You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2018/05/25 11:54:38 UTC
[ambari] branch trunk updated: Revert "[Ambari-23850] Use trustore
details for Atlas/Ranger during collection creation (#1276)"
This is an automated email from the ASF dual-hosted git repository.
rlevas pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 9734170 Revert "[Ambari-23850] Use trustore details for Atlas/Ranger during collection creation (#1276)"
9734170 is described below
commit 9734170d80d4219335c276a84fbf72a33c18fdc9
Author: Robert Levas <rl...@hortonworks.com>
AuthorDate: Fri May 25 06:22:50 2018 -0400
Revert "[Ambari-23850] Use trustore details for Atlas/Ranger during collection creation (#1276)"
This reverts commit 37475b1ad3eb9a8f97da15012819fa8c564d6f79.
---
.../ATLAS/0.1.0.2.3/package/scripts/metadata.py | 7 +------
.../ATLAS/0.1.0.2.3/package/scripts/params.py | 17 +---------------
.../0.4.0/package/scripts/setup_ranger_xml.py | 23 +++++++++++-----------
3 files changed, 13 insertions(+), 34 deletions(-)
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py
index ac7ba42..d78efe9 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata.py
@@ -25,8 +25,6 @@ from resource_management import StackFeature
from resource_management.core.resources.system import Directory, File, Execute
from resource_management.core.source import StaticFile, InlineTemplate, Template
from resource_management.core.exceptions import Fail
-from resource_management.libraries.script.script import Script
-from resource_management.libraries.functions.default import default
from resource_management.libraries.functions.format import format
from resource_management.libraries.functions.decorator import retry
from resource_management.libraries.functions import solr_cloud_util
@@ -247,10 +245,7 @@ def create_collection(collection, config_set, jaasFile):
java64_home=params.ambari_java_home,
jaas_file=jaasFile,
shards=params.atlas_solr_shards,
- replication_factor = params.infra_solr_replication_factor,
- trust_store_password = params.truststore_password if params.credential_provider else None,
- trust_store_type = "JKS" if params.credential_provider else None,
- trust_store_location = params.truststore_location if params.credential_provider else None)
+ replication_factor = params.infra_solr_replication_factor)
def secure_znode(znode, jaasFile):
import params
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
index 7a7dfaa..8ce94be 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
@@ -26,9 +26,6 @@ from resource_management.libraries.functions.version import format_stack_version
from resource_management.libraries.script.script import Script
from resource_management.libraries.functions.format import format
from resource_management.libraries.functions.default import default
-from resource_management.core.utils import PasswordString
-from ambari_commons.credential_store_helper import get_password_from_credential_store
-
# Local Imports
from status_params import *
@@ -134,19 +131,14 @@ java64_home = config['ambariLevelParams']['java_home']
ambari_java_home = default("/ambariLevelParams/ambari_java_home", java64_home)
java_exec = format("{java64_home}/bin/java")
env_sh_template = config['configurations']['atlas-env']['content']
-jdk_location = config['ambariLevelParams']['jdk_location']
-
# credential provider
-credential_provider = default("/configurations/application-properties/cert.stores.credential.provider.path", None)
+credential_provider = format( "jceks://file@{conf_dir}/atlas-site.jceks")
# command line args
ssl_enabled = default("/configurations/application-properties/atlas.enableTLS", False)
http_port = default("/configurations/application-properties/atlas.server.http.port", "21000")
https_port = default("/configurations/application-properties/atlas.server.https.port", "21443")
-truststore_location = default("/configurations/application-properties/truststore.file", None)
-keystore_location = default("/configurations/application-properties/keystore.file", None)
-
if ssl_enabled:
metadata_port = https_port
metadata_protocol = 'https'
