You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by fb...@apache.org on 2015/04/10 18:48:23 UTC

ambari git commit: AMBARI-10395 [WinTP2] Ambari server setup fails to register the service when the user account is customized

Repository: ambari
Updated Branches:
  refs/heads/trunk 4659255e4 -> 64cb538ed


AMBARI-10395 [WinTP2] Ambari server setup fails to register the service when the user account is customized

Adding support for the Windows accounts syntax <server>\<account>, e.g. .\Administrator or WIN01\Administrator


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/64cb538e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/64cb538e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/64cb538e

Branch: refs/heads/trunk
Commit: 64cb538edae0f482c8bd89e49fb385e1a5cbe183
Parents: 4659255
Author: Florian Barca <fb...@hortonworks.com>
Authored: Fri Apr 10 09:48:06 2015 -0700
Committer: Florian Barca <fb...@hortonworks.com>
Committed: Fri Apr 10 09:48:06 2015 -0700

----------------------------------------------------------------------
 .../main/python/ambari_commons/os_windows.py    | 33 +++++++++++++++-----
 .../main/python/ambari_server/serverSetup.py    | 12 ++++---
 .../main/python/ambari_server/setupSecurity.py  |  1 +
 3 files changed, 33 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/64cb538e/ambari-common/src/main/python/ambari_commons/os_windows.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/ambari_commons/os_windows.py b/ambari-common/src/main/python/ambari_commons/os_windows.py
index 190c817..edbcc7b 100644
--- a/ambari-common/src/main/python/ambari_commons/os_windows.py
+++ b/ambari-common/src/main/python/ambari_commons/os_windows.py
@@ -616,6 +616,8 @@ class WinService(win32serviceutil.ServiceFramework):
               perfMonIni = None, perfMonDll = None):
     installArgs = [sys.argv[0], "--startup=" + startupMode]
     if username is not None and username:
+      if username.find('\\') == -1:
+        username = '.\\' + username
       installArgs.append("--username=" + username)
       if password is not None and password:
         installArgs.append("--password=" + password)
@@ -703,19 +705,34 @@ class UserHelper(object):
   USER_EXISTS = 1
   ACTION_FAILED = -1
 
-  def __init__(self):
-    self._policy = win32security.LsaOpenPolicy(None,
+  def __init__(self, userName):
+    self.domainName, self.dcName, self.userName = UserHelper._parse_user_name(userName)
+    self._policy = win32security.LsaOpenPolicy(self.dcName,
                                                win32security.POLICY_CREATE_ACCOUNT | win32security.POLICY_LOOKUP_NAMES)
 
-  def create_user(self, name, password, comment="Ambari user"):
+  @staticmethod
+  def _parse_user_name(userName):
+    dcName = None
+    domainName = None
+    domainSepIndex = userName.find('\\')
+    if domainSepIndex != -1:
+      domainName = userName[0:domainSepIndex]
+      userName = userName[domainSepIndex + 1:]
+      if domainName == '.' or domainName == win32api.GetComputerName():
+        domainName = None
+      else:
+        dcName = win32net.NetGetDCName(None, domainName)
+    return (domainName, dcName, userName)
+
+  def create_user(self, password, comment="Ambari user"):
     user_info = {}
-    user_info['name'] = name
+    user_info['name'] = self.userName
     user_info['password'] = password
     user_info['priv'] = win32netcon.USER_PRIV_USER
     user_info['comment'] = comment
     user_info['flags'] = win32netcon.UF_NORMAL_ACCOUNT | win32netcon.UF_SCRIPT
     try:
-      win32net.NetUserAdd(None, 1, user_info)
+      win32net.NetUserAdd(self.dcName, 1, user_info)
     except pywintypes.error as e:
       if e.winerror == 2224:
         return UserHelper.USER_EXISTS, e.strerror
@@ -723,9 +740,9 @@ class UserHelper(object):
         return UserHelper.ACTION_FAILED, e.strerror
     return UserHelper.ACTION_OK, "User created."
 
-  def add_user_privilege(self, name, privilege):
+  def add_user_privilege(self, privilege):
     try:
-      acc_sid = win32security.LookupAccountName(None, name)[0]
+      acc_sid = win32security.LookupAccountName(self.dcName, self.userName)[0]
       win32security.LsaAddAccountRights(self._policy, acc_sid, (privilege,))
     except pywintypes.error as e:
       return UserHelper.ACTION_FAILED, e.strerror
@@ -733,7 +750,7 @@ class UserHelper(object):
 
   def remove_user_privilege(self, name, privilege):
     try:
-      acc_sid = win32security.LookupAccountName(None, name)[0]
+      acc_sid = win32security.LookupAccountName(self.dcName, self.userName)[0]
       win32security.LsaRemoveAccountRights(self._policy, acc_sid, 0, (privilege,))
     except pywintypes.error as e:
       return UserHelper.ACTION_FAILED, e.strerror

http://git-wip-us.apache.org/repos/asf/ambari/blob/64cb538e/ambari-server/src/main/python/ambari_server/serverSetup.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverSetup.py b/ambari-server/src/main/python/ambari_server/serverSetup.py
index d1e9a35..ddb44fd 100644
--- a/ambari-server/src/main/python/ambari_server/serverSetup.py
+++ b/ambari-server/src/main/python/ambari_server/serverSetup.py
@@ -217,9 +217,9 @@ class AmbariUserChecksWindows(AmbariUserChecks):
 
     from ambari_commons.os_windows import UserHelper
 
-    uh = UserHelper()
+    uh = UserHelper(user)
 
-    status, message = uh.create_user(user,password)
+    status, message = uh.create_user(password)
     if status == UserHelper.USER_EXISTS:
       print_info_msg("User {0} already exists, make sure that you typed correct password for user, "
                      "skipping user creation".format(user))
@@ -230,16 +230,18 @@ class AmbariUserChecksWindows(AmbariUserChecks):
 
     # setting SeServiceLogonRight to user
 
-    status, message = uh.add_user_privilege(user, 'SeServiceLogonRight')
+    status, message = uh.add_user_privilege('SeServiceLogonRight')
     if status == UserHelper.ACTION_FAILED:
       print_warning_msg("Can't add SeServiceLogonRight to user {0}. Failed with message {1}".format(user, message))
       return UserHelper.ACTION_FAILED, None
 
     print_info_msg("User configuration is done.")
-    print_warning_msg("When using non SYSTEM user make sure that your user have read\write access to log directories and "
+    print_warning_msg("When using non SYSTEM user make sure that your user has read\write access to log directories and "
                       "all server directories. In case of integrated authentication for SQL Server make sure that your "
-                      "user properly configured to use ambari and metric database.")
+                      "user is properly configured to use the ambari database.")
     #storing username and password in os.environ temporary to pass them to service
+    if uh.domainName:
+      user = uh.domainName + '\\' + user
     os.environ[SERVICE_USERNAME_KEY] = user
     os.environ[SERVICE_PASSWORD_KEY] = password
     return 0, user

http://git-wip-us.apache.org/repos/asf/ambari/blob/64cb538e/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index 32cd397..c860ecd 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -128,6 +128,7 @@ def adjust_directory_permissions(ambari_user):
       pass
   else:
     print_warning_msg("Bootstrap directory lingering around after 5s. Unable to complete the cleanup.")
+  pass
 
   # Add master key and credential store if exists
   keyLocation = get_master_key_location(properties)