You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ja...@apache.org on 2013/06/21 19:59:15 UTC
svn commit: r1495524 - in /incubator/ambari/trunk:
ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/
ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/
ambari-agent/src/main/puppet/modules/hdp-hive/manifests/
ambari-agent/src/main...
Author: jaimin
Date: Fri Jun 21 17:59:14 2013
New Revision: 1495524
URL: http://svn.apache.org/r1495524
Log:
AMBARI-2443. Security wizard: smoke test for services fails with customized service user names. (jaimin)
Modified:
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/hive/service_check.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/params.pp
incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/server.pp
incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security.js
incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step3.js
incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hadoop/manifests/init.pp Fri Jun 21 17:59:14 2013
@@ -376,13 +376,12 @@ define hdp-hadoop::exec-hadoop(
}
if (($security_enabled == true) and ($kinit_override == false)) {
- #TODO: may figure out so dont need to call kinit if auth in caceh already
if ($run_user in [$hdfs_user,'root']) {
- $keytab = "${hdp-hadoop::params::keytab_path}/${hdfs_user}.headless.keytab"
+ $keytab = "${hdp::params::keytab_path}/hdfs.headless.keytab"
$principal = $hdfs_user
- } else {
- $keytab = "${hdp-hadoop::params::keytab_path}/${user}.headless.keytab"
- $principal = $user
+ } else {
+ $keytab = $hdp::params::smokeuser_keytab
+ $principal = $hdp::params::smokeuser
}
$kinit_if_needed = "${kinit_path_local} -kt ${keytab} ${principal}; "
} else {
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hbase/manifests/hbase/service_check.pp Fri Jun 21 17:59:14 2013
@@ -26,7 +26,7 @@ class hdp-hbase::hbase::service_check()
$conf_dir = $hdp::params::hbase_conf_dir
$smoke_user_keytab = $hdp::params::smokeuser_keytab
$hbase_user = $hdp-hbase::params::hbase_user
- $hbase_keytab = "${hdp-hbase::params::keytab_path}/${hbase_user}.headless.keytab"
+ $hbase_keytab = "${hdp-hbase::params::keytab_path}/hbase.headless.keytab"
$test_cmd = "fs -test -e ${output_file}"
$serviceCheckData = hdp_unique_id_and_date()
$kinit_cmd = "${hdp::params::kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user};"
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/hive/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/hive/service_check.pp?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/hive/service_check.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/hive/service_check.pp Fri Jun 21 17:59:14 2013
@@ -28,7 +28,7 @@ class hdp-hive::hive::service_check() in
if ($security_enabled == true) {
$kinit_cmd = "${hdp::params::kinit_path_local} -kt ${smoke_user_keytab} ${smoke_test_user};"
- $hive_principal_ext = "principal=${hive_user}/_HOST@${hdp::params::kerberos_domain}"
+ $hive_principal_ext = "principal=${hdp-hive::params::hive_metatore_keytab_path}"
$hive_url_ext = "${hive_url}/\;${hive_principal_ext}"
$smoke_cmd = "${kinit_cmd} env JAVA_HOME=${hdp::params::java64_home} ${smoke_test_path} ${hive_url_ext} ${smoke_test_sql}"
} else {
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/params.pp?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/params.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-hive/manifests/params.pp Fri Jun 21 17:59:14 2013
@@ -63,6 +63,7 @@ class hdp-hive::params() inherits hdp::p
}
$keytab_path = hdp_default("keytab_path","/etc/security/keytabs")
+ $hive_metatore_keytab_path = hdp_default("hive-site/hive.metastore.kerberos.keytab.file","/etc/security/keytabs/hive.service.keytab")
#TODO: using instead hive_server_host in hdp::params
#$hive_metastore_server_host = hdp_default("hive-site/hive.metastore.server.host")
