You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by fb...@apache.org on 2015/04/10 18:48:23 UTC
ambari git commit: AMBARI-10395 [WinTP2] Ambari server setup fails to
register the service when the user account is customized
Repository: ambari
Updated Branches:
refs/heads/trunk 4659255e4 -> 64cb538ed
AMBARI-10395 [WinTP2] Ambari server setup fails to register the service when the user account is customized
Adding support for the Windows accounts syntax <server>\<account>, e.g. .\Administrator or WIN01\Administrator
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/64cb538e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/64cb538e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/64cb538e
Branch: refs/heads/trunk
Commit: 64cb538edae0f482c8bd89e49fb385e1a5cbe183
Parents: 4659255
Author: Florian Barca <fb...@hortonworks.com>
Authored: Fri Apr 10 09:48:06 2015 -0700
Committer: Florian Barca <fb...@hortonworks.com>
Committed: Fri Apr 10 09:48:06 2015 -0700
----------------------------------------------------------------------
.../main/python/ambari_commons/os_windows.py | 33 +++++++++++++++-----
.../main/python/ambari_server/serverSetup.py | 12 ++++---
.../main/python/ambari_server/setupSecurity.py | 1 +
3 files changed, 33 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/64cb538e/ambari-common/src/main/python/ambari_commons/os_windows.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/ambari_commons/os_windows.py b/ambari-common/src/main/python/ambari_commons/os_windows.py
index 190c817..edbcc7b 100644
--- a/ambari-common/src/main/python/ambari_commons/os_windows.py
+++ b/ambari-common/src/main/python/ambari_commons/os_windows.py
@@ -616,6 +616,8 @@ class WinService(win32serviceutil.ServiceFramework):
perfMonIni = None, perfMonDll = None):
installArgs = [sys.argv[0], "--startup=" + startupMode]
if username is not None and username:
+ if username.find('\\') == -1:
+ username = '.\\' + username
installArgs.append("--username=" + username)
if password is not None and password:
installArgs.append("--password=" + password)
@@ -703,19 +705,34 @@ class UserHelper(object):
USER_EXISTS = 1
ACTION_FAILED = -1
- def __init__(self):
- self._policy = win32security.LsaOpenPolicy(None,
+ def __init__(self, userName):
+ self.domainName, self.dcName, self.userName = UserHelper._parse_user_name(userName)
+ self._policy = win32security.LsaOpenPolicy(self.dcName,
win32security.POLICY_CREATE_ACCOUNT | win32security.POLICY_LOOKUP_NAMES)
- def create_user(self, name, password, comment="Ambari user"):
+ @staticmethod
+ def _parse_user_name(userName):
+ dcName = None
+ domainName = None
+ domainSepIndex = userName.find('\\')
+ if domainSepIndex != -1:
+ domainName = userName[0:domainSepIndex]
+ userName = userName[domainSepIndex + 1:]
+ if domainName == '.' or domainName == win32api.GetComputerName():
+ domainName = None
+ else:
+ dcName = win32net.NetGetDCName(None, domainName)
+ return (domainName, dcName, userName)
+
+ def create_user(self, password, comment="Ambari user"):
user_info = {}
- user_info['name'] = name
+ user_info['name'] = self.userName
user_info['password'] = password
user_info['priv'] = win32netcon.USER_PRIV_USER
user_info['comment'] = comment
user_info['flags'] = win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_SCRIPT
try:
- win32net.NetUserAdd(None, 1, user_info)
+ win32net.NetUserAdd(self.dcName, 1, user_info)
except pywintypes.error as e:
if e.winerror == 2224:
return UserHelper.USER_EXISTS, e.strerror
@@ -723,9 +740,9 @@ class UserHelper(object):
return UserHelper.ACTION_FAILED, e.strerror
return UserHelper.ACTION_OK, "User created."
- def add_user_privilege(self, name, privilege):
+ def add_user_privilege(self, privilege):
try:
- acc_sid = win32security.LookupAccountName(None, name)[0]
+ acc_sid = win32security.LookupAccountName(self.dcName, self.userName)[0]
win32security.LsaAddAccountRights(self._policy, acc_sid, (privilege,))
except pywintypes.error as e:
return UserHelper.ACTION_FAILED, e.strerror
@@ -733,7 +750,7 @@ class UserHelper(object):
def remove_user_privilege(self, name, privilege):
try:
- acc_sid = win32security.LookupAccountName(None, name)[0]
+ acc_sid = win32security.LookupAccountName(self.dcName, self.userName)[0]
win32security.LsaRemoveAccountRights(self._policy, acc_sid, 0, (privilege,))
except pywintypes.error as e:
return UserHelper.ACTION_FAILED, e.strerror
http://git-wip-us.apache.org/repos/asf/ambari/blob/64cb538e/ambari-server/src/main/python/ambari_server/serverSetup.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverSetup.py b/ambari-server/src/main/python/ambari_server/serverSetup.py
index d1e9a35..ddb44fd 100644
--- a/ambari-server/src/main/python/ambari_server/serverSetup.py
+++ b/ambari-server/src/main/python/ambari_server/serverSetup.py
@@ -217,9 +217,9 @@ class AmbariUserChecksWindows(AmbariUserChecks):
from ambari_commons.os_windows import UserHelper
- uh = UserHelper()
+ uh = UserHelper(user)
- status, message = uh.create_user(user,password)
+ status, message = uh.create_user(password)
if status == UserHelper.USER_EXISTS:
print_info_msg("User {0} already exists, make sure that you typed correct password for user, "
"skipping user creation".format(user))
@@ -230,16 +230,18 @@ class AmbariUserChecksWindows(AmbariUserChecks):
# setting SeServiceLogonRight to user
- status, message = uh.add_user_privilege(user, 'SeServiceLogonRight')
+ status, message = uh.add_user_privilege('SeServiceLogonRight')
if status == UserHelper.ACTION_FAILED:
print_warning_msg("Can't add SeServiceLogonRight to user {0}. Failed with message {1}".format(user, message))
return UserHelper.ACTION_FAILED, None
print_info_msg("User configuration is done.")
- print_warning_msg("When using non SYSTEM user make sure that your user have read\write access to log directories and "
+ print_warning_msg("When using non SYSTEM user make sure that your user has read\write access to log directories and "
"all server directories. In case of integrated authentication for SQL Server make sure that your "
- "user properly configured to use ambari and metric database.")
+ "user is properly configured to use the ambari database.")
#storing username and password in os.environ temporary to pass them to service
+ if uh.domainName:
+ user = uh.domainName + '\\' + user
os.environ[SERVICE_USERNAME_KEY] = user
os.environ[SERVICE_PASSWORD_KEY] = password
return 0, user
http://git-wip-us.apache.org/repos/asf/ambari/blob/64cb538e/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index 32cd397..c860ecd 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -128,6 +128,7 @@ def adjust_directory_permissions(ambari_user):
pass
else:
print_warning_msg("Bootstrap directory lingering around after 5s. Unable to complete the cleanup.")
+ pass
# Add master key and credential store if exists
keyLocation = get_master_key_location(properties)