You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ds...@apache.org on 2015/10/22 10:10:44 UTC
ambari git commit: AMBARI-13476 Ranger usersync LDAP properties
should be set same to ambari if ambari is configured with LDAP (dsen)
Repository: ambari
Updated Branches:
refs/heads/trunk 7afe5a4ec -> 5eff7979a
AMBARI-13476 Ranger usersync LDAP properties should be set same to ambari if ambari is configured with LDAP (dsen)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5eff7979
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5eff7979
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5eff7979
Branch: refs/heads/trunk
Commit: 5eff7979a37af5e7339b6b65fa99dee612db6c38
Parents: 7afe5a4
Author: Dmytro Sen <ds...@apache.org>
Authored: Thu Oct 22 11:10:26 2015 +0300
Committer: Dmytro Sen <ds...@apache.org>
Committed: Thu Oct 22 11:10:26 2015 +0300
----------------------------------------------------------------------
.../stacks/HDP/2.0.6/services/stack_advisor.py | 18 ++++
.../stacks/HDP/2.3/services/stack_advisor.py | 24 ++++++
.../stacks/2.0.6/common/test_stack_advisor.py | 39 +++++++++
.../stacks/2.3/common/test_stack_advisor.py | 86 ++++++++++++++++++++
4 files changed, 167 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
index 7fb9884..3db5bfd 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py
@@ -305,6 +305,24 @@ class HDP206StackAdvisor(DefaultStackAdvisor):
policymgr_external_url = "%s://%s:%s" % (protocol, ranger_admin_host, port)
putRangerAdminProperty('policymgr_external_url', policymgr_external_url)
+ # Recommend ldap settings based on ambari.properties configuration
+ # If 'ambari.ldap.isConfigured' == true
+ # For stack_version 2.2
+ stackVersion = services["Versions"]["stack_version"]
+ if stackVersion == '2.2' and 'ambari-server-properties' in services and \
+ 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
+ services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
+ putUserSyncProperty = self.putProperty(configurations, "usersync-properties", services)
+ serverProperties = services['ambari-server-properties']
+ if 'authentication.ldap.managerDn' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_BIND_DN', serverProperties['authentication.ldap.managerDn'])
+ if 'authentication.ldap.primaryUrl' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_URL', serverProperties['authentication.ldap.primaryUrl'])
+ if 'authentication.ldap.userObjectClass' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_USER_OBJECT_CLASS', serverProperties['authentication.ldap.userObjectClass'])
+ if 'authentication.ldap.usernameAttribute' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_USER_NAME_ATTRIBUTE', serverProperties['authentication.ldap.usernameAttribute'])
+
def getAmsMemoryRecommendation(self, services, hosts):
# MB per sink in hbase heapsize
http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
index 501517f..7a6662c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py
@@ -264,6 +264,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
+ putRangerUgsyncSite = self.putProperty(configurations, "ranger-ugsync-site", services)
if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties'])\
and ('db_host' in services['configurations']['admin-properties']['properties']) and ('db_name' in services['configurations']['admin-properties']['properties']):
@@ -298,6 +299,29 @@ class HDP23StackAdvisor(HDP22StackAdvisor):
for key in rangerPrivelegeDbProperties:
putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key))
+ # Recommend ldap settings based on ambari.properties configuration
+ if 'ambari-server-properties' in services and \
+ 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
+ services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
+ serverProperties = services['ambari-server-properties']
+ if 'authentication.ldap.baseDn' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.searchBase', serverProperties['authentication.ldap.baseDn'])
+ if 'authentication.ldap.groupMembershipAttr' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.group.memberattributename', serverProperties['authentication.ldap.groupMembershipAttr'])
+ if 'authentication.ldap.groupNamingAttr' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.group.nameattribute', serverProperties['authentication.ldap.groupNamingAttr'])
+ if 'authentication.ldap.groupObjectClass' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.group.objectclass', serverProperties['authentication.ldap.groupObjectClass'])
+ if 'authentication.ldap.managerDn' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.binddn', serverProperties['authentication.ldap.managerDn'])
+ if 'authentication.ldap.primaryUrl' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.url', serverProperties['authentication.ldap.primaryUrl'])
+ if 'authentication.ldap.userObjectClass' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.user.objectclass', serverProperties['authentication.ldap.userObjectClass'])