Modified: incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/server.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/server.pp?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/server.pp (original)
+++ incubator/ambari/trunk/ambari-agent/src/main/puppet/modules/hdp-templeton/manifests/server.pp Fri Jun 21 17:59:14 2013
@@ -26,6 +26,7 @@ class hdp-templeton::server(
$templeton_user = $hdp-templeton::params::templeton_user
$smoke_test_user = $hdp::params::smokeuser
+ $smokeuser_keytab = $hdp::params::smokeuser_keytab
if ($service_state == 'no_op') {
} elsif ($service_state in ['running','stopped','installed_and_configured','uninstalled']) {
$hdp::params::service_exists['hdp-templeton::server'] = true
@@ -56,7 +57,7 @@ class hdp-templeton::server(
}
if ($security_enabled == true) {
- $kinit_if_needed = "${hdp::params::kinit_path_local} -kt ${hdp::params::keytab_path}/${smoke_test_user}.headless.keytab ${smoke_test_user};"
+ $kinit_if_needed = "su - ${smoke_test_user} -c '${smokeuser_keytab} ${smoke_test_user}';"
} else {
$kinit_if_needed = "echo 0;"
}
Modified: incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security.js?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security.js (original)
+++ incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security.js Fri Jun 21 17:59:14 2013
@@ -136,6 +136,11 @@ App.MainAdminSecurityController = Em.Con
name: 'hive_user',
value: configs['hive_user'] ? configs['hive_user'] : 'hive'
});
+ serviceUsers.pushObject({
+ id: 'puppet var',
+ name: 'proxyuser_group',
+ value: configs['proxyuser_group'] ? configs['proxyuser_group'] : 'users'
+ });
},
showSecurityErrorPopup: function () {
Modified: incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step3.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step3.js?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step3.js (original)
+++ incubator/ambari/trunk/ambari-web/app/controllers/main/admin/security/add/step3.js Fri Jun 21 17:59:14 2013
@@ -202,6 +202,16 @@ App.MainAdminSecurityAddStep3Controller
"filename": _config.filename
});
}, this);
+ var dependentConfig = this.get('secureMapping').filterProperty('foreignKey');
+ dependentConfig.forEach(function (_config) {
+ this.setConfigValue(uiConfig, _config);
+ uiConfig.pushObject({
+ "id": "site property",
+ "name": _config._name || _config.name,
+ "value": _config.value,
+ "filename": _config.filename
+ });
+ }, this);
return uiConfig;
},
@@ -266,6 +276,47 @@ App.MainAdminSecurityAddStep3Controller
return value;
},
+ /**
+ * Set all site property that are derived from other site-properties
+ */
+ setConfigValue: function (uiConfig, config) {
+ if (config.value == null) {
+ return;
+ }
+ var fkValue = config.name.match(/<(foreignKey.*?)>/g);
+ if (fkValue) {
+ fkValue.forEach(function (_fkValue) {
+ var index = parseInt(_fkValue.match(/\[([\d]*)(?=\])/)[1]);
+ var globalValue
+ if (uiConfig.someProperty('name', config.foreignKey[index])) {
+ globalValue = uiConfig.findProperty('name', config.foreignKey[index]).value;
+ config._name = config.name.replace(_fkValue, globalValue);
+ } else if (this.get('content.serviceConfigProperties').someProperty('name', config.foreignKey[index])) {
+ if (this.get('content.serviceConfigProperties').findProperty('name', config.foreignKey[index]).value === '') {
+ globalValue = this.get('content.serviceConfigProperties').findProperty('name', config.foreignKey[index]).defaultValue;
+ } else {
+ globalValue = this.get('content.serviceConfigProperties').findProperty('name', config.foreignKey[index]).value;
+ }
+ config._name = config.name.replace(_fkValue, globalValue);
+ }
+ }, this);
+ }
+ //For properties in the configMapping file having foreignKey and templateName properties.
