You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by sr...@apache.org on 2013/06/28 09:17:57 UTC
svn commit: r1497662 -
/incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh
Author: srimanth
Date: Fri Jun 28 07:17:57 2013
New Revision: 1497662
URL: http://svn.apache.org/r1497662
Log:
AMBARI-2519. Add download CSV action for security wizard. (srimanth)
Added:
incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh (with props)
Added: incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh
URL: http://svn.apache.org/viewvc/incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh?rev=1497662&view=auto
==============================================================================
--- incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh (added)
+++ incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh Fri Jun 28 07:17:57 2013
@@ -0,0 +1,161 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+usage () {
+echo "Usage: keytabs.sh <HOST_PRINCIPAL_KEYTABLE.csv> ";
+echo " <HOST_PRINCIPAL_KEYTABLE.csv>: CSV file generated by 'Enable Security Wizard' of Ambari";
+exit 1;
+}
+
+###################
+## processCSVFile()
+###################
+processCSVFile () {
+ csvFile=$1;
+ echo "#!/bin/bash"
+ echo "###########################################################################"
+ echo "###########################################################################"
+ echo "## "
+ echo "## Ambari Security Script Generator"
+ echo "## "
+ echo "## Ambari security script is generated which should be run on the"
+ echo "## Kerberos server machine."
+ echo "## "
+ echo "## Running the generated script will create host specific keytabs folders."
+ echo "## Each of those folders will contain service specific keytab files with "
+ echo "## appropriate permissions. There folders should be copied as the appropriate"
+ echo "## host's '/etc/security/keytabs' folder"
+ echo "###########################################################################"
+ echo "###########################################################################"
+
+ rm -f commands.mkdir;
+ rm -f commands.chmod;
+ rm -f commands.addprinc;
+ rm -f commands.xst
+ rm -f commands.chown.1
+ rm -f commands.chmod.1
+ rm -f commands.chmod.2
+
+ seenHosts="";
+ seenPrincipals="";
+
+ cat $csvFile | while read line; do
+ hostName=`echo $line|cut -d , -f 1`;
+ service=`echo $line|cut -d , -f 2`;
+ principal=`echo $line|cut -d , -f 3`;
+ keytabFile=`echo $line|cut -d , -f 4`;
+
+ if [[ $seenHosts != *$hostName* ]]; then
+ echo "mkdir -p ./keytabs_$hostName" >> commands.mkdir;
+ echo "chmod 655 ./keytabs_$hostName" >> commands.chmod;
+ echo "chown -R root:hadoop `pwd`/keytabs_$hostName" >> commands.chown.1
+ echo "chmod -R g+rX,o= `pwd`/keytabs_$hostName" >> commands.chmod.1
+ seenHosts="$seenHosts$hostName";
+ fi
+
+ if [[ $seenPrincipals != *$principal* ]]; then
+ echo -e "kadmin.local -q \"addprinc -randkey $principal\"" >> commands.addprinc;
+ newKeytabFile=${keytabFile/\/etc\/security\/keytabs/`pwd`/keytabs_$hostName}
+ echo -e "kadmin.local -q \"xst -k $newKeytabFile $principal\"" >> commands.xst;
+ echo "chmod 400 $newKeytabFile" >> commands.chmod.2
+
+ if [ "$service" == "NameNode" -o "$service" == "SNameNode" -o "$service" == "Ambari HDFS Test User" -o "$service" == "DataNode" ]; then
+ echo "chown hdfs:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "TaskTracker" -o "$service" == "JobTracker" ]; then
+ echo "chown mapred:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "Ambari Smoke Test User" ]; then
+ echo "chown ambari-qa:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "ZooKeeper Server" ]; then
+ echo "chown zookeeper:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "HiveServer2" ]; then
+ echo "chown hive:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "Oozie Server" ]; then
+ echo "chown oozie:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "Nagios Server" ]; then
+ echo "chown nagios:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ if [ "$service" == "Ambari HBase Test User" -o "$service" == "HBase RegionServer" -o "$service" == "HBase Master" ]; then
+ echo "chown hbase:hadoop $newKeytabFile" >> commands.chown.1
+ fi
+
+ seenPrincipals="$seenPrincipals$principal"
+ fi
+ done;
+
+ echo ""
+ echo ""
+ echo "###########################################################################"
+ echo "# Making host specific keytab folders"
+ echo "###########################################################################"
+ cat commands.mkdir;
+ echo ""
+ echo "###########################################################################"
+ echo "# Changing permissions for host specific keytab folders"
+ echo "###########################################################################"
+ cat commands.chmod;
+ echo ""
+ echo "###########################################################################"
+ echo "# Creating Kerberos Principals"
+ echo "###########################################################################"
+ cat commands.addprinc;
+ echo ""
+ echo "###########################################################################"
+ echo "# Creating Kerberos Principal keytabs in host specific keytab folders"
+ echo "###########################################################################"
+ cat commands.xst;
+ echo ""
+ echo "###########################################################################"
+ echo "# Changing ownerships of host specific keytab files"
+ echo "###########################################################################"
+ cat commands.chown.1
+ echo ""
+ echo "###########################################################################"
+ echo "# Changing access permissions of host specific keytab files"
+ echo "###########################################################################"
+ cat commands.chmod.1
+ cat commands.chmod.2
+
+ rm -f commands.mkdir;
+ rm -f commands.chmod;
+ rm -f commands.addprinc;
+ rm -f commands.xst
+ rm -f commands.chown.1
+ rm -f commands.chmod.1
+ rm -f commands.chmod.2
+}
+
+if (($# != 1)); then
+ usage
+fi
+
+processCSVFile $1
\ No newline at end of file
Propchange: incubator/ambari/branches/branch-1.2.5/ambari-server/src/main/resources/scripts/keytabs.sh
------------------------------------------------------------------------------
svn:executable = *