You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sm...@apache.org on 2015/11/19 23:52:36 UTC
ambari git commit: AMBARI-13975. Add support for knoxsso topology to
HDP versions 2.3.8 and higher (Sumit Gupta via smohanty)
Repository: ambari
Updated Branches:
refs/heads/trunk eac8a0ce5 -> 15a7f1c62
AMBARI-13975. Add support for knoxsso topology to HDP versions 2.3.8 and higher (Sumit Gupta via smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/15a7f1c6
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/15a7f1c6
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/15a7f1c6
Branch: refs/heads/trunk
Commit: 15a7f1c62011aed516f9b8b35e9e73ba210198cf
Parents: eac8a0c
Author: Sumit Mohanty <sm...@hortonworks.com>
Authored: Thu Nov 19 14:50:26 2015 -0800
Committer: Sumit Mohanty <sm...@hortonworks.com>
Committed: Thu Nov 19 14:50:26 2015 -0800
----------------------------------------------------------------------
.../KNOX/0.5.0.2.2/package/scripts/knox.py | 20 +++--
.../KNOX/configuration/knoxsso-topology.xml | 94 ++++++++++++++++++++
.../KNOX/configuration/knoxsso-topology.xml | 94 --------------------
3 files changed, 109 insertions(+), 99 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/15a7f1c6/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
index 2a83952..7a9b1ab 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py
@@ -66,11 +66,12 @@ def knox():
content=InlineTemplate(params.admin_topology_template)
)
- File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
- group=params.knox_group,
- owner=params.knox_user,
- content=InlineTemplate(params.knoxsso_topology_template)
- )
+ if Script.is_hdp_stack_greater_or_equal_to(params.version_formatted, "2.3.8.0"):
+ File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
+ group=params.knox_group,
+ owner=params.knox_user,
+ content=InlineTemplate(params.knoxsso_topology_template)
+ )
if params.security_enabled:
TemplateConfig( os.path.join(params.knox_conf_dir, "krb5JAASLogin.conf"),
@@ -123,6 +124,15 @@ def knox():
owner=params.knox_user,
content=InlineTemplate(params.admin_topology_template)
)
+
+ if Script.is_hdp_stack_greater_or_equal_to(params.version_formatted, "2.3.8.0"):
+ File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"),
+ group=params.knox_group,
+ owner=params.knox_user,
+ content=InlineTemplate(params.knoxsso_topology_template)
+ )
+
+
if params.security_enabled:
TemplateConfig( format("{knox_conf_dir}/krb5JAASLogin.conf"),
owner = params.knox_user,
http://git-wip-us.apache.org/repos/asf/ambari/blob/15a7f1c6/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/knoxsso-topology.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/knoxsso-topology.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/knoxsso-topology.xml
new file mode 100644
index 0000000..6119442
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/knoxsso-topology.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+
+<configuration supports_final="false" supports_adding_forbidden="true">
+ <!-- topology file -->
+
+ <property>
+ <name>content</name>
+ <value>
+ <topology>
+
+ <gateway>
+
+ <provider>
+ <role>federation</role>
+ <name>Picketlink</name>
+ <enabled>true</enabled>
+ <param>
+ <name>identity.url</name>
+ <value>https://SSO_PROVIDER_HOST_NAME:SSO_PROVIDER_PORT/idp/profile/SAML2/POST/SSO</value>
+ </param>
+ <param>
+ <name>service.url</name>
+ <value>http://{{knox_host_name}}:{{knox_port}}/gateway/knoxsso/api/v1/websso</value>
+ </param>
+ <param>
+ <name>keystore.url</name>
+ <value>{{knox_cert_store_path}}</value>
+ </param>
+ <param>
+ <name>validating.alias.key</name>
+ <value>SSO_PROVIDER_DOMAIN</value>
+ </param>
+ <param>
+ <name>validating.alias.value</name>
+ <value>SSO_PROVIDER_CERT_ALIAS</value>
+ </param>
+ <param>
+ <name>clock.skew.milis</name>
+ <value>2000</value>
+ </param>
+ </provider>
+
+ <provider>
+ <role>identity-assertion</role>
+ <name>Default</name>
+ <enabled>true</enabled>
+ </provider>
+
+ </gateway>
+
+ <service>
+ <role>KNOXSSO</role>
+ <param>
+ <name>knoxsso.cookie.secure.only</name>
+ <value>true</value>
+ </param>
+ <param>
+ <name>knoxsso.token.ttl</name>
+ <value>36000000</value>
+ </param>
+ </service>
+
+ </topology>
+ </value>
+ <description>
+ The configuration specifies the KnoxSSO provider integration, cookie and token management details.
+ </description>
+ <value-attributes>
+ <type>content</type>
+ <empty-value-valid>true</empty-value-valid>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/15a7f1c6/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
index 38128bd..e69de29 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml
@@ -1,94 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-
-<configuration supports_final="false" supports_adding_forbidden="true">
- <!-- topology file -->
-
- <property>
- <name>content</name>
- <value>
- <topology>
-
- <gateway>
-
- <provider>
- <role>federation</role>
- <name>Picketlink</name>
- <enabled>true</enabled>
- <param>
- <name>identity.url</name>
- <value>https://SSO_PROVIDER_HOST_NAME:SSO_PROVIDER_PORT/idp/profile/SAML2/POST/SSO</value>
- </param>
- <param>
- <name>service.url</name>
- <value>http://{{knox_host_name}}:{{knox_port}}/gateway/idp/knoxsso/api/v1/websso</value>
- </param>
- <param>
- <name>keystore.url</name>
- <value>{{knox_cert_store_path}}</value>
- </param>
- <param>
- <name>validating.alias.key</name>
- <value>SSO_PROVIDER_DOMAIN</value>
- </param>
- <param>
- <name>validating.alias.value</name>
- <value>SSO_PROVIDER_CERT_ALIAS</value>
- </param>
- <param>
- <name>clock.skew.milis</name>
- <value>2000</value>
- </param>
- </provider>
-
- <provider>
- <role>identity-assertion</role>
- <name>Default</name>
- <enabled>true</enabled>
- </provider>
-
- </gateway>
-
- <service>
- <role>KNOXSSO</role>
- <param>
- <name>knoxsso.cookie.secure.only</name>
- <value>true</value>
- </param>
- <param>
- <name>knoxsso.cookie.max.age</name>
- <value>600</value>
- </param>
- </service>
-
- </topology>
- </value>
- <description>
- The configuration specifies the KnoxSSO provider integration, cookie and token management details.
- </description>
- <value-attributes>
- <type>content</type>
- <empty-value-valid>true</empty-value-valid>
- <show-property-name>false</show-property-name>
- </value-attributes>
- </property>
-</configuration>