You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ga...@apache.org on 2016/06/23 05:48:05 UTC
[2/2] ambari git commit: AMBARI-17330. Ambari changes to support
kerberized Ranger tagsync(Mugdha Varadkar via gautam)
AMBARI-17330. Ambari changes to support kerberized Ranger tagsync(Mugdha Varadkar via gautam)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e5ff7fc7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e5ff7fc7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e5ff7fc7
Branch: refs/heads/trunk
Commit: e5ff7fc7e93c55f4422ce36e79d238c71fa82a28
Parents: 5d70458
Author: Gautam Borad <ga...@apache.org>
Authored: Wed Jun 22 11:07:58 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Thu Jun 23 11:17:53 2016 +0530
----------------------------------------------------------------------
.../RANGER/0.4.0/package/scripts/params.py | 7 ++++++-
.../0.6.0/configuration/ranger-tagsync-site.xml | 13 ++-----------
.../common-services/RANGER/0.6.0/kerberos.json | 15 +++++++++++++++
.../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 1 -
4 files changed, 23 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/e5ff7fc7/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 44fe3e3..ab5be74 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -281,6 +281,12 @@ for host in config['clusterHostInfo']['zookeeper_hosts']:
if index < len(config['clusterHostInfo']['zookeeper_hosts']):
zookeeper_quorum += ","
+if security_enabled:
+ if has_ranger_tagsync:
+ ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
+ tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
+ tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
+
# logic to create core-site.xml if hdfs not installed
if stack_supports_ranger_kerberos and not has_namenode:
core_site_property = {
@@ -301,7 +307,6 @@ if stack_supports_ranger_kerberos and not has_namenode:
]
if has_ranger_tagsync:
- ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
ranger_tagsync_bare_principal = get_bare_principal(ranger_tagsync_principal)
rule_dict.append({'principal': ranger_tagsync_bare_principal, 'user': 'rangertagsync'})
http://git-wip-us.apache.org/repos/asf/ambari/blob/e5ff7fc7/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml
index c5a575d..7985f58 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/configuration/ranger-tagsync-site.xml
@@ -120,9 +120,9 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
- <name>ranger.tagsync.atlas.to.ranger.service.mapping</name>
+ <name>ranger.tagsync.source.atlasrest.username</name>
<value/>
- <description>Service Mapping</description>
+ <description></description>
<value-attributes>
<empty-value-valid>true</empty-value-valid>
</value-attributes>
@@ -139,15 +139,6 @@
<on-ambari-upgrade add="true"/>
</property>
<property>
- <name>ranger.tagsync.atlas.custom.resource.mappers</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
<name>ranger.tagsync.kerberos.principal</name>
<value/>
<description/>
http://git-wip-us.apache.org/repos/asf/ambari/blob/e5ff7fc7/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
index cd34cd9..c633230 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
@@ -107,6 +107,21 @@
"configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.keytab"
}
}
+ ],
+ "configurations": [
+ {
+ "tagsync-application-properties": {
+ "atlas.jaas.KafkaClient.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "atlas.jaas.KafkaClient.loginModuleControlFlag": "required",
+ "atlas.jaas.KafkaClient.option.useKeyTab": "true",
+ "atlas.jaas.KafkaClient.option.storeKey": "true",
+ "atlas.jaas.KafkaClient.option.serviceName": "kafka",
+ "atlas.jaas.KafkaClient.option.keyTab": "{{tagsync_keytab_path}}",
+ "atlas.jaas.KafkaClient.option.principal": "{{tagsync_jaas_principal}}",
+ "atlas.kafka.sasl.kerberos.service.name": "kafka",
+ "atlas.kafka.security.protocol": "SASL_PLAINTEXT"
+ }
+ }
]
}
]
http://git-wip-us.apache.org/repos/asf/ambari/blob/e5ff7fc7/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 61bdce0..5847984 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -553,7 +553,6 @@ def check_ranger_service_support_kerberos():
policymgr_mgr_url = params.policymgr_mgr_url
if policymgr_mgr_url.endswith('/'):
policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
- policymgr_mgr_url = format('{policymgr_mgr_url}/login.jsp')
ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url)
response_code = ranger_adm_obj.check_ranger_login_curl(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal, policymgr_mgr_url, True)