch.java | 7 +-
.../view/hive20/client/NonPersistentCursor.java | 4 +-
docs/src/site/site.xml | 2 +-
38 files changed, 690 insertions(+), 209 deletions(-)
----------------------------------------------------------------------
[14/17] ambari git commit: AMBARI-21129. Nimbus fails to start when
Ambari is upgraded to 2.5.1, EU to HDP 2.6.1,
and cluster is then Kerberized (alejandro)
Posted by jo...@apache.org.
AMBARI-21129. Nimbus fails to start when Ambari is upgraded to 2.5.1, EU to HDP 2.6.1, and cluster is then Kerberized (alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3f908852
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3f908852
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3f908852
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 3f9088524e276671fb0ea8252ce7c1f7ea149cda
Parents: 57f4461
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Fri Jun 2 15:33:09 2017 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Fri Jun 2 15:33:09 2017 -0700
----------------------------------------------------------------------
.../server/upgrade/UpgradeCatalog251.java | 45 +++++++++++++++++++-
.../internal/UpgradeResourceProviderTest.java | 1 -
.../server/upgrade/UpgradeCatalog251Test.java | 13 ++++--
3 files changed, 53 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/3f908852/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog251.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog251.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog251.java
index 9255daf..119d9ce 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog251.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog251.java
@@ -1,4 +1,4 @@
-/*
+/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -19,6 +19,7 @@ package org.apache.ambari.server.upgrade;
import java.sql.SQLException;
import java.util.Collections;
+import java.util.HashMap;
import java.util.Map;
import java.util.Set;
@@ -50,6 +51,7 @@ public class UpgradeCatalog251 extends AbstractUpgradeCatalog {
private static final String REQUEST_TABLE = "request";
private static final String CLUSTER_HOST_INFO_COLUMN = "cluster_host_info";
private static final String REQUEST_ID_COLUMN = "request_id";
+ protected static final String STORM_ENV_CONFIG = "storm-env";
/**
@@ -106,6 +108,7 @@ public class UpgradeCatalog251 extends AbstractUpgradeCatalog {
protected void executeDMLUpdates() throws AmbariException, SQLException {
addNewConfigurationsFromXml();
updateKAFKAConfigs();
+ updateSTORMConfigs();
}
/**
@@ -166,4 +169,44 @@ public class UpgradeCatalog251 extends AbstractUpgradeCatalog {
dbAccessor.moveColumnToAnotherTable(STAGE_TABLE, sourceColumn, REQUEST_ID_COLUMN, REQUEST_TABLE, targetColumn,
REQUEST_ID_COLUMN, false);
}
+
+ /**
+ * Make sure storm-env changes are applied to anyone upgrading to HDP-2.6.1 Storm
+ * If the base version was before Ambari 2.5.0, this method should wind up doing nothing.
+ * @throws AmbariException
+ */
+ protected void updateSTORMConfigs() throws AmbariException {
+ AmbariManagementController ambariManagementController = injector.getInstance(AmbariManagementController.class);
+ Clusters clusters = ambariManagementController.getClusters();
+ if (clusters != null) {
+ Map<String, Cluster> clusterMap = getCheckedClusterMap(clusters);
+ if (clusterMap != null && !clusterMap.isEmpty()) {
+ for (final Cluster cluster : clusterMap.values()) {
+ Set<String> installedServices = cluster.getServices().keySet();
+
+ // Technically, this should be added when the cluster is Kerberized on HDP 2.6.1, but is safe to add even
+ // without security or on an older stack version (such as HDP 2.5)
+ // The problem is that Kerberizing a cluster does not invoke Stack Advisor and has no easy way of setting
+ // these configs, so instead, add them as long as Storm is present.
+ if (installedServices.contains("STORM")) {
+ Config stormEnv = cluster.getDesiredConfigByType(STORM_ENV_CONFIG);
+ String content = stormEnv.getProperties().get("content");
+ if (content != null && !content.contains("STORM_AUTOCREDS_LIB_DIR")) {
+ Map<String, String> newProperties = new HashMap<>();
+ String stormEnvConfigs = "\n# set storm-auto creds\n" +
+ "# check if storm_jaas.conf in config, only enable storm_auto_creds in secure mode.\n" +
+ "STORM_JAAS_CONF=$STORM_HOME/conf/storm_jaas.conf\n" +
+ "STORM_AUTOCREDS_LIB_DIR=$STORM_HOME/external/storm-autocreds\n" +
+ "if [ -f $STORM_JAAS_CONF ] && [ -d $STORM_AUTOCREDS_LIB_DIR ]; then\n" +
+ " export STORM_EXT_CLASSPATH=$STORM_AUTOCREDS_LIB_DIR\n" +
+ "fi\n";
+ content += stormEnvConfigs;
+ newProperties.put("content", content);
+ updateConfigurationPropertiesForCluster(cluster, "storm-env", newProperties, true, false);
+ }
+ }
+ }
+ }
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/3f908852/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
index a4f5e9a..8f59c07 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java
@@ -96,7 +96,6 @@ import org.apache.ambari.server.state.UpgradeContext;
import org.apache.ambari.server.state.UpgradeHelper;
import org.apache.ambari.server.state.UpgradeState;
import org.apache.ambari.server.state.stack.upgrade.Direction;
-import org.apache.ambari.server.state.stack.upgrade.StageWrapper;
import org.apache.ambari.server.state.stack.upgrade.UpgradeType;
import org.apache.ambari.server.topology.TopologyManager;
import org.apache.ambari.server.utils.StageUtils;
http://git-wip-us.apache.org/repos/asf/ambari/blob/3f908852/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog251Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog251Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog251Test.java
index fda5f0e..5750e04 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog251Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog251Test.java
@@ -178,13 +178,15 @@ public class UpgradeCatalog251Test {
@Test
public void testExecuteDMLUpdates() throws Exception {
- Method updateKAFKAConfigs = UpgradeCatalog251.class.getDeclaredMethod("updateKAFKAConfigs");
Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml");
+ Method updateKAFKAConfigs = UpgradeCatalog251.class.getDeclaredMethod("updateKAFKAConfigs");
+ Method updateSTORMConfigs = UpgradeCatalog251.class.getDeclaredMethod("updateSTORMConfigs");
UpgradeCatalog251 upgradeCatalog251 = createMockBuilder(UpgradeCatalog251.class)
- .addMockedMethod(updateKAFKAConfigs)
- .addMockedMethod(addNewConfigurationsFromXml)
- .createMock();
+ .addMockedMethod(addNewConfigurationsFromXml)
+ .addMockedMethod(updateKAFKAConfigs)
+ .addMockedMethod(updateSTORMConfigs)
+ .createMock();
upgradeCatalog251.addNewConfigurationsFromXml();
expectLastCall().once();
@@ -194,6 +196,9 @@ public class UpgradeCatalog251Test {
upgradeCatalog251.updateKAFKAConfigs();
expectLastCall().once();
+
+ upgradeCatalog251.updateSTORMConfigs();
+ expectLastCall().once();
replay(upgradeCatalog251, dbAccessor);
[03/17] ambari git commit: AMBARI-21132 - Export cluster_name in the
cluster template file (Amruta Borkar via sangeetar)
Posted by jo...@apache.org.
AMBARI-21132 - Export cluster_name in the cluster template file (Amruta Borkar via sangeetar)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/dfb5d392
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/dfb5d392
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/dfb5d392
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: dfb5d392067a581df27b59c0f5077729f483e1db
Parents: 7a0eda7
Author: Sangeeta Ravindran <sa...@apache.org>
Authored: Thu Jun 1 11:17:31 2017 -0700
Committer: Sangeeta Ravindran <sa...@apache.org>
Committed: Thu Jun 1 11:17:31 2017 -0700
----------------------------------------------------------------------
ambari-web/app/controllers/wizard/step8_controller.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/dfb5d392/ambari-web/app/controllers/wizard/step8_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/wizard/step8_controller.js b/ambari-web/app/controllers/wizard/step8_controller.js
index 6f65953..fa44a24 100644
--- a/ambari-web/app/controllers/wizard/step8_controller.js
+++ b/ambari-web/app/controllers/wizard/step8_controller.js
@@ -2028,7 +2028,8 @@ App.WizardStep8Controller = Em.Controller.extend(App.AddSecurityConfigs, App.wiz
"config_recommendation_strategy" : "NEVER_APPLY",
"provision_action" : "INSTALL_AND_START",
"configurations": [],
- "host_groups": cluster_template_host_groups.filter(function (item) { return item.hosts.length > 0; })
+ "host_groups": cluster_template_host_groups.filter(function (item) { return item.hosts.length > 0; }),
+ "Clusters": {'cluster_name': App.clusterStatus.clusterName}
};
fileUtils.downloadTextFile(JSON.stringify(cluster_template), 'json', 'clustertemplate.json')
},
[07/17] ambari git commit: AMBARI-21000. Ambari does not work with
PGBouncer/PostgreSQL. (Robert Yokota via swagle)
Posted by jo...@apache.org.
AMBARI-21000. Ambari does not work with PGBouncer/PostgreSQL. (Robert Yokota via swagle)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/42832115
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/42832115
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/42832115
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 4283211592c6813e02d74b7ef801da39711042cb
Parents: 71e384d
Author: Siddharth Wagle <sw...@hortonworks.com>
Authored: Fri Jun 2 10:47:09 2017 -0700
Committer: Siddharth Wagle <sw...@hortonworks.com>
Committed: Fri Jun 2 10:47:09 2017 -0700
----------------------------------------------------------------------
.../ambari/server/configuration/Configuration.java | 11 +++++++++++
.../ambari/server/scheduler/ExecutionSchedulerImpl.java | 2 ++
2 files changed, 13 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/42832115/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 114046f..d3b8cc5 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -1741,6 +1741,13 @@ public class Configuration {
"server.execution.scheduler.maxDbConnections", "5");
/**
+ * The maximum number of prepared statements cached per database connection.