@@ -429,10 +421,3 @@ if stack_supports_atlas_ranger_plugin and enable_ranger_atlas:
# atlas admin login username password
atlas_admin_username = config['configurations']['atlas-env']['atlas.admin.username']
atlas_admin_password = config['configurations']['atlas-env']['atlas.admin.password']
-
-# Atlas Passwords Extracted From Credential Store
-if credential_provider:
- default_credential_shell_lib_path = jdk_location
- truststore_password = PasswordString(get_password_from_credential_store('truststore.password', credential_provider, os.path.join(default_credential_shell_lib_path, '*'), java64_home, jdk_location))
- keystore_password = PasswordString(get_password_from_credential_store('keystore.password', credential_provider, os.path.join(default_credential_shell_lib_path, '*'), java64_home, jdk_location))
- key_password = PasswordString(get_password_from_credential_store('password', credential_provider, os.path.join(default_credential_shell_lib_path, '*'), java64_home, jdk_location))
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index edb6986..0e7604d 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -167,7 +167,7 @@ def setup_ranger_admin(upgrade_type=None):
Link('/usr/bin/ranger-admin',
to=format('{ranger_home}/ews/ranger-admin-services.sh'))
-
+
if default("/configurations/ranger-admin-site/ranger.authentication.method", "") == 'PAM':
d = '/etc/pam.d'
if os.path.isdir(d):
@@ -254,7 +254,7 @@ def setup_ranger_admin(upgrade_type=None):
def setup_ranger_db(stack_version=None):
import params
-
+
ranger_home = params.ranger_home
if stack_version is not None:
@@ -275,7 +275,7 @@ def setup_ranger_db(stack_version=None):
if params.create_db_dbuser:
Logger.info('Setting up Ranger DB and DB User')
dba_setup = format('ambari-python-wrap {ranger_home}/dba_script.py -q')
- Execute(dba_setup,
+ Execute(dba_setup,
environment=env_dict,
logoutput=True,
user=params.unix_user,
@@ -284,7 +284,7 @@ def setup_ranger_db(stack_version=None):
Logger.info('Separate DBA property not set. Assuming Ranger DB and DB User exists!')
db_setup = format('ambari-python-wrap {ranger_home}/db_setup.py')
- Execute(db_setup,
+ Execute(db_setup,
environment=env_dict,
logoutput=True,
user=params.unix_user,
@@ -303,7 +303,7 @@ def setup_java_patch(stack_version=None):
env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
setup_java_patch = format('ambari-python-wrap {ranger_home}/db_setup.py -javapatch')
- Execute(setup_java_patch,
+ Execute(setup_java_patch,
environment=env_dict,
logoutput=True,
user=params.unix_user,
@@ -477,7 +477,7 @@ def setup_usersync(upgrade_type=None):
group = params.unix_group,
mode=0755
)
-
+
Directory(format("{ranger_ugsync_conf}/"),
owner = params.unix_user
)
@@ -535,7 +535,7 @@ def setup_usersync(upgrade_type=None):
group = params.unix_group,
mode = 0640
)
-
+
File([params.usersync_start, params.usersync_stop],
owner = params.unix_user,
group = params.unix_group
@@ -741,6 +741,8 @@ def setup_ranger_audit_solr():
solr_cloud_util.add_solr_roles(params.config,
roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
new_service_principals = service_principals)
+
+
solr_cloud_util.create_collection(
zookeeper_quorum = params.zookeeper_quorum,
solr_znode = params.solr_znode,
@@ -749,10 +751,7 @@ def setup_ranger_audit_solr():
java64_home = params.ambari_java_home,
shards = params.ranger_solr_shards,
replication_factor = int(params.replication_factor),
- jaas_file = params.solr_jaas_file,
- trust_store_password = default('configurations/ranger-admin-site/ranger.truststore.file', None),
- trust_store_type = "JKS" if default('configurations/ranger-admin-site/ranger.truststore.file', None) else None,
- trust_store_location = default('configurations/ranger-admin-site/ranger.truststore.password', None))
+ jaas_file = params.solr_jaas_file)
if params.security_enabled and params.has_infra_solr \
and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
@@ -871,4 +870,4 @@ def update_password_configs():
ModifyPropertiesFile(format("{ranger_home}/install.properties"),
properties = password_configs,
owner = params.unix_user,
- )
+ )
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
rlevas@apache.org.