+ if 'authentication.ldap.usernameAttribute' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.user.nameattribute', serverProperties['authentication.ldap.usernameAttribute'])
+
+
# Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir
include_hdfs = "HDFS" in servicesList
zookeeper_host_port = self.getZKHostPortString(services)
http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
index abddc71..85d6436 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py
@@ -681,6 +681,9 @@ class TestHDP206StackAdvisor(TestCase):
clusterData = {}
# Recommend for not existing DB_FLAVOR and http enabled, HDP-2.3
services = {
+ "Versions" : {
+ "stack_version" : "2.2",
+ },
"services": [
{
"StackServices": {
@@ -778,6 +781,42 @@ class TestHDP206StackAdvisor(TestCase):
self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
self.assertEquals(recommendedConfigurations, expected)
+ # Test Recommend LDAP values
+ services["ambari-server-properties"] = {
+ "ambari.ldap.isConfigured" : "true",
+ "authentication.ldap.bindAnonymously" : "false",
+ "authentication.ldap.baseDn" : "dc=apache,dc=org",
+ "authentication.ldap.groupNamingAttr" : "cn",
+ "authentication.ldap.primaryUrl" : "c6403.ambari.apache.org:389",
+ "authentication.ldap.userObjectClass" : "posixAccount",
+ "authentication.ldap.secondaryUrl" : "c6403.ambari.apache.org:389",
+ "authentication.ldap.usernameAttribute" : "uid",
+ "authentication.ldap.dnAttribute" : "dn",
+ "authentication.ldap.useSSL" : "false",
+ "authentication.ldap.managerPassword" : "/etc/ambari-server/conf/ldap-password.dat",
+ "authentication.ldap.groupMembershipAttr" : "memberUid",
+ "authentication.ldap.groupObjectClass" : "posixGroup",
+ "authentication.ldap.managerDn" : "uid=hdfs,ou=people,ou=dev,dc=apache,dc=org"
+ }
+ services["configurations"] = {}
+ expected = {
+ 'admin-properties': {
+ 'properties': {
+ 'policymgr_external_url': 'http://host1:6080',
+ }
+ },
+ 'usersync-properties': {
+ 'properties': {
+ 'SYNC_LDAP_URL': 'c6403.ambari.apache.org:389',
+ 'SYNC_LDAP_BIND_DN': 'uid=hdfs,ou=people,ou=dev,dc=apache,dc=org',
+ 'SYNC_LDAP_USER_OBJECT_CLASS': 'posixAccount',
+ 'SYNC_LDAP_USER_NAME_ATTRIBUTE': 'uid'
+ }
+ }
+ }
+ recommendedConfigurations = {}
+ self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
+ self.assertEquals(recommendedConfigurations, expected)
def test_recommendHDFSConfigurations(self):
http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
index e0c6d28..ff6c93e 100644
--- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py
@@ -813,3 +813,89 @@ class TestHDP23StackAdvisor(TestCase):
self.assertTrue(exceptionThrown)
pass
+
+ def test_recommendRangerConfigurations(self):
+ clusterData = {}
+ # Recommend for not existing DB_FLAVOR and http enabled, HDP-2.3
+ services = {
+ "Versions" : {
+ "stack_version" : "2.3",
+ },
+ "services": [
+ {
+ "StackServices": {
+ "service_name": "RANGER"
+ },
+ "components": [
+ {
+ "StackServiceComponents": {
+ "component_name": "RANGER_ADMIN",
+ "hostnames": ["host1"]
+ }
+ }
+ ]
+ },
+ ],
+ "configurations": {
+ "admin-properties": {
+ "properties": {
+ "DB_FLAVOR": "NOT_EXISTING",
+ }
+ },
+ "ranger-admin-site": {
+ "properties": {
+ "ranger.service.http.port": "7777",
+ "ranger.service.http.enabled": "true",
+ }
+ }
+ },
+ "ambari-server-properties": {
+ "ambari.ldap.isConfigured" : "true",
+ "authentication.ldap.bindAnonymously" : "false",
+ "authentication.ldap.baseDn" : "dc=apache,dc=org",
+ "authentication.ldap.groupNamingAttr" : "cn",
+ "authentication.ldap.primaryUrl" : "c6403.ambari.apache.org:389",
+ "authentication.ldap.userObjectClass" : "posixAccount",
+ "authentication.ldap.secondaryUrl" : "c6403.ambari.apache.org:389",
+ "authentication.ldap.usernameAttribute" : "uid",
+ "authentication.ldap.dnAttribute" : "dn",
+ "authentication.ldap.useSSL" : "false",
+ "authentication.ldap.managerPassword" : "/etc/ambari-server/conf/ldap-password.dat",
+ "authentication.ldap.groupMembershipAttr" : "memberUid",
+ "authentication.ldap.groupObjectClass" : "posixGroup",
+ "authentication.ldap.managerDn" : "uid=hdfs,ou=people,ou=dev,dc=apache,dc=org"
+ }
+ }
+
+ expected = {
+ 'admin-properties': {
+ 'properties': {
+ 'policymgr_external_url': 'http://host1:7777',
+ 'SQL_CONNECTOR_JAR': '/usr/share/java/mysql-connector-java.jar'
+ }
+ },
+ 'ranger-ugsync-site': {
+ 'properties': {
+ 'ranger.usersync.group.objectclass': 'posixGroup',
+ 'ranger.usersync.group.nameattribute': 'cn',
+ 'ranger.usersync.group.memberattributename': 'memberUid',
+ 'ranger.usersync.ldap.binddn': 'uid=hdfs,ou=people,ou=dev,dc=apache,dc=org',
+ 'ranger.usersync.ldap.user.nameattribute': 'uid',
+ 'ranger.usersync.ldap.user.objectclass': 'posixAccount',
+ 'ranger.usersync.ldap.url': 'c6403.ambari.apache.org:389',
+ 'ranger.usersync.ldap.searchBase': 'dc=apache,dc=org'
+ }
+ },
+ 'ranger-admin-site': {
+ 'properties': {
+ }
+ },
+ 'ranger-env': {
+ 'properties': {}
+ }
+ }
+
+ recommendedConfigurations = {}
+ self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None)
+ self.assertEquals(recommendedConfigurations, expected)
+