+ */
+ @Markdown(description = "The maximum number of prepared statements cached per database connection.")
+ public static final ConfigurationProperty<String> EXECUTION_SCHEDULER_MAX_STATEMENTS_PER_CONNECTION = new ConfigurationProperty<>(
+ "server.execution.scheduler.maxStatementsPerConnection", "120");
+
+ /**
* The tolerance, in {@link TimeUnit#MINUTES}, that Quartz will allow a misfired job to run.
*/
@Markdown(description = "The time, in minutes, that a scheduled job can be run after its missed scheduled execution time.")
@@ -4554,6 +4561,10 @@ public class Configuration {
return getProperty(EXECUTION_SCHEDULER_CONNECTIONS);
}
+ public String getExecutionSchedulerMaxStatementsPerConnection() {
+ return getProperty(EXECUTION_SCHEDULER_MAX_STATEMENTS_PER_CONNECTION);
+ }
+
public Long getExecutionSchedulerMisfireToleration() {
return Long.parseLong(getProperty(EXECUTION_SCHEDULER_MISFIRE_TOLERATION));
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/42832115/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionSchedulerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionSchedulerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionSchedulerImpl.java
index cd210b5..6dae349 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionSchedulerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/scheduler/ExecutionSchedulerImpl.java
@@ -117,6 +117,8 @@ public class ExecutionSchedulerImpl implements ExecutionScheduler {
configuration.getDatabasePassword());
properties.setProperty("org.quartz.dataSource.myDS.maxConnections",
configuration.getExecutionSchedulerConnections());
+ properties.setProperty("org.quartz.dataSource.myDS.maxCachedStatementsPerConnection",
+ configuration.getExecutionSchedulerMaxStatementsPerConnection());
properties.setProperty("org.quartz.dataSource.myDS.validationQuery",
subProps[1]);
[15/17] ambari git commit: AMBARI-21163 : fixed : Hive view 1.5 and
2.0 not exporting/downloading the worksheet with entire number of rows to csv
(nitirajrathore)
Posted by jo...@apache.org.
AMBARI-21163 : fixed : Hive view 1.5 and 2.0 not exporting/downloading the worksheet with entire number of rows to csv (nitirajrathore)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3b5f07f4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3b5f07f4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3b5f07f4
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 3b5f07f43f7c8914b3ff9aaa1b5504273f1ae59c
Parents: 3f90885
Author: Nitiraj Singh Rathore <ni...@gmail.com>
Authored: Mon Jun 5 12:33:46 2017 +0530
Committer: Nitiraj Singh Rathore <ni...@gmail.com>
Committed: Mon Jun 5 12:34:26 2017 +0530
----------------------------------------------------------------------
.../java/org/apache/ambari/view/hive2/actor/DeathWatch.java | 5 +++--
.../apache/ambari/view/hive2/client/NonPersistentCursor.java | 4 ++--
.../java/org/apache/ambari/view/hive20/actor/DeathWatch.java | 7 ++++---
.../apache/ambari/view/hive20/client/NonPersistentCursor.java | 4 ++--
4 files changed, 11 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/3b5f07f4/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/actor/DeathWatch.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/actor/DeathWatch.java b/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/actor/DeathWatch.java
index dbb6c3d..d72eb29 100644
--- a/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/actor/DeathWatch.java
+++ b/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/actor/DeathWatch.java
@@ -41,13 +41,14 @@ public class DeathWatch extends HiveActor {
this.getContext().watch(actorRef);
LOG.info("Registered new actor "+ actorRef);
LOG.info("Registration for {} at {}", actorRef,new Date());
- }
- if(message instanceof Terminated){
+ }else if(message instanceof Terminated){
Terminated terminated = (Terminated) message;
ActorRef actor = terminated.actor();
LOG.info("Received terminate for actor "+ actor);
LOG.info("Termination for {} at {}", actor,new Date());
+ }else{
+ LOG.info("received unknown message : {}", hiveMessage);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/3b5f07f4/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/client/NonPersistentCursor.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/client/NonPersistentCursor.java b/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/client/NonPersistentCursor.java
index 0be2683..13cab33 100644
--- a/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/client/NonPersistentCursor.java
+++ b/contrib/views/hive-next/src/main/java/org/apache/ambari/view/hive2/client/NonPersistentCursor.java
@@ -55,13 +55,14 @@ public class NonPersistentCursor implements Cursor<Row, ColumnDescription> {
private final List<ColumnDescription> descriptions = Lists.newLinkedList();
private int offSet = 0;
private boolean endReached = false;
-
+ private Inbox inbox;
public NonPersistentCursor(ViewContext context, ActorSystem system, ActorRef actorRef) {
this.context = context;
this.system = system;
this.actorRef = actorRef;
actorConfiguration = new HiveActorConfiguration(context);
+ inbox = Inbox.create(system);
}
@Override
@@ -120,7 +121,6 @@ public class NonPersistentCursor implements Cursor<Row, ColumnDescription> {
}
private void getNextRows() {
- Inbox inbox = Inbox.create(system);
inbox.send(actorRef, new Next());
Object receive;
try {
http://git-wip-us.apache.org/repos/asf/ambari/blob/3b5f07f4/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/actor/DeathWatch.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/actor/DeathWatch.java b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/actor/DeathWatch.java
index 58cefcd..17b491c 100644
--- a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/actor/DeathWatch.java
+++ b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/actor/DeathWatch.java
@@ -41,13 +41,14 @@ public class DeathWatch extends HiveActor {
this.getContext().watch(actorRef);
LOG.info("Registered new actor "+ actorRef);
LOG.info("Registration for {} at {}", actorRef,new Date());
- }
- if(message instanceof Terminated){
+ }else if(message instanceof Terminated){
Terminated terminated = (Terminated) message;
ActorRef actor = terminated.actor();
- LOG.info("Received terminate for actor "+ actor);
+ LOG.info("Received terminate for actor {} with message : {}", actor, terminated);
LOG.info("Termination for {} at {}", actor,new Date());
+ }else{
+ LOG.info("received unknown message : {}", hiveMessage);
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/3b5f07f4/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/client/NonPersistentCursor.java
----------------------------------------------------------------------
diff --git a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/client/NonPersistentCursor.java b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/client/NonPersistentCursor.java
index 1d76e9c..80ffe79 100644
--- a/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/client/NonPersistentCursor.java
+++ b/contrib/views/hive20/src/main/java/org/apache/ambari/view/hive20/client/NonPersistentCursor.java
@@ -55,13 +55,14 @@ public class NonPersistentCursor implements Cursor<Row, ColumnDescription> {
private final List<ColumnDescription> descriptions = Lists.newLinkedList();
private int offSet = 0;
private boolean endReached = false;
-
+ private Inbox inbox;
public NonPersistentCursor(ViewContext context, ActorSystem system, ActorRef actorRef) {
this.context = context;
this.system = system;
this.actorRef = actorRef;
actorConfiguration = new HiveActorConfiguration(context);
+ inbox = Inbox.create(system);
}
@Override
@@ -120,7 +121,6 @@ public class NonPersistentCursor implements Cursor<Row, ColumnDescription> {
}
private void getNextRows() {
- Inbox inbox = Inbox.create(system);
inbox.send(actorRef, new Next());
Object receive;
try {
[05/17] ambari git commit: AMBARI-21166 Ambari 3.0: Navigation style
changes, second patch. (atkach)
Posted by jo...@apache.org.
AMBARI-21166 Ambari 3.0: Navigation style changes, second patch. (atkach)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/cb9196f8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/cb9196f8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/cb9196f8
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: cb9196f8ed2c269fe8bc6798832556aeadb6dd96
Parents: 49605da
Author: Andrii Tkach <at...@apache.org>
Authored: Fri Jun 2 15:22:38 2017 +0300
Committer: Andrii Tkach <at...@apache.org>
Committed: Fri Jun 2 15:22:38 2017 +0300
----------------------------------------------------------------------
ambari-web/app/styles/theme/bootstrap-ambari.css | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/cb9196f8/ambari-web/app/styles/theme/bootstrap-ambari.css
----------------------------------------------------------------------
diff --git a/ambari-web/app/styles/theme/bootstrap-ambari.css b/ambari-web/app/styles/theme/bootstrap-ambari.css
index 4bc7a99..f868744 100644
--- a/ambari-web/app/styles/theme/bootstrap-ambari.css
+++ b/ambari-web/app/styles/theme/bootstrap-ambari.css
@@ -28,7 +28,6 @@
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
}
.btn,
.btn:focus {
@@ -277,7 +276,6 @@
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
border-radius: 2px;
font-size: 14px;
min-width: 200px;
@@ -378,7 +376,6 @@ h2.table-title {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
margin-top: 10px;
font-size: 20px;
}
@@ -528,7 +525,6 @@ h2.table-title {
font-weight: normal;
font-style: normal;
line-height: 1;
- -webkit-font-smoothing: antialiased;
font-size: 20px;
color: #333;
margin: 15px 20px;
@@ -550,7 +546,6 @@ h2.table-title {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-weight: bold;
font-size: 18px;
color: #666;
@@ -561,7 +556,6 @@ h2.table-title {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 14px;
line-height: 1.4;
color: #999;
@@ -611,7 +605,6 @@ h2.table-title {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 14px;
color: #999;
margin-left: 30px;
@@ -625,7 +618,6 @@ h2.table-title {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 12px;
color: #999;
margin-left: 30px;
@@ -781,6 +773,7 @@ input.radio:checked + label:after {
padding: 0;
-ms-overflow-style: none;
transition: width 0.5s ease-out;
+ -webkit-font-smoothing: antialiased;
}
.navigation-bar-container ul.nav.side-nav-header {
width: 230px;
@@ -813,7 +806,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 20px;
width: 55px;
display: inline;
@@ -840,7 +832,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 14px;
color: #666;
line-height: 1.42;
@@ -887,7 +878,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 14px;
color: #b8bec4;
padding-left: 8px;
@@ -951,7 +941,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 14px;
color: #999;
}
@@ -1242,7 +1231,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 16px;
}
#notifications-dropdown.dropdown-menu .notifications-body {
@@ -1265,7 +1253,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 12px;
color: #666;
position: relative;
@@ -1308,7 +1295,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
line-height: 1.3;
}
#notifications-dropdown.dropdown-menu .notifications-body .table.alerts-table tbody td.content .name {
@@ -1410,7 +1396,6 @@ input.radio:checked + label:after {
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
}
.accordion .panel-group .panel .panel-heading .panel-title > a,
.wizard .wizard-body .wizard-content .accordion .panel-group .panel .panel-heading .panel-title > a {
@@ -1460,7 +1445,6 @@ body,
font-style: normal;
line-height: 1;
color: #333;
- -webkit-font-smoothing: antialiased;
font-size: 14px;
}
.description {
[16/17] ambari git commit: AMBARI-21174 : Files View : properly
copying the data to output stream when downloading multiple files.
