You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by al...@apache.org on 2015/04/20 10:00:20 UTC
ambari git commit: AMBARI-10506. Shore up tactical outages around
managing configuration files needed for enabling SSL and RPC encryption
(alexantonenko)
Repository: ambari
Updated Branches:
refs/heads/trunk 3156c3ad6 -> 4f7fc3eea
AMBARI-10506. Shore up tactical outages around managing configuration files needed for enabling SSL and RPC encryption (alexantonenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4f7fc3ee
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4f7fc3ee
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4f7fc3ee
Branch: refs/heads/trunk
Commit: 4f7fc3eea26bf178322c38c5a41f30eee45d9a37
Parents: 3156c3a
Author: Alex Antonenko <hi...@gmail.com>
Authored: Mon Apr 20 11:00:05 2015 +0300
Committer: Alex Antonenko <hi...@gmail.com>
Committed: Mon Apr 20 11:00:15 2015 +0300
----------------------------------------------------------------------
.../HDFS/2.1.0.2.0/configuration/ssl-client.xml | 31 ++++++++++++
.../HDFS/2.1.0.2.0/configuration/ssl-server.xml | 53 ++++++++++++++++++++
.../common-services/HDFS/2.1.0.2.0/metainfo.xml | 2 +
.../HDFS/2.1.0.2.0/package/scripts/hdfs.py | 20 +++++++-
.../common-services/YARN/2.1.0.2.0/metainfo.xml | 2 +
.../YARN/2.1.0.2.0/package/scripts/yarn.py | 16 ++++++
.../YARN/configuration-mapred/ssl-client.xml | 31 ++++++++++++
.../YARN/configuration-mapred/ssl-server.xml | 53 ++++++++++++++++++++
.../YARN/configuration-mapred/ssl-client.xml | 31 ++++++++++++
.../YARN/configuration-mapred/ssl-server.xml | 53 ++++++++++++++++++++
10 files changed, 291 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml
new file mode 100644
index 0000000..ec8cfac
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ssl.client.truststore.location</name>
+ <value>/etc/security/clientKeys/all.jks</value>
+ <description>Truststore to be used by clients. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.client.truststore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml
new file mode 100644
index 0000000..20b8b1e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/configuration/ssl-server.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ssl.server.truststore.location</name>
+ <value>/etc/security/serverKeys/truststore.jks</value>
+ <description>Truststore to be used by NN and DN. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.truststore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.location</name>
+ <value>/etc/security/serverKeys/keystore.jks</value>
+ <description>Keystore to be used by NN and DN. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.password</name>
+ <property-type>PASSWORD</property-type>
+ <value>bigdata</value>
+ <description>Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.keypassword</name>
+ <value>bigdata</value>
+ <property-type>PASSWORD</property-type>
+ <description>Must be specified.</description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml
index f39e4e7..e5f0114 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/metainfo.xml
@@ -235,6 +235,8 @@
<config-type>hadoop-policy</config-type>
<config-type>hdfs-log4j</config-type>
<config-type>ranger-hdfs-plugin-properties</config-type>
+ <config-type>ssl-client</config-type>
+ <config-type>ssl-server</config-type>
</configuration-dependencies>
<restartRequiredAfterRackChange>true</restartRequiredAfterRackChange>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
index b9fb703..a15a486 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs.py
@@ -59,6 +59,24 @@ def hdfs(name=None):
group=params.user_group
)
+ if "ssl-client" in params.config['configurations']:
+ XmlConfig("ssl-client.xml",
+ conf_dir=params.hadoop_conf_dir,
+ configurations=params.config['configurations']['ssl-client'],
+ configuration_attributes=params.config['configuration_attributes']['ssl-client'],
+ owner=params.hdfs_user,
+ group=params.user_group
+ )
+
+ if "ssl-server" in params.config['configurations']:
+ XmlConfig("ssl-server.xml",
+ conf_dir=params.hadoop_conf_dir,
+ configurations=params.config['configurations']['ssl-server'],
+ configuration_attributes=params.config['configuration_attributes']['ssl-server'],
+ owner=params.hdfs_user,
+ group=params.user_group
+ )
+
XmlConfig("hdfs-site.xml",
conf_dir=params.hadoop_conf_dir,
configurations=params.config['configurations']['hdfs-site'],
@@ -114,4 +132,4 @@ def hdfs(component=None):
owner=params.hdfs_user,
mode="f",
