You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2017/02/24 14:19:42 UTC
[35/50] ambari git commit: AMBARI-20063. Removing secure ACLs from
Kafka znodes during dekerberization (Attila Magyar via adoroszlai)
AMBARI-20063. Removing secure ACLs from Kafka znodes during dekerberization (Attila Magyar via adoroszlai)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/83cdcea5
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/83cdcea5
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/83cdcea5
Branch: refs/heads/branch-feature-AMBARI-12556
Commit: 83cdcea5fb2c5bee698b2f070489a39ed4b3df40
Parents: 1128732
Author: Attila Magyar <am...@hortonworks.com>
Authored: Thu Feb 23 11:14:03 2017 +0100
Committer: Attila Doroszlai <ad...@hortonworks.com>
Committed: Thu Feb 23 11:14:03 2017 +0100
----------------------------------------------------------------------
.../0.1.0.2.3/package/scripts/metadata_server.py | 5 ++---
.../ATLAS/0.1.0.2.3/package/scripts/params.py | 1 +
.../KAFKA/0.8.1/package/scripts/kafka_broker.py | 15 ++++++++++++++-
.../KAFKA/0.8.1/package/scripts/params.py | 2 ++
4 files changed, 19 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/83cdcea5/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
index ad3270e..3c62243 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
@@ -154,14 +154,13 @@ class MetadataServer(Script):
def disable_security(self, env):
import params
- if not params.stack_supports_zk_security:
- Logger.info("Stack doesn't support zookeeper security")
- return
if not params.zookeeper_quorum:
Logger.info("No zookeeper connection string. Skipping reverting ACL")
return
zkmigrator = ZkMigrator(params.zookeeper_quorum, params.java_exec, params.java64_home, params.atlas_jaas_file, params.metadata_user)
zkmigrator.set_acls(params.zk_root if params.zk_root.startswith('/') else '/' + params.zk_root, 'world:anyone:crdwa')
+ if params.atlas_kafka_group_id:
+ zkmigrator.set_acls(format('/consumers/{params.atlas_kafka_group_id}'), 'world:anyone:crdwa')
def status(self, env):
import status_params
http://git-wip-us.apache.org/repos/asf/ambari/blob/83cdcea5/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
index e270733..a476e77 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/params.py
@@ -83,6 +83,7 @@ java_version = expect("/hostLevelParams/java_version", int)
zk_root = default('/configurations/application-properties/atlas.server.ha.zookeeper.zkroot', '/apache_atlas')
stack_supports_zk_security = check_stack_feature(StackFeature.SECURE_ZOOKEEPER, version_for_stack_feature_checks)
+atlas_kafka_group_id = default('/configurations/application-properties/atlas.kafka.hook.group.id', None)
if security_enabled:
_hostname_lowercase = config['hostname'].lower()
http://git-wip-us.apache.org/repos/asf/ambari/blob/83cdcea5/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka_broker.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka_broker.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka_broker.py
index 0901730..2f6bfaa 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka_broker.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka_broker.py
@@ -28,7 +28,6 @@ from resource_management.libraries.functions.check_process_status import check_p
from resource_management.libraries.functions import StackFeature
from resource_management.libraries.functions.stack_features import check_stack_feature
from resource_management.libraries.functions.show_logs import show_logs
-from resource_management.libraries.functions.default import default
from kafka import ensure_base_directories
import upgrade
@@ -111,6 +110,20 @@ class KafkaBroker(Script):
action = "delete"
)
+ def disable_security(self, env):
+ import params
+ if not params.zookeeper_connect:
+ Logger.info("No zookeeper connection string. Skipping reverting ACL")
+ return
+ if not params.secure_acls:
+ Logger.info("The zookeeper.set.acl is false. Skipping reverting ACL")
+ return
+ Execute(
+ "{0} --zookeeper.connect {1} --zookeeper.acl=unsecure".format(params.kafka_security_migrator, params.zookeeper_connect), \
+ user=params.kafka_user, \
+ environment={ 'JAVA_HOME': params.java64_home }, \
+ logoutput=True, \
+ tries=3)
def status(self, env):
import status_params
http://git-wip-us.apache.org/repos/asf/ambari/blob/83cdcea5/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
index 1d3a195..b338add 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
@@ -102,6 +102,8 @@ kafka_hosts.sort()
zookeeper_hosts = config['clusterHostInfo']['zookeeper_hosts']
zookeeper_hosts.sort()
+secure_acls = default("/configurations/kafka-broker/zookeeper.set.acl", False)
+kafka_security_migrator = os.path.join(kafka_home, "bin", "zookeeper-security-migration.sh")
#Kafka log4j
kafka_log_maxfilesize = default('/configurations/kafka-log4j/kafka_log_maxfilesize',256)