(nitirajrathore)
Posted by jo...@apache.org.
AMBARI-21174 : Files View : properly copying the data to output stream when downloading multiple files. (nitirajrathore)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/601a7cdc
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/601a7cdc
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/601a7cdc
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 601a7cdcf5a9a8c524565c54a9a36826776ab1f6
Parents: 3b5f07f
Author: Nitiraj Singh Rathore <ni...@gmail.com>
Authored: Mon Jun 5 12:39:27 2017 +0530
Committer: Nitiraj Singh Rathore <ni...@gmail.com>
Committed: Mon Jun 5 12:40:02 2017 +0530
----------------------------------------------------------------------
.../org/apache/ambari/view/filebrowser/DownloadService.java | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/601a7cdc/contrib/views/files/src/main/java/org/apache/ambari/view/filebrowser/DownloadService.java
----------------------------------------------------------------------
diff --git a/contrib/views/files/src/main/java/org/apache/ambari/view/filebrowser/DownloadService.java b/contrib/views/files/src/main/java/org/apache/ambari/view/filebrowser/DownloadService.java
index 1334c06..81ac40d 100644
--- a/contrib/views/files/src/main/java/org/apache/ambari/view/filebrowser/DownloadService.java
+++ b/contrib/views/files/src/main/java/org/apache/ambari/view/filebrowser/DownloadService.java
@@ -27,6 +27,7 @@ import org.apache.ambari.view.commons.hdfs.HdfsService;
import org.apache.ambari.view.utils.hdfs.HdfsApi;
import org.apache.ambari.view.utils.hdfs.HdfsApiException;
import org.apache.ambari.view.utils.hdfs.HdfsUtil;
+import org.apache.commons.io.IOUtils;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.security.AccessControlException;
@@ -261,11 +262,9 @@ public class DownloadService extends HdfsService {
LOG.error("Error in opening file {}. Ignoring concat of this files.", path.substring(1), ex);
continue;
}
- byte[] chunk = new byte[1024];
- while (in.read(chunk) != -1) {
- output.write(chunk);
- }
- LOG.info("concated file : {}", path);
+
+ long bytesCopied = IOUtils.copyLarge(in, output);
+ LOG.info("concated file : {}, total bytes added = {}", path, bytesCopied);
} catch (Exception ex) {
LOG.error("Error occurred : ", ex);
throw new ServiceFormattedException(ex.getMessage(), ex);
[10/17] ambari git commit: AMBARI-21176. Oozie server start failed
during cluster deploy with "NameError: global name "out" is not
defined".(vbrodetskyi)
Posted by jo...@apache.org.
AMBARI-21176. Oozie server start failed during cluster deploy with "NameError: global name "out" is not defined".(vbrodetskyi)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9acb7a64
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9acb7a64
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9acb7a64
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 9acb7a64444d5cc1e0ebc648f0e6413f6f949ac1
Parents: 201c6d0
Author: Vitaly Brodetskyi <vb...@hortonworks.com>
Authored: Fri Jun 2 22:01:12 2017 +0300
Committer: Vitaly Brodetskyi <vb...@hortonworks.com>
Committed: Fri Jun 2 22:03:22 2017 +0300
----------------------------------------------------------------------
.../OOZIE/4.0.0.2.0/package/scripts/oozie.py | 9 ++-------
.../OOZIE/4.2.0.3.0/package/scripts/oozie.py | 9 ++-------
2 files changed, 4 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/9acb7a64/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
index def0545..d916d3b 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
@@ -38,7 +38,7 @@ from resource_management.libraries.resources.xml_config import XmlConfig
from resource_management.libraries.script.script import Script
from resource_management.libraries.functions.security_commons import update_credential_provider_path
from resource_management.core.resources.packaging import Package
-from resource_management.core.shell import as_user, as_sudo, call
+from resource_management.core.shell import as_user, as_sudo, call, checked_call
from resource_management.core.exceptions import Fail
from resource_management.libraries.functions.setup_atlas_hook import has_atlas_in_cluster, setup_atlas_hook
@@ -409,12 +409,7 @@ def copy_atlas_hive_hook_to_dfs_share_lib(upgrade_type=None, upgrade_direction=N
# This can return over 100 files, so take the first 5 lines after "Available ShareLib"
# Use -oozie http(s):localhost:{oozie_server_admin_port}/oozie as oozie-env does not export OOZIE_URL
command = format(r'source {conf_dir}/oozie-env.sh ; oozie admin -oozie {oozie_base_url} -shareliblist hive | grep "\[Available ShareLib\]" -A 5')
- Execute(command,
- user=params.oozie_user,
- tries=10,
- try_sleep=5,
- logoutput=True,
- )
+ code, out = checked_call(command, user=params.oozie_user, tries=10, try_sleep=5, logoutput=True)
hive_sharelib_dir = __parse_sharelib_from_output(out)
http://git-wip-us.apache.org/repos/asf/ambari/blob/9acb7a64/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/package/scripts/oozie.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/package/scripts/oozie.py b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/package/scripts/oozie.py
index def0545..d916d3b 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/package/scripts/oozie.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.2.0.3.0/package/scripts/oozie.py
@@ -38,7 +38,7 @@ from resource_management.libraries.resources.xml_config import XmlConfig
from resource_management.libraries.script.script import Script
from resource_management.libraries.functions.security_commons import update_credential_provider_path
from resource_management.core.resources.packaging import Package
-from resource_management.core.shell import as_user, as_sudo, call
+from resource_management.core.shell import as_user, as_sudo, call, checked_call
from resource_management.core.exceptions import Fail
from resource_management.libraries.functions.setup_atlas_hook import has_atlas_in_cluster, setup_atlas_hook
@@ -409,12 +409,7 @@ def copy_atlas_hive_hook_to_dfs_share_lib(upgrade_type=None, upgrade_direction=N
# This can return over 100 files, so take the first 5 lines after "Available ShareLib"
# Use -oozie http(s):localhost:{oozie_server_admin_port}/oozie as oozie-env does not export OOZIE_URL
command = format(r'source {conf_dir}/oozie-env.sh ; oozie admin -oozie {oozie_base_url} -shareliblist hive | grep "\[Available ShareLib\]" -A 5')
- Execute(command,
- user=params.oozie_user,
- tries=10,
- try_sleep=5,
- logoutput=True,
- )
+ code, out = checked_call(command, user=params.oozie_user, tries=10, try_sleep=5, logoutput=True)
hive_sharelib_dir = __parse_sharelib_from_output(out)
[11/17] ambari git commit: AMBARI-20938. LDAPS connections to an
Active Directory when enabling Kerberos should validate the server's SSL
certificate (rlevas)
Posted by jo...@apache.org.
AMBARI-20938. LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c3c06ea9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c3c06ea9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c3c06ea9
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: c3c06ea9889e0a462d67e8a765b41d0a4aead9b2
Parents: 9acb7a6
Author: Robert Levas <rl...@hortonworks.com>
Authored: Fri Jun 2 15:43:43 2017 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Fri Jun 2 15:43:43 2017 -0400
----------------------------------------------------------------------
ambari-server/conf/unix/ambari.properties | 4 +
ambari-server/docs/configuration/index.md | 5 +-
.../server/configuration/Configuration.java | 20 +++-
.../server/controller/KerberosHelperImpl.java | 6 +
.../security/InternalSSLSocketFactory.java | 112 +++++++++++++++++++
.../InternalSSLSocketFactoryNonTrusting.java | 49 ++++++++
.../InternalSSLSocketFactoryTrusting.java | 48 ++++++++
.../kerberos/ADKerberosOperationHandler.java | 34 ++++--
.../KerberosKDCSSLConnectionException.java | 45 ++++++++
.../kerberos/TrustingSSLSocketFactory.java | 101 -----------------
.../ADKerberosOperationHandlerTest.java | 96 +++++++++++++++-
11 files changed, 403 insertions(+), 117 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/conf/unix/ambari.properties
----------------------------------------------------------------------
diff --git a/ambari-server/conf/unix/ambari.properties b/ambari-server/conf/unix/ambari.properties
index b8b645d..212591f 100644
--- a/ambari-server/conf/unix/ambari.properties
+++ b/ambari-server/conf/unix/ambari.properties
@@ -80,6 +80,10 @@ server.execution.scheduler.misfire.toleration.minutes=480
# Kerberos settings
kerberos.keytab.cache.dir = $ROOT/var/lib/ambari-server/data/cache
+# Validate trust when communicating with the KDC (via SSL) when performing Kerberos-related
+# operations, if applicable
+kerberos.operation.verify.kdc.trust = true
+
# Default timeout in seconds before task is killed
agent.task.timeout=900
# Default timeout in seconds before package installation task is killed
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/docs/configuration/index.md
----------------------------------------------------------------------
diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md
index ff9ce54..2394264 100644
--- a/ambari-server/docs/configuration/index.md
+++ b/ambari-server/docs/configuration/index.md
@@ -148,8 +148,9 @@ The following are the properties which can be used to configure Ambari.
