You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Andrew Onischuk <ao...@hortonworks.com> on 2014/10/26 16:03:09 UTC
Review Request 27208: Ambari: Add oozie install user as an Oozie
admin user
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/
-----------------------------------------------------------
Review request for Ambari and Dmytro Sen.
Bugs: AMBARI-7976
https://issues.apache.org/jira/browse/AMBARI-7976
Repository: ambari
Description
-------
Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users
* have write access to all jobs
* have write access to admin operations
When authorization server security is enabled by config property
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.
Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt
See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration
Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.
We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt
This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.
Diffs
-----
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py bba2e09
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py 3960904
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 PRE-CREATION
ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml 4a8eab7
ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96
Diff: https://reviews.apache.org/r/27208/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 27208: Ambari: Add oozie install user as an Oozie
admin user
Posted by Dmytro Sen <ds...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/#review58560
-----------------------------------------------------------
Ship it!
Ship It!
- Dmytro Sen
On Окт. 26, 2014, 4:06 п.п., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27208/
> -----------------------------------------------------------
>
> (Updated Окт. 26, 2014, 4:06 п.п.)
>
>
> Review request for Ambari, Andrew Onischuk and Dmytro Sen.
>
>
> Bugs: AMBARI-7976
> https://issues.apache.org/jira/browse/AMBARI-7976
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
>
> * have write access to all jobs
> * have write access to admin operations
>
> When authorization server security is enabled by config property
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
>
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
>
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
>
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
>
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
>
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py bba2e09
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py 3960904
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 PRE-CREATION
> ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml 4a8eab7
> ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96
>
> Diff: https://reviews.apache.org/r/27208/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>
Re: Review Request 27208: Ambari: Add oozie install user as an Oozie
admin user
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/
-----------------------------------------------------------
(Updated Oct. 26, 2014, 4:06 p.m.)
Review request for Ambari, Andrew Onischuk and Dmytro Sen.
Bugs: AMBARI-7976
https://issues.apache.org/jira/browse/AMBARI-7976
Repository: ambari
Description
-------
Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users
* have write access to all jobs
* have write access to admin operations
When authorization server security is enabled by config property
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.
Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt
See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration
Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.
We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt
This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.
Diffs (updated)
-----
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py bba2e09
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py 3960904
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 PRE-CREATION
ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml 4a8eab7
ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96
Diff: https://reviews.apache.org/r/27208/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk
Re: Review Request 27208: Ambari: Add oozie install user as an Oozie
admin user
Posted by Dmytro Sen <ds...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/#review58555
-----------------------------------------------------------
Ship it!
Ship It!
- Dmytro Sen
On Окт. 26, 2014, 3:06 п.п., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27208/
> -----------------------------------------------------------
>
> (Updated Окт. 26, 2014, 3:06 п.п.)
>
>
> Review request for Ambari, Andrew Onischuk and Dmytro Sen.
>
>
> Bugs: AMBARI-7976
> https://issues.apache.org/jira/browse/AMBARI-7976
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
>
> * have write access to all jobs
> * have write access to admin operations
>
> When authorization server security is enabled by config property
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
>
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
>
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
>
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
>
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
>
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py bba2e09
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py 3960904
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 PRE-CREATION
> ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml 4a8eab7
> ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96
>
> Diff: https://reviews.apache.org/r/27208/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>
Re: Review Request 27208: Ambari: Add oozie install user as an Oozie
admin user
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/#review58554
-----------------------------------------------------------
Ship it!
Ship It!
- Andrew Onischuk
On Oct. 26, 2014, 3:06 p.m., Andrew Onischuk wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27208/
> -----------------------------------------------------------
>
> (Updated Oct. 26, 2014, 3:06 p.m.)
>
>
> Review request for Ambari, Andrew Onischuk and Dmytro Sen.
>
>
> Bugs: AMBARI-7976
> https://issues.apache.org/jira/browse/AMBARI-7976
>
>
> Repository: ambari
>
>
> Description
> -------
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
>
> * have write access to all jobs
> * have write access to admin operations
>
> When authorization server security is enabled by config property
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
>
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
>
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
>
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
>
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
>
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.
>
>
> Diffs
> -----
>
> ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py bba2e09
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py 3960904
> ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 PRE-CREATION
> ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml 4a8eab7
> ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96
>
> Diff: https://reviews.apache.org/r/27208/diff/
>
>
> Testing
> -------
>
> mvn clean test
>
>
> Thanks,
>
> Andrew Onischuk
>
>
Re: Review Request 27208: Ambari: Add oozie install user as an Oozie
admin user
Posted by Andrew Onischuk <ao...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/
-----------------------------------------------------------
(Updated Oct. 26, 2014, 3:06 p.m.)
Review request for Ambari, Andrew Onischuk and Dmytro Sen.
Bugs: AMBARI-7976
https://issues.apache.org/jira/browse/AMBARI-7976
Repository: ambari
Description
-------
Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users
* have write access to all jobs
* have write access to admin operations
When authorization server security is enabled by config property
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.
Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt
See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration
Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.
We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt
This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.
Diffs
-----
ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py bba2e09
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py 3960904
ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2 PRE-CREATION
ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml 4a8eab7
ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96
Diff: https://reviews.apache.org/r/27208/diff/
Testing
-------
mvn clean test
Thanks,
Andrew Onischuk