You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by jl...@apache.org on 2017/09/26 05:20:09 UTC
[18/50] [abbrv] ambari git commit: AMBARI-22027. Add UID/GID related
issue with external users not listed in /etc/passwd (echekanskiy)
AMBARI-22027. Add UID/GID related issue with external users not listed in /etc/passwd (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f1b53000
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f1b53000
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f1b53000
Branch: refs/heads/branch-feature-AMBARI-14714
Commit: f1b53000c65a97ac7784d51c9a648e7e135acaab
Parents: 2a06021
Author: Eugene Chekanskiy <ec...@apache.org>
Authored: Thu Sep 21 21:07:03 2017 +0300
Committer: Eugene Chekanskiy <ec...@apache.org>
Committed: Thu Sep 21 21:07:03 2017 +0300
----------------------------------------------------------------------
.../before-ANY/scripts/shared_initialization.py | 29 +++++--
.../2.0.6/hooks/before-ANY/test_before_any.py | 85 ++++----------------
2 files changed, 36 insertions(+), 78 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/f1b53000/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
index ee950e8..11593fe 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py
@@ -139,11 +139,19 @@ def set_uid(user, user_dirs):
content=StaticFile("changeToSecureUid.sh"),
mode=0555)
ignore_groupsusers_create_str = str(params.ignore_groupsusers_create).lower()
- uid = get_uid(user)
+ uid = get_uid(user, return_existing=True)
Execute(format("{tmp_dir}/changeUid.sh {user} {user_dirs} {new_uid}", new_uid=0 if uid is None else uid),
not_if = format("(test $(id -u {user}) -gt 1000) || ({ignore_groupsusers_create_str})"))
-def get_uid(user):
+def get_uid(user, return_existing=False):
+ """
+ Tries to get UID for username. It will try to find UID in custom properties in *cluster_env* and, if *return_existing=True*,
+ it will try to return UID of existing *user*.
+
+ :param user: username to get UID for
+ :param return_existing: return UID for existing user
+ :return:
+ """
import params
user_str = str(user) + "_uid"
service_env = [ serviceEnv for serviceEnv in params.config['configurations'] if user_str in params.config['configurations'][serviceEnv]]
@@ -155,13 +163,18 @@ def get_uid(user):
Logger.warning("Multiple values found for %s, using %s" % (user_str, uid))
return uid
else:
- if user == params.smoke_user:
+ if return_existing:
+ # pick up existing UID or try to find available UID in /etc/passwd, see changeToSecureUid.sh for more info
+ if user == params.smoke_user:
+ return None
+ File(format("{tmp_dir}/changeUid.sh"),
+ content=StaticFile("changeToSecureUid.sh"),
+ mode=0555)
+ code, newUid = shell.call(format("{tmp_dir}/changeUid.sh {user}"))
+ return int(newUid)
+ else:
+ # do not return UID for existing user, used in User resource call to let OS to choose UID for us
return None
- File(format("{tmp_dir}/changeUid.sh"),
- content=StaticFile("changeToSecureUid.sh"),
- mode=0555)
- code, newUid = shell.call(format("{tmp_dir}/changeUid.sh {user}"))
- return int(newUid)
def setup_hadoop_env():
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/f1b53000/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py b/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py
index a13ac24..9dceb69 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py
@@ -52,33 +52,22 @@ class TestHookBeforeInstall(RMFTestCase):
self.assertResourceCalled('Group', 'hadoop',)
self.assertResourceCalled('Group', 'nobody',)
self.assertResourceCalled('Group', 'users',)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
+
self.assertResourceCalled('User', 'hive',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'oozie',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'users'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'nobody',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'nobody'],
fetch_nonlocal_groups = True,
)
@@ -88,113 +77,69 @@ class TestHookBeforeInstall(RMFTestCase):
groups = [u'users'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'flume',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'hdfs',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'storm',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'mapred',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'hbase',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'tez',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'users'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'zookeeper',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'falcon',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'users'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'sqoop',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'yarn',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)
- self.assertResourceCalled('File', '/tmp/changeUid.sh',
- content = StaticFile('changeToSecureUid.sh'),
- mode = 0555,
- )
self.assertResourceCalled('User', 'hcat',
gid = 'hadoop',
- uid = 1000,
+ uid = None,
groups = [u'hadoop'],
fetch_nonlocal_groups = True,
)