| kdcserver.connection.check.timeout | The timeout, in milliseconds, to wait when communicating with a Kerberos Key Distribution Center. |`10000` |
| kerberos.check.jaas.configuration | Determines whether Kerberos-enabled Ambari deployments should use JAAS to validate login credentials. |`false` |
| kerberos.keytab.cache.dir | The location on the Ambari Server where Kerberos keytabs are cached. |`/var/lib/ambari-server/data/cache` |
-| kerberos.operation.retries | The number of times failed kerberos operations should be retried to execute. |`3` |
-| kerberos.operation.retry.timeout | The time to wait (in seconds) between failed kerberos operations retries. |`10` |
+| kerberos.operation.retries | The number of times failed Kerberos operations should be retried to execute. |`3` |
+| kerberos.operation.retry.timeout | The time to wait (in seconds) between failed Kerberos operations retries. |`10` |
+| kerberos.operation.verify.kdc.trust | Validate the trust of the SSL certificate provided by the KDC when performing Kerberos operations over SSL. |`true` |
| ldap.sync.username.collision.behavior | Determines how to handle username collision while updating from LDAP.<br/><br/>The following are examples of valid values:<ul><li>`skip`<li>`convert`</ul> |`convert` |
| log4j.monitor.delay | Indicates the delay, in milliseconds, for the log4j monitor to check for changes |`300000` |
| logsearch.metadata.cache.expire.timeout | The time, in hours, that the Ambari Server will hold Log File metadata in its internal cache before making a request to the LogSearch Portal to get the latest metadata. |`24` |
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index d3b8cc5..965b57b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -1451,13 +1451,25 @@ public class Configuration {
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= */
- @Markdown(description = "The number of times failed kerberos operations should be retried to execute.")
+ @Markdown(description = "The number of times failed Kerberos operations should be retried to execute.")
public static final ConfigurationProperty<Integer> KERBEROS_OPERATION_RETRIES = new ConfigurationProperty<>(
"kerberos.operation.retries", 3);
- @Markdown(description = "The time to wait (in seconds) between failed kerberos operations retries.")
+ @Markdown(description = "The time to wait (in seconds) between failed Kerberos operations retries.")
public static final ConfigurationProperty<Integer> KERBEROS_OPERATION_RETRY_TIMEOUT = new ConfigurationProperty<>(
"kerberos.operation.retry.timeout", 10);
+
+ /**
+ * A flag indicating whether to validate the trust of an SSL certificate provided by a KDC when
+ * performing Kerberos operations.
+ *
+ * For example, when communicating with an Active Directory using
+ * LDAPS. The default behavior is to validate the trust.
+ */
+ @Markdown(description = "Validate the trust of the SSL certificate provided by the KDC when performing Kerberos operations over SSL.")
+ public static final ConfigurationProperty<Boolean> KERBEROS_OPERATION_VERIFY_KDC_TRUST = new ConfigurationProperty<>(
+ "kerberos.operation.verify.kdc.trust", Boolean.TRUE);
+
/**
* The type of connection pool to use with JDBC connections to the database.
*/
@@ -6080,6 +6092,10 @@ public class Configuration {
return Integer.valueOf(getProperty(KERBEROS_OPERATION_RETRY_TIMEOUT));
}
+ public boolean validateKerberosOperationSSLCertTrust() {
+ return Boolean.parseBoolean(getProperty(KERBEROS_OPERATION_VERIFY_KDC_TRUST));
+ }
+
/**
* Return configured acceptors for agent api connector. Default = null
*/
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
index 10df7a2..7b6ac7e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelperImpl.java
@@ -75,6 +75,7 @@ import org.apache.ambari.server.serveraction.kerberos.KerberosIdentityDataFileWr
import org.apache.ambari.server.serveraction.kerberos.KerberosIdentityDataFileWriterFactory;
import org.apache.ambari.server.serveraction.kerberos.KerberosInvalidConfigurationException;
import org.apache.ambari.server.serveraction.kerberos.KerberosKDCConnectionException;
+import org.apache.ambari.server.serveraction.kerberos.KerberosKDCSSLConnectionException;
import org.apache.ambari.server.serveraction.kerberos.KerberosLDAPContainerException;
import org.apache.ambari.server.serveraction.kerberos.KerberosMissingAdminCredentialsException;
import org.apache.ambari.server.serveraction.kerberos.KerberosOperationException;
@@ -1579,6 +1580,11 @@ public class KerberosHelperImpl implements KerberosHelper {
"Failed to connect to KDC - " + e.getMessage() + "\n" +
"Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.",
e);
+ } catch (KerberosKDCSSLConnectionException e) {
+ throw new KerberosInvalidConfigurationException(
+ "Failed to connect to KDC - " + e.getMessage() + "\n" +
+ "Make sure the server's SSL certificate or CA certificates have been imported into Ambari's truststore.",
+ e);
} catch (KerberosRealmException e) {
throw new KerberosInvalidConfigurationException(
"Failed to find a KDC for the specified realm - " + e.getMessage() + "\n" +
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
new file mode 100644
index 0000000..9ecf5d1
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactory.java
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.security;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * InternalSSLSocketFactory is an abstract class implementing a SSLSocketFactory.
+ * <p>
+ * Implementers of this class need to specific the SSLContext protocol and whether the server's SSL
+ * certificates should be trusted or validated.
+ */
+public class InternalSSLSocketFactory extends SSLSocketFactory {
+ private SSLSocketFactory socketFactory;
+
+ InternalSSLSocketFactory(String protocol, boolean trusting) {
+ try {
+ SSLContext ctx = SSLContext.getInstance(protocol);
+
+ // If trusting, install our own TrustManager to accept certificates without validating the
+ // trust chain; else, use the default TrustManager, which validates the certificate's trust chain.
+ TrustManager[] trustManagers = (trusting)
+ ? new TrustManager[]{new LenientTrustManager()}
+ : null;
+
+ ctx.init(null, trustManagers, new SecureRandom());
+ socketFactory = ctx.getSocketFactory();
+ } catch (Exception ex) {
+ ex.printStackTrace(System.err); /* handle exception */
+ }
+ }
+
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return socketFactory.getDefaultCipherSuites();
+ }
+
+ @Override
+ public String[] getSupportedCipherSuites() {
+ return socketFactory.getSupportedCipherSuites();
+ }
+
+ @Override
+ public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException {
+ return socketFactory.createSocket(socket, string, i, bln);
+ }
+
+ @Override
+ public Socket createSocket(String string, int i) throws IOException {
+ return socketFactory.createSocket(string, i);
+ }
+
+ @Override
+ public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException {
+ return socketFactory.createSocket(string, i, ia, i1);
+ }
+
+ @Override
+ public Socket createSocket(InetAddress ia, int i) throws IOException {
+ return socketFactory.createSocket(ia, i);
+ }
+
+ @Override
+ public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException {
+ return socketFactory.createSocket(ia, i, ia1, i1);
+ }
+
+
+ /**
+ * LenientTrustManager is a TrustManager that accepts all certificates without validating the
+ * chain of trust.
+ */
+ public static class LenientTrustManager implements X509TrustManager {
+ public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
+ // do nothing
+ }
+
+ public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
+ // do nothing
+ }
+
+ public X509Certificate[] getAcceptedIssuers() {
+ return new X509Certificate[0];
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryNonTrusting.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryNonTrusting.java b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryNonTrusting.java
new file mode 100644
index 0000000..84eada8
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryNonTrusting.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.security;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * InternalSSLSocketFactoryNonTrusting is a non-trusting {@link SSLSocketFactory} implementation
+ * using the TLSv1.2 protocol.
+ * <p>
+ * This SSL socket factory should allow for at least the following SSL protocols:
+ * <ul>
+ * <li>TLSv1.2</li>
+ * <li>TLSv1.1</li>
+ * <li>TLSv1</li>
+ * </ul>
+ * <p>
+ * However, the actual set of enabled SSL protocols is dependent on the underlying JVM.
+ * <p>
+ * This SSL socket factory creates non-trusting connections, meaning that the server's SSL certificate
+ * will be validated using the JVM-specific internal {@link javax.net.ssl.TrustManager}
+ */
+public class InternalSSLSocketFactoryNonTrusting extends InternalSSLSocketFactory {
+
+ public InternalSSLSocketFactoryNonTrusting() {
+ super("TLSv1.2", false);
+ }
+
+ public static SocketFactory getDefault() {
+ return new InternalSSLSocketFactoryNonTrusting();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryTrusting.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryTrusting.java b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryTrusting.java
new file mode 100644
index 0000000..4bb3604
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/InternalSSLSocketFactoryTrusting.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.security;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * InternalSSLSocketFactoryTrusting is a trusting {@link SSLSocketFactory} implementation
+ * using the TLSv1.2 protocol.