configuration_attributes=params.config['configuration_attributes']['hdfs-site']
- )
\ No newline at end of file
+ )
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml
index 30cd902..bfccb4f 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/metainfo.xml
@@ -240,6 +240,8 @@
<config-type>core-site</config-type>
<config-type>mapred-site</config-type>
<config-type>mapred-env</config-type>
+ <config-type>ssl-client</config-type>
+ <config-type>ssl-server</config-type>
</configuration-dependencies>
<restartRequiredAfterRackChange>true</restartRequiredAfterRackChange>
</service>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
index 1d4b365..22888e2 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/yarn.py
@@ -272,7 +272,23 @@ def yarn(name = None):
owner=params.hdfs_user,
group=params.user_group
)
+ if "ssl-client" in params.config['configurations']:
+ XmlConfig("ssl-client.xml",
+ conf_dir=params.hadoop_conf_dir,
+ configurations=params.config['configurations']['ssl-client'],
+ configuration_attributes=params.config['configuration_attributes']['ssl-client'],
+ owner=params.hdfs_user,
+ group=params.user_group
+ )
+ if "ssl-server" in params.config['configurations']:
+ XmlConfig("ssl-server.xml",
+ conf_dir=params.hadoop_conf_dir,
+ configurations=params.config['configurations']['ssl-server'],
+ configuration_attributes=params.config['configuration_attributes']['ssl-server'],
+ owner=params.hdfs_user,
+ group=params.user_group
+ )
if os.path.exists(os.path.join(params.hadoop_conf_dir, 'fair-scheduler.xml')):
File(os.path.join(params.hadoop_conf_dir, 'fair-scheduler.xml'),
owner=params.mapred_user,
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
new file mode 100644
index 0000000..ec8cfac
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ssl.client.truststore.location</name>
+ <value>/etc/security/clientKeys/all.jks</value>
+ <description>Truststore to be used by clients. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.client.truststore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
new file mode 100644
index 0000000..20b8b1e
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.1.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ssl.server.truststore.location</name>
+ <value>/etc/security/serverKeys/truststore.jks</value>
+ <description>Truststore to be used by NN and DN. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.truststore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.location</name>
+ <value>/etc/security/serverKeys/keystore.jks</value>
+ <description>Keystore to be used by NN and DN. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.password</name>
+ <property-type>PASSWORD</property-type>
+ <value>bigdata</value>
+ <description>Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.keypassword</name>
+ <value>bigdata</value>
+ <property-type>PASSWORD</property-type>
+ <description>Must be specified.</description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
new file mode 100644
index 0000000..ec8cfac
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ssl.client.truststore.location</name>
+ <value>/etc/security/clientKeys/all.jks</value>
+ <description>Truststore to be used by clients. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.client.truststore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/4f7fc3ee/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
new file mode 100644
index 0000000..20b8b1e
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/YARN/configuration-mapred/ssl-server.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration>
+ <property>
+ <name>ssl.server.truststore.location</name>
+ <value>/etc/security/serverKeys/truststore.jks</value>
+ <description>Truststore to be used by NN and DN. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.truststore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.location</name>
+ <value>/etc/security/serverKeys/keystore.jks</value>
+ <description>Keystore to be used by NN and DN. Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.password</name>
+ <property-type>PASSWORD</property-type>
+ <value>bigdata</value>
+ <description>Must be specified.</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.type</name>
+ <value>jks</value>
+ <description>Optional. Default value is "jks".</description>
+ </property>
+ <property>
+ <name>ssl.server.keystore.keypassword</name>
+ <value>bigdata</value>
+ <property-type>PASSWORD</property-type>
+ <description>Must be specified.</description>
+ </property>
+</configuration>