+
+ var templateValue = config.value.match(/<(templateName.*?)>/g);
+ if (templateValue) {
+ templateValue.forEach(function (_value) {
+ var index = parseInt(_value.match(/\[([\d]*)(?=\])/)[1]);
+ if (this.get('globalProperties').someProperty('name', config.templateName[index])) {
+ var globValue = this.appendInstanceName(config.templateName[index]);
+ config.value = config.value.replace(_value, globValue);
+ } else {
+ config.value = null;
+ }
+ }, this);
+ }
+ },
+
prepareSecureConfigs: function () {
this.loadGlobals();
var storedConfigs = this.get('content.serviceConfigProperties').filterProperty('id', 'site property');
@@ -278,6 +329,7 @@ App.MainAdminSecurityAddStep3Controller
this.set('globalProperties', globals);
this.loadStaticGlobal(); //Hack for properties which are declared in config_properties.js and not able to retrieve values declared in secure_properties.js
this.loadUsersToGlobal();
+ this.loadHostNamesToGlobal();
},
loadUsersToGlobal: function () {
@@ -289,9 +341,28 @@ App.MainAdminSecurityAddStep3Controller
}, this);
},
- loadStaticGlobal: function() {
+ loadHostNamesToGlobal: function () {
+ if (this.get('isOozieSelected')) {
+ var oozieHostName = App.Service.find('OOZIE').get('hostComponents').findProperty('componentName', 'OOZIE_SERVER').get('host.hostName');
+ this.get('globalProperties').pushObject({
+ id: 'puppet var',
+ name: 'oozieserver_host',
+ value: oozieHostName
+ });
+ }
+ if (App.Service.find('HIVE')) {
+ var hiveHostName = App.Service.find('HIVE').get('hostComponents').findProperty('componentName', 'HIVE_METASTORE').get('host.hostName');
+ this.get('globalProperties').pushObject({
+ id: 'puppet var',
+ name: 'hivemetastore_host',
+ value: hiveHostName
+ });
+ }
+ },
+
+ loadStaticGlobal: function () {
var globalProperties = this.get('globalProperties');
- this.get('globalProperties').forEach(function(_property){
+ this.get('globalProperties').forEach(function (_property) {
switch (_property.name) {
case 'security_enabled':
_property.value = 'true';
@@ -303,7 +374,7 @@ App.MainAdminSecurityAddStep3Controller
_property.value = '1022';
break;
}
- },this);
+ }, this);
},
loadUsersFromServer: function () {
@@ -452,7 +523,7 @@ App.MainAdminSecurityAddStep3Controller
}
else {
this.get('configs').filterProperty('id', 'site property').filterProperty('filename', _serviceConfigTags.siteName + '.xml').forEach(function (_config) {
- _serviceConfigTags.configs[_config.name] = _config.value;
+ _serviceConfigTags.configs[_config.name] = _config.value;
}, this);
}
}, this);
Modified: incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js?rev=1495524&r1=1495523&r2=1495524&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js (original)
+++ incubator/ambari/trunk/ambari-web/app/data/secure_mapping.js Fri Jun 21 17:59:14 2013
@@ -361,6 +361,34 @@ module.exports = [
"foreignKey": null,
"value": "/hbase-secure",
"filename": "hbase-site.xml"
+ },
+ {
+ "name": "hadoop.proxyuser.<foreignKey[0]>.groups",
+ "templateName": ["proxyuser_group"],
+ "foreignKey": ["hive_metastore_primary_name"],
+ "value": "<templateName[0]>",
+ "filename": "core-site.xml"
+ },
+ {
+ "name": "hadoop.proxyuser.<foreignKey[0]>.hosts",
+ "templateName": ["hivemetastore_host"],
+ "foreignKey": ["hive_metastore_primary_name"],
+ "value": "<templateName[0]>",
+ "filename": "core-site.xml"
+ },
+ {
+ "name": "hadoop.proxyuser.<foreignKey[0]>.groups",
+ "templateName": ["proxyuser_group"],
+ "foreignKey": ["oozie_primary_name"],
+ "value": "<templateName[0]>",
+ "filename": "core-site.xml"
+ },
+ {
+ "name": "hadoop.proxyuser.<foreignKey[0]>.hosts",
+ "templateName": ["oozieserver_host"],
+ "foreignKey": ["oozie_primary_name"],
+ "value": "<templateName[0]>",
+ "filename": "core-site.xml"
}
];