+ * <p>
+ * This SSL socket factory should allow for at least the following SSL protocols:
+ * <ul>
+ * <li>TLSv1.2</li>
+ * <li>TLSv1.1</li>
+ * <li>TLSv1</li>
+ * </ul>
+ * <p>
+ * However, the actual set of enabled SSL protocols is dependent on the underlying JVM.
+ * <p>
+ * This SSL socket factory creates trusting connections, meaning that the server's SSL certificate
+ * will not be tested to see if it is trusted.
+ */
+public class InternalSSLSocketFactoryTrusting extends InternalSSLSocketFactory {
+ public InternalSSLSocketFactoryTrusting() {
+ super("TLSv1.2", true);
+ }
+
+ public static SocketFactory getDefault() {
+ return new InternalSSLSocketFactoryTrusting();
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
index b2dbd5e..8903fa1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
@@ -46,7 +46,11 @@ import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
+import javax.net.ssl.SSLHandshakeException;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.InternalSSLSocketFactoryNonTrusting;
+import org.apache.ambari.server.security.InternalSSLSocketFactoryTrusting;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
@@ -60,6 +64,7 @@ import org.apache.velocity.exception.ResourceNotFoundException;
import com.google.common.reflect.TypeToken;
import com.google.gson.Gson;
+import com.google.inject.Inject;
/**
* Implementation of <code>KerberosOperationHandler</code> to created principal in Active Directory
@@ -107,7 +112,11 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler {
* The Gson instance to use to convert the template-generated JSON structure to a Map of attribute
* names to values.
*/
- private Gson gson = new Gson();
+ @Inject
+ private Gson gson;
+
+ @Inject
+ private Configuration configuration;
/**
* Prepares and creates resources to be used by this KerberosOperationHandler
@@ -175,8 +184,6 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler {
this.createTemplate = kerberosConfiguration.get(KERBEROS_ENV_AD_CREATE_ATTRIBUTES_TEMPLATE);
- this.gson = new Gson();
-
setOpen(true);
}
@@ -189,8 +196,6 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler {
public void close() throws KerberosOperationException {
this.searchControls = null;
- this.gson = null;
-
if (this.ldapContext != null) {
try {
this.ldapContext.close();
@@ -447,14 +452,29 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler {
properties.put(Context.SECURITY_CREDENTIALS, String.valueOf(administratorCredential.getKey()));
properties.put(Context.SECURITY_AUTHENTICATION, "simple");
properties.put(Context.REFERRAL, "follow");
- properties.put("java.naming.ldap.factory.socket", TrustingSSLSocketFactory.class.getName());
+
+ if (ldapUrl.startsWith("ldaps")) {
+ if (configuration.validateKerberosOperationSSLCertTrust()) {
+ properties.put("java.naming.ldap.factory.socket", InternalSSLSocketFactoryNonTrusting.class.getName());
+ } else {
+ properties.put("java.naming.ldap.factory.socket", InternalSSLSocketFactoryTrusting.class.getName());
+ }
+ }
try {
return createInitialLdapContext(properties, null);
} catch (CommunicationException e) {
+ Throwable rootCause = e.getRootCause();
+
String message = String.format("Failed to communicate with the Active Directory at %s: %s", ldapUrl, e.getMessage());
LOG.warn(message, e);
- throw new KerberosKDCConnectionException(message, e);
+
+ if(rootCause instanceof SSLHandshakeException) {
+ throw new KerberosKDCSSLConnectionException(message, e);
+ }
+ else {
+ throw new KerberosKDCConnectionException(message, e);
+ }
} catch (AuthenticationException e) {
String message = String.format("Failed to authenticate with the Active Directory at %s: %s", ldapUrl, e.getMessage());
LOG.warn(message, e);
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCSSLConnectionException.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCSSLConnectionException.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCSSLConnectionException.java
new file mode 100644
index 0000000..1e588c5
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCSSLConnectionException.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+/**
+ * KerberosKDCSSLConnectionException is a KerberosOperationException thrown in the event a connection
+ * to the KDC was not able to be made due to an SSL issue.
+ */
+public class KerberosKDCSSLConnectionException extends KerberosOperationException {
+
+ /**
+ * Creates a new KerberosKDCSSLConnectionException with a message
+ *
+ * @param message a String containing the message indicating the reason for this exception
+ */
+ public KerberosKDCSSLConnectionException(String message) {
+ super(message);
+ }
+
+ /**
+ * Creates a new KerberosKDCSSLConnectionException with a message and a cause
+ *
+ * @param message a String containing the message indicating the reason for this exception
+ * @param cause a Throwable declaring the previously thrown Throwable that led to this exception
+ */
+ public KerberosKDCSSLConnectionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java
deleted file mode 100644
index 52b3703..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.serveraction.kerberos;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import java.security.SecureRandom;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import javax.net.SocketFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-
-public class TrustingSSLSocketFactory extends SSLSocketFactory {
- private SSLSocketFactory socketFactory;
-
- public TrustingSSLSocketFactory() {
- try {
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(null, new TrustManager[]{new LenientTrustManager()}, new SecureRandom());
- socketFactory = ctx.getSocketFactory();
- } catch (Exception ex) {
- ex.printStackTrace(System.err); /* handle exception */
- }
- }
-
- public static SocketFactory getDefault() {
- return new TrustingSSLSocketFactory();
- }
-
- @Override
- public String[] getDefaultCipherSuites() {
- return socketFactory.getDefaultCipherSuites();
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- return socketFactory.getSupportedCipherSuites();
- }
-
- @Override
- public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException {
- return socketFactory.createSocket(socket, string, i, bln);
- }
-
- @Override
- public Socket createSocket(String string, int i) throws IOException, UnknownHostException {
- return socketFactory.createSocket(string, i);
- }
-
- @Override
- public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException, UnknownHostException {
- return socketFactory.createSocket(string, i, ia, i1);
- }
-
- @Override
- public Socket createSocket(InetAddress ia, int i) throws IOException {
- return socketFactory.createSocket(ia, i);
- }
-
- @Override
- public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException {
- return socketFactory.createSocket(ia, i, ia1, i1);
- }
-
-
- public static class LenientTrustManager implements X509TrustManager {
- public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
- // do nothing
- }
-
- public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
- // do nothing
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return new java.security.cert.X509Certificate[0];
- }
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/c3c06ea9/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
index 603f744..49f8d56 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
@@ -41,13 +41,22 @@ import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
+import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.InternalSSLSocketFactoryNonTrusting;
+import org.apache.ambari.server.security.InternalSSLSocketFactoryTrusting;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
+import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.stack.OsFamily;
import org.easymock.Capture;
import org.easymock.CaptureType;
import org.easymock.IAnswer;
import org.junit.Ignore;
import org.junit.Test;
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+
import junit.framework.Assert;
public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest {
@@ -112,6 +121,8 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
@Test(expected = KerberosAdminAuthenticationException.class)
public void testTestAdministratorCredentialsIncorrectAdminPassword() throws Exception {
+ Injector injector = getInjector();
+
PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, "wrong");
Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
{
@@ -123,6 +134,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
ADKerberosOperationHandler handler = createMockBuilder(ADKerberosOperationHandler.class)
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.createNiceMock();
+ injector.injectMembers(handler);
expect(handler.createInitialLdapContext(anyObject(Properties.class), anyObject(Control[].class))).andAnswer(new IAnswer<LdapContext>() {
@Override
@@ -140,6 +152,8 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
@Test(expected = KerberosAdminAuthenticationException.class)
public void testTestAdministratorCredentialsIncorrectAdminPrincipal() throws Exception {
+ Injector injector = getInjector();
+
PrincipalKeyCredential kc = new PrincipalKeyCredential("wrong", DEFAULT_ADMIN_PASSWORD);
Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
{
@@ -151,6 +165,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
ADKerberosOperationHandler handler = createMockBuilder(ADKerberosOperationHandler.class)
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.createNiceMock();
+ injector.injectMembers(handler);
expect(handler.createInitialLdapContext(anyObject(Properties.class), anyObject(Control[].class))).andAnswer(new IAnswer<LdapContext>() {
@Override
@@ -197,6 +212,8 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
@Test
public void testTestAdministratorCredentialsSuccess() throws Exception {
+ Injector injector = getInjector();
+
PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
{
@@ -209,6 +226,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
.createNiceMock();
+ injector.injectMembers(handler);
expect(handler.createInitialLdapContext(anyObject(Properties.class), anyObject(Control[].class)))
.andAnswer(new IAnswer<LdapContext>() {
@@ -250,6 +268,8 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
@Test
public void testProcessCreateTemplateDefault() throws Exception {
+ Injector injector = getInjector();
+
PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
{
@@ -265,6 +285,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
.createNiceMock();
+ injector.injectMembers(handler);
@SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> searchResult = createNiceMock(NamingEnumeration.class);
@@ -360,6 +381,8 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
@Test
public void testProcessCreateTemplateCustom() throws Exception {
+ Injector injector = getInjector();
+
PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
{
@@ -394,6 +417,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
.createNiceMock();
+ injector.injectMembers(handler);
@SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> searchResult = createNiceMock(NamingEnumeration.class);
@@ -464,16 +488,18 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
@Test
public void testDigests() throws Exception {
+ Injector injector = getInjector();
+
PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
Map<String, String> kerberosEnvMap = new HashMap<>();
kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, DEFAULT_PRINCIPAL_CONTAINER_DN);
kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_AD_CREATE_ATTRIBUTES_TEMPLATE, "" +
- "{" +
- "\"principal_digest\": \"$principal_digest\"," +
- "\"principal_digest_256\": \"$principal_digest_256\"," +
- "\"principal_digest_512\": \"$principal_digest_512\"" +
- "}"
+ "{" +
+ "\"principal_digest\": \"$principal_digest\"," +
+ "\"principal_digest_256\": \"$principal_digest_256\"," +
+ "\"principal_digest_512\": \"$principal_digest_512\"" +
+ "}"
);
Capture<Attributes> capturedAttributes = newCapture();
@@ -482,6 +508,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
.createNiceMock();
+ injector.injectMembers(handler);
@SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> searchResult = createNiceMock(NamingEnumeration.class);
@@ -628,4 +655,63 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
handler.close();
}
+
+ @Test
+ public void testCreateLdapContextSSLSocketFactoryTrusting() throws Exception {
+ testCreateLdapContextSSLSocketFactory(true);
+ }
+
+ @Test
+ public void testCreateLdapContextSSLSocketFactoryNonTrusting() throws Exception {
+ testCreateLdapContextSSLSocketFactory(false);
+ }
+
+ private void testCreateLdapContextSSLSocketFactory(boolean trusting) throws Exception {
+ Injector injector = getInjector();
+
+ Configuration configuration = injector.getInstance(Configuration.class);
+ expect(configuration.validateKerberosOperationSSLCertTrust()).andReturn(!trusting).once();
+
+ LdapContext initialContext = createNiceMock(LdapContext.class);
+
+ Capture<? extends Properties> capturedProperties = newCapture(CaptureType.FIRST);
+
+ ADKerberosOperationHandler handler = createMockBuilder(ADKerberosOperationHandler.class)
+ .addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
+ .createNiceMock();
+ injector.injectMembers(handler);
+
+ expect(handler.createInitialLdapContext(capture(capturedProperties), anyObject(Control[].class)))
+ .andReturn(initialContext)
+ .once();
+
+ replayAll();
+
+ Map<String, String> kerberosConfiguration = new HashMap<String, String>();
+ kerberosConfiguration.put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
+ kerberosConfiguration.put(ADKerberosOperationHandler.KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, DEFAULT_PRINCIPAL_CONTAINER_DN);
+
+ handler.open(new PrincipalKeyCredential("principal", "key"), "EXAMPLE.COM", kerberosConfiguration);
+
+ Properties properties = capturedProperties.getValue();
+ Assert.assertNotNull(properties);
+
+ String socketFactoryClassName = properties.getProperty("java.naming.ldap.factory.socket");
+ if (trusting) {
+ Assert.assertEquals(InternalSSLSocketFactoryTrusting.class.getName(), socketFactoryClassName);
+ } else {
+ Assert.assertEquals(InternalSSLSocketFactoryNonTrusting.class.getName(), socketFactoryClassName);
+ }
+ }
+
+ private Injector getInjector() {
+ return Guice.createInjector(new AbstractModule() {
+ @Override
+ protected void configure() {
+ bind(Clusters.class).toInstance(createNiceMock(Clusters.class));
+ bind(Configuration.class).toInstance(createNiceMock(Configuration.class));
+ bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ }
+ });
+ }
}
\ No newline at end of file
[12/17] ambari git commit: AMBARI-21142. Log more info about
heartbeat message/response when server - agent communication gets out of
sync. (stoader)
Posted by jo...@apache.org.
AMBARI-21142. Log more info about heartbeat message/response when server - agent communication gets out of sync. (stoader)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b7101f78
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b7101f78
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b7101f78
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: b7101f782be9a1291de589262f01083c70dfc935
Parents: c3c06ea
Author: Toader, Sebastian <st...@hortonworks.com>
Authored: Fri Jun 2 23:09:56 2017 +0200
Committer: Toader, Sebastian <st...@hortonworks.com>
Committed: Fri Jun 2 23:12:46 2017 +0200
----------------------------------------------------------------------
.../src/main/python/ambari_agent/Controller.py | 6 +++++-
.../ambari/server/agent/HeartBeatHandler.java | 18 ++++++++++++++----
2 files changed, 19 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/b7101f78/ambari-agent/src/main/python/ambari_agent/Controller.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/Controller.py b/ambari-agent/src/main/python/ambari_agent/Controller.py
index 0297f74..bc923c3 100644
--- a/ambari-agent/src/main/python/ambari_agent/Controller.py
+++ b/ambari-agent/src/main/python/ambari_agent/Controller.py
@@ -321,6 +321,7 @@ class Controller(threading.Thread):
logger.log(logging_level, "Sending Heartbeat (id = %s)", self.responseId)
response = self.sendRequest(self.heartbeatUrl, data)
+
exitStatus = 0
if 'exitstatus' in response.keys():
exitStatus = int(response['exitstatus'])
@@ -366,7 +367,9 @@ class Controller(threading.Thread):
self.restartAgent()
if serverId != self.responseId + 1:
- logger.error("Error in responseId sequence - restarting")
+ logger.error("Error in responseId sequence - received responseId={0} from server while expecting {1} - restarting..."
+ .format(serverId, self.responseId + 1))
+
self.restartAgent()
else:
self.responseId = serverId
@@ -465,6 +468,7 @@ class Controller(threading.Thread):
#randomize the heartbeat
delay = randint(0, self.max_reconnect_retry_delay)
+ logger.info("Waiting {0} seconds before reconnecting to {1}".format(delay, self.heartbeatUrl))
time.sleep(delay)
# Sleep for some time
http://git-wip-us.apache.org/repos/asf/ambari/blob/b7101f78/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
index d800bc5..fc6e7a7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java
@@ -161,10 +161,20 @@ public class HeartBeatHandler {
+ ", receivedResponseId=" + heartbeat.getResponseId());
if (heartbeat.getResponseId() == currentResponseId - 1) {
- LOG.warn("Old responseId received - response was lost - returning cached response");
- return hostResponses.get(hostname);
+ HeartBeatResponse heartBeatResponse = hostResponses.get(hostname);
+
+ LOG.warn("Old responseId={} received form host {} - response was lost - returning cached response with responseId={}",
+ heartbeat.getResponseId(),
+ hostname,
+ heartBeatResponse.getResponseId());
+
+ return heartBeatResponse;
} else if (heartbeat.getResponseId() != currentResponseId) {
- LOG.error("Error in responseId sequence - sending agent restart command");
+ LOG.error("Error in responseId sequence - received responseId={} from host {} - sending agent restart command with responseId={}",
+ heartbeat.getResponseId(),
+ hostname,
+ currentResponseId);
+
return createRestartCommand(currentResponseId);
}
@@ -186,7 +196,7 @@ public class HeartBeatHandler {
if (hostObject.getState().equals(HostState.HEARTBEAT_LOST)) {
// After loosing heartbeat agent should reregister
- LOG.warn("Host is in HEARTBEAT_LOST state - sending register command");
+ LOG.warn("Host {} is in HEARTBEAT_LOST state - sending register command", hostname);
return createRegisterCommand();
}
[13/17] ambari git commit: AMBARI-21096. Provide additional logging
for config audit log (alejandro)
Posted by jo...@apache.org.
AMBARI-21096. Provide additional logging for config audit log (alejandro)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/57f4461b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/57f4461b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/57f4461b
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 57f4461bd002d998796168a00e51113927262ab8
Parents: b7101f7
Author: Alejandro Fernandez <af...@hortonworks.com>
Authored: Fri Jun 2 14:53:54 2017 -0700
Committer: Alejandro Fernandez <af...@hortonworks.com>
Committed: Fri Jun 2 14:53:54 2017 -0700
----------------------------------------------------------------------
.../AmbariManagementControllerImpl.java | 126 ++++++++++++++++++-
.../internal/ConfigGroupResourceProvider.java | 41 ++++--
.../internal/HostResourceProvider.java | 2 +-
.../server/state/cluster/ClusterImpl.java | 13 +-
4 files changed, 155 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/57f4461b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
index 881ef1a..186a19e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
@@ -57,6 +57,7 @@ import java.util.EnumMap;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
@@ -223,6 +224,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
private final static Logger LOG =
LoggerFactory.getLogger(AmbariManagementControllerImpl.class);
+ private final static Logger configChangeLog = LoggerFactory.getLogger("configchange");
/**
* Property name of request context.
@@ -1520,6 +1522,100 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
return response;
}
+ /**
+ * Get a dictionary of all config differences between existingConfig and newConfigValues where the key is the config name and the action is one of "changed", "added", or "deleted".
+ * @param existingConfig
+ * @param newConfigValues
+ * @return Delta of configs
+ */
+ private Map<String, String> getConfigKeyDeltaToAction(Config existingConfig, Map<String, String> newConfigValues) {
+ Map<String, String> configsChanged = new HashMap<>();
+
+ if (null != existingConfig) {
+ Map<String, String> existingConfigValues = existingConfig.getProperties();
+
+ Iterator it = existingConfigValues.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry<String, String> pair = (Map.Entry) it.next();
+ // Check the value if both keys exist
+ if (newConfigValues.containsKey(pair.getKey())) {
+ if (!newConfigValues.get((String) pair.getKey()).equals(pair.getValue())) {
+ configsChanged.put(pair.getKey(), "changed");
+ }
+ } else {
+ // Deleted
+ configsChanged.put(pair.getKey(), "deleted");
+ }
+ }
+
+ it = newConfigValues.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry<String, String> pair = (Map.Entry) it.next();
+ if (!existingConfigValues.keySet().contains(pair.getKey())) {
+ configsChanged.put(pair.getKey(), "added");
+ }
+ }
+ } else {
+ // All of the configs in this config type are new.
+ for (String key : newConfigValues.keySet()) {
+ configsChanged.put(key, "added");
+ }
+ }
+ return configsChanged;
+ }
+
+ /**
+ * Inverse a HashMap of the form key_i: value_j to value_j: [key_a, ..., key_z]
+ * for all keys that contain that value.
+ * This is useful for printing config deltas.
+ * @param configKeyToAction Original dictionary
+ * @return Inverse of the dictionary.
+ */
+ private Map<String, List<String>> inverseMapByValue(Map<String, String> configKeyToAction) {
+ Map<String, List<String>> mapByValue = new HashMap<>();
+
+ Iterator it = configKeyToAction.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry<String, String> pair = (Map.Entry) it.next();
+ // Key is the config name, Value is the action (added, deleted, changed)
+ if (mapByValue.containsKey(pair.getValue())) {
+ mapByValue.get(pair.getValue()).add(pair.getKey());
+ } else {
+ List<String> configListForAction = new ArrayList<>();
+ configListForAction.add(pair.getKey());
+ mapByValue.put(pair.getValue(), configListForAction);
+ }
+ }
+ return mapByValue;
+ }
+
+ /**
+ * Get a string that represents config keys that are changed, added, or deleted.
+ * @param actionToConfigKeyList Dictionary from the action to a list of configs in that category.
+ * @return String that represents config keys that are changed, added, or deleted.
+ */
+ private String getActionToConfigListAsString(Map<String, List<String>> actionToConfigKeyList) {
+ String output = "";
+
+ String[] actions = {"added", "deleted", "changed"};
+ int i = 0;
+ for (String action : actions) {
+ i++;
+ output += action + ": [";
+ if (actionToConfigKeyList.containsKey(action)) {
+ List<String> values = actionToConfigKeyList.get(action);
+ output += StringUtils.join(values, ", ");
+
+ }
+ if (i < actions.length) {
+ output += "], ";
+ } else {
+ output += "]";
+ }
+ }
+ return output;
+ }
+
private synchronized RequestStatusResponse updateCluster(ClusterRequest request, Map<String, String> requestProperties)
throws AmbariException, AuthorizationException {
@@ -1681,15 +1777,33 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
configs.add(cluster.getConfig(configType, cr.getVersionTag()));
}
if (!configs.isEmpty()) {
+ Map<String, Config> existingConfigTypeToConfig = new HashMap();
+ for (Config config : configs) {
+ Config existingConfig = cluster.getDesiredConfigByType(config.getType());
+ existingConfigTypeToConfig.put(config.getType(), existingConfig);
+ }
+
String authName = getAuthName();
serviceConfigVersionResponse = cluster.addDesiredConfig(authName, configs, note);
if (serviceConfigVersionResponse != null) {
- Logger logger = LoggerFactory.getLogger("configchange");
+ List<String> hosts = serviceConfigVersionResponse.getHosts();
+ int numAffectedHosts = null != hosts ? hosts.size() : 0;
+ configChangeLog.info("(configchange) Changing default config. cluster: '{}', changed by: '{}', service_name: '{}', config_group: '{}', num affected hosts during creation: '{}', note: '{}'",
+ request.getClusterName(), authName, serviceConfigVersionResponse.getServiceName(),
+ serviceConfigVersionResponse.getGroupName(), numAffectedHosts, serviceConfigVersionResponse.getNote());
+
for (Config config : configs) {
- logger.info("cluster '" + request.getClusterName() + "' "
- + "changed by: '" + authName + "'; "
- + "type='" + config.getType() + "' "
- + "tag='" + config.getTag() + "'");
+ config.getVersion();
+ serviceConfigVersionResponse.getNote();
+ configChangeLog.info("(configchange) type: '{}', tag: '{}', version: '{}'", config.getType(), config.getTag(), config.getVersion());
+
+ Map<String, String> configKeyToAction = getConfigKeyDeltaToAction(existingConfigTypeToConfig.get(config.getType()), config.getProperties());
+ Map<String, List<String>> actionToListConfigKeys = inverseMapByValue(configKeyToAction);
+
+ if (!actionToListConfigKeys.isEmpty()) {
+ String configOutput = getActionToConfigListAsString(actionToListConfigKeys);
+ configChangeLog.info("(configchange) Config type '{}' was modified with the following keys, {}", config.getType(), configOutput);
+ }
}
}
}
@@ -1739,7 +1853,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle
if (!isStateTransitionValid) {
LOG.warn(
- "Invalid cluster provisioning 2state {} cannot be set on the cluster {} because the current state is {}",
+ "Invalid cluster provisioning state {} cannot be set on the cluster {} because the current state is {}",
provisioningState, request.getClusterName(), oldProvisioningState);
throw new AmbariException("Invalid transition for"
http://git-wip-us.apache.org/repos/asf/ambari/blob/57f4461b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
index 1c103f0..d2b4a84 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ConfigGroupResourceProvider.java
@@ -19,6 +19,7 @@ package org.apache.ambari.server.controller.internal;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
@@ -452,11 +453,6 @@ public class ConfigGroupResourceProvider extends
"Attempted to delete a config group from a cluster which doesn't " +
"exist", e);
}
-
- configLogger.info("User {} is deleting configuration group {} for tag {} in cluster {}",
- getManagementController().getAuthName(), request.getGroupName(), request.getTag(),
- cluster.getClusterName());
-
ConfigGroup configGroup = cluster.getConfigGroups().get(request.getId());
if (configGroup == null) {
@@ -475,6 +471,9 @@ public class ConfigGroupResourceProvider extends
}
}
+ configLogger.info("(configchange) Deleting configuration group. cluster: '{}', changed by: '{}', config group: '{}', config group id: '{}'",
+ cluster.getClusterName(), getManagementController().getAuthName(), configGroup.getName(), request.getId());
+
cluster.deleteConfigGroup(request.getId());
}
@@ -573,9 +572,8 @@ public class ConfigGroupResourceProvider extends
}
}
- configLogger.info("User {} is creating new configuration group {} for tag {} in cluster {}",
- getManagementController().getAuthName(), request.getGroupName(), request.getTag(),
- cluster.getClusterName());
+ configLogger.info("(configchange) Creating new configuration group. cluster: '{}', changed by: '{}', config group: '{}', tag: '{}'",
+ cluster.getClusterName(), getManagementController().getAuthName(), request.getGroupName(), request.getTag());
verifyConfigs(request.getConfigs(), cluster.getClusterName());
@@ -635,12 +633,9 @@ public class ConfigGroupResourceProvider extends
+ ", groupId = " + request.getId());
}
- configLogger.info("User {} is updating configuration group {} for tag {} in cluster {}",
- getManagementController().getAuthName(), request.getGroupName(), request.getTag(),
- cluster.getClusterName());
-
String serviceName = configGroup.getServiceName();
String requestServiceName = cluster.getServiceForConfigTypes(request.getConfigs().keySet());
+
if (StringUtils.isEmpty(serviceName) && StringUtils.isEmpty(requestServiceName)) {
if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, cluster.getResourceId(),
RoleAuthorization.CLUSTER_MANAGE_CONFIG_GROUPS)) {
@@ -652,7 +647,8 @@ public class ConfigGroupResourceProvider extends
throw new AuthorizationException("The authenticated user is not authorized to update config groups");
}
}
- if (serviceName != null && requestServiceName !=null && !StringUtils.equals(serviceName, requestServiceName)) {
+
+ if (serviceName != null && requestServiceName != null && !StringUtils.equals(serviceName, requestServiceName)) {
throw new IllegalArgumentException("Config group " + configGroup.getId() +
" is mapped to service " + serviceName + ", " +
"but request contain configs from service " + requestServiceName);
@@ -661,6 +657,25 @@ public class ConfigGroupResourceProvider extends
serviceName = requestServiceName;
}
+ configLogger.info("(configchange) Updating configuration group host membership or config value. cluster: '{}', changed by: '{}', " +
+ "service_name: '{}', config group: '{}', tag: '{}', num hosts in config group: '{}', note: '{}'",
+ cluster.getClusterName(), getManagementController().getAuthName(),
+ serviceName, request.getGroupName(), request.getTag(), configGroup.getHosts().size(), request.getServiceConfigVersionNote());
+
+ if (!request.getConfigs().isEmpty()) {
+ List<String> affectedConfigTypeList = new ArrayList(request.getConfigs().keySet());
+ Collections.sort(affectedConfigTypeList);
+ String affectedConfigTypesString = "(" + StringUtils.join(affectedConfigTypeList, ", ") + ")";
+ configLogger.info("(configchange) Affected configs: {}", affectedConfigTypesString);
+
+ for (Config config : request.getConfigs().values()) {
+ List<String> sortedConfigKeys = new ArrayList(config.getProperties().keySet());
+ Collections.sort(sortedConfigKeys);
+ String sortedConfigKeysString = StringUtils.join(sortedConfigKeys, ", ");
+ configLogger.info("(configchange) Config type '{}' was modified with the following keys, {}", config.getType(), sortedConfigKeysString);
+ }
+ }
+
// Update hosts
Map<Long, Host> hosts = new HashMap<>();
if (request.getHosts() != null && !request.getHosts().isEmpty()) {
http://git-wip-us.apache.org/repos/asf/ambari/blob/57f4461b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java
index 65ebb11..a3216eb 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/HostResourceProvider.java
@@ -766,7 +766,7 @@ public class HostResourceProvider extends AbstractControllerResourceProvider {
if (host.addDesiredConfig(clusterId, cr.isSelected(), authName, baseConfig)) {
Logger logger = LoggerFactory.getLogger("configchange");
- logger.info("cluster '" + cluster.getClusterName() + "', "
+ logger.info("(configchange) cluster '" + cluster.getClusterName() + "', "
+ "host '" + host.getHostName() + "' "
+ "changed by: '" + authName + "'; "
+ "type='" + baseConfig.getType() + "' "
http://git-wip-us.apache.org/repos/asf/ambari/blob/57f4461b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
index 81b4647..8f33f1a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
@@ -1554,13 +1554,12 @@ public class ClusterImpl implements Cluster {
clusterGlobalLock.writeLock().unlock();
}
- configChangeLog.info("Cluster '{}' changed by: '{}'; service_name='{}' config_group='{}' config_group_id='{}' " +
- "version='{}'", getClusterName(), user, serviceName,
- configGroup == null ? ServiceConfigVersionResponse.DEFAULT_CONFIG_GROUP_NAME : configGroup.getName(),
- configGroup == null ? "-1" : configGroup.getId(),
- serviceConfigEntity.getVersion());
-
- String configGroupName = configGroup != null ? configGroup.getName() : ServiceConfigVersionResponse.DEFAULT_CONFIG_GROUP_NAME;
+ String configGroupName = configGroup == null ? ServiceConfigVersionResponse.DEFAULT_CONFIG_GROUP_NAME : configGroup.getName();
+ configChangeLog.info("(configchange) Creating config version. cluster: '{}', changed by: '{}', " +
+ "service_name: '{}', config_group: '{}', config_group_id: '{}', version: '{}', create_timestamp: '{}', note: '{}'",
+ getClusterName(), user, serviceName, configGroupName,
+ configGroup == null ? "null" : configGroup.getId(), serviceConfigEntity.getVersion(), serviceConfigEntity.getCreateTimestamp(),
+ serviceConfigEntity.getNote());
ServiceConfigVersionResponse response = new ServiceConfigVersionResponse(
serviceConfigEntity, configGroupName);
[02/17] ambari git commit: AMBARI-21120: Roles below Cluster
Administrator should not be allowed to edit repositories and install stack
versions (sangeetar)
Posted by jo...@apache.org.
AMBARI-21120: Roles below Cluster Administrator should not be allowed to edit repositories and install stack versions (sangeetar)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7a0eda7e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7a0eda7e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7a0eda7e
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 7a0eda7ec99882fd40bdd6b036e2301f6e0486da
Parents: 851c857
Author: Sangeeta Ravindran <sa...@apache.org>
Authored: Thu Jun 1 10:47:29 2017 -0700
Committer: Sangeeta Ravindran <sa...@apache.org>
Committed: Thu Jun 1 10:47:29 2017 -0700
----------------------------------------------------------------------
.../views/main/admin/stack_upgrade/upgrade_version_box_view.js | 4 ++--
.../main/admin/stack_upgrade/upgrade_version_box_view_test.js | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a0eda7e/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js b/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
index f102402..bb0cc81 100644
--- a/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
+++ b/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
@@ -61,7 +61,7 @@ App.UpgradeVersionBoxView = Em.View.extend({
}.property('App.upgradeState', 'content.displayName', 'controller.upgradeVersion'),
isRepoUrlsEditDisabled: function () {
- return ['INSTALLING', 'UPGRADING'].contains(this.get('content.status')) || this.get('isUpgrading') || (!App.isAuthorized('AMBARI.MANAGE_STACK_VERSIONS') && this.get('content.status') === 'CURRENT');
+ return ['INSTALLING', 'UPGRADING'].contains(this.get('content.status')) || this.get('isUpgrading') || (!App.isAuthorized('AMBARI.MANAGE_STACK_VERSIONS'));
}.property('content.status', 'isUpgrading'),
/**
@@ -231,7 +231,7 @@ App.UpgradeVersionBoxView = Em.View.extend({
element.set('isDisabled', this.get('controller.requestInProgress'));
}
//For restricted upgrade wizard should be disabled in any state
- if (this.get('controller.isWizardRestricted')) {
+ if (this.get('controller.isWizardRestricted') || (!App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK'))) {
element.set('isDisabled', true);
}
return element;
http://git-wip-us.apache.org/repos/asf/ambari/blob/7a0eda7e/ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js
----------------------------------------------------------------------
diff --git a/ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js b/ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js
index 153b66f..31aa796 100644
--- a/ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js
+++ b/ambari-web/test/views/main/admin/stack_upgrade/upgrade_version_box_view_test.js
@@ -465,7 +465,7 @@ describe('App.UpgradeVersionBoxView', function () {
status: 'INIT',
isButton: true,
buttons: [],
- isDisabled: false
+ isDisabled: true
},
title: 'INIT state, no admin access, no requests in progress'
},
@@ -962,7 +962,7 @@ describe('App.UpgradeVersionBoxView', function () {
isButton: true,
action: 'resumeUpgrade',
text: Em.I18n.t('admin.stackUpgrade.dialog.resume'),
- isDisabled: false
+ isDisabled: true
},
title: 'upgrade suspended'
},
[06/17] ambari git commit: AMBARI-20827 - Use
java.util.concurrent.ConcurrentHashMap instead of
org.jboss.netty.util.internal.ConcurrentHashMap (Akira Ajisaka via
jonathanhurley)
Posted by jo...@apache.org.
AMBARI-20827 - Use java.util.concurrent.ConcurrentHashMap instead of org.jboss.netty.util.internal.ConcurrentHashMap (Akira Ajisaka via jonathanhurley)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/71e384db
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/71e384db
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/71e384db
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 71e384dbbdecd66f75c48f0fae375d7bdac39b11
Parents: cb9196f
Author: Jonathan Hurley <jh...@hortonworks.com>
Authored: Fri Jun 2 10:28:20 2017 -0400
Committer: Jonathan Hurley <jh...@hortonworks.com>
Committed: Fri Jun 2 10:28:20 2017 -0400
----------------------------------------------------------------------
.../ambari/server/events/listeners/tasks/TaskStatusListener.java | 2 +-
.../ambari/server/state/svccomphost/ServiceComponentHostImpl.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/71e384db/ambari-server/src/main/java/org/apache/ambari/server/events/listeners/tasks/TaskStatusListener.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/events/listeners/tasks/TaskStatusListener.java b/ambari-server/src/main/java/org/apache/ambari/server/events/listeners/tasks/TaskStatusListener.java
index 61ccbc9..230b943 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/events/listeners/tasks/TaskStatusListener.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/events/listeners/tasks/TaskStatusListener.java
@@ -26,6 +26,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
import org.apache.ambari.server.EagerSingleton;
import org.apache.ambari.server.Role;
@@ -43,7 +44,6 @@ import org.apache.ambari.server.orm.entities.RequestEntity;
import org.apache.ambari.server.orm.entities.RoleSuccessCriteriaEntity;
import org.apache.ambari.server.orm.entities.StageEntity;
import org.apache.ambari.server.orm.entities.StageEntityPK;
-import org.jboss.netty.util.internal.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
http://git-wip-us.apache.org/repos/asf/ambari/blob/71e384db/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java
index af82bad..bb51733 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/svccomphost/ServiceComponentHostImpl.java
@@ -24,6 +24,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
@@ -79,7 +80,6 @@ import org.apache.ambari.server.state.fsm.SingleArcTransition;
import org.apache.ambari.server.state.fsm.StateMachine;
import org.apache.ambari.server.state.fsm.StateMachineFactory;
import org.apache.ambari.server.state.stack.upgrade.RepositoryVersionHelper;
-import org.jboss.netty.util.internal.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
[04/17] ambari git commit: AMBARI-21130 Delete view privileges from
the Users page (Anita Jebaraj via dili)
Posted by jo...@apache.org.
AMBARI-21130 Delete view privileges from the Users page (Anita Jebaraj via dili)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/49605dae
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/49605dae
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/49605dae
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 49605daef3f5404b6be59a051c268b56cb81b291
Parents: dfb5d39
Author: Di Li <di...@apache.org>
Authored: Thu Jun 1 16:14:27 2017 -0400
Committer: Di Li <di...@apache.org>
Committed: Thu Jun 1 16:14:27 2017 -0400
----------------------------------------------------------------------
.../app/scripts/controllers/users/UsersShowCtrl.js | 13 +++++++++++++
.../resources/ui/admin-web/app/views/users/show.html | 5 ++++-
2 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/49605dae/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
index 0706620..200872e 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
@@ -184,6 +184,18 @@ angular.module('ambariAdminConsole')
}
};
+ $scope.removePrivilege = function(name, privilege) {
+ var privilegeObject = {
+ id: privilege.privilege_id,
+ view_name: privilege.view_name,
+ version: privilege.version,
+ instance_name: name
+ };
+ View.deletePrivilege(privilegeObject).then(function() {
+ loadPrivileges();
+ });
+ };
+
$scope.deleteUser = function() {
ConfirmationModal.show(
$t('common.delete', {
@@ -257,6 +269,7 @@ angular.module('ambariAdminConsole')
privileges.views[privilege.instance_name] = privileges.views[privilege.instance_name] || { privileges:[]};
privileges.views[privilege.instance_name].version = privilege.version;
privileges.views[privilege.instance_name].view_name = privilege.view_name;
+ privileges.views[privilege.instance_name].privilege_id = privilege.privilege_id;
if (privileges.views[privilege.instance_name].privileges.indexOf(privilege.permission_label) == -1) {
privileges.views[privilege.instance_name].privileges.push(privilege.permission_label);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/49605dae/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
index 7abdf05..f965c5d 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
@@ -105,6 +105,9 @@
<td>
<span tooltip="{{item}}" ng-repeat="item in privilege.privileges track by $index">{{item | translate}}{{$last ? '' : ', '}}</span>
</td>
+ <td>
+ <i class="fa fa-trash-o" aria-hidden="true" ng-click="removePrivilege(name, privilege);"></i>
+ </td>
</tr>
<tr>
<td ng-show="noViewPriv">{{'common.alerts.noPrivileges' | translate: '{term: constants.view}'}}</td>
@@ -116,4 +119,4 @@
</div>
</div>
</form>
-</div>
\ No newline at end of file
+</div>