You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bigtop.apache.org by of...@apache.org on 2015/11/06 21:46:55 UTC
bigtop git commit: BIGTOP-2028: Enhance puppet config of zookeeper to
support kerberized clients
Repository: bigtop
Updated Branches:
refs/heads/master e6261d80f -> b2d94ebec
BIGTOP-2028: Enhance puppet config of zookeeper to support kerberized clients
Project: http://git-wip-us.apache.org/repos/asf/bigtop/repo
Commit: http://git-wip-us.apache.org/repos/asf/bigtop/commit/b2d94ebe
Tree: http://git-wip-us.apache.org/repos/asf/bigtop/tree/b2d94ebe
Diff: http://git-wip-us.apache.org/repos/asf/bigtop/diff/b2d94ebe
Branch: refs/heads/master
Commit: b2d94ebecc4fe31fe2c343184ffc14167a4ccca2
Parents: e6261d8
Author: Olaf Flebbe <o....@science-computing.de>
Authored: Thu Oct 8 13:54:25 2015 +0000
Committer: Olaf Flebbe <of...@ofleb.be>
Committed: Fri Nov 6 21:44:53 2015 +0100
----------------------------------------------------------------------
.../modules/hadoop_zookeeper/files/java.env | 3 +-
.../modules/hadoop_zookeeper/manifests/init.pp | 58 ++++++++++++++------
.../hadoop_zookeeper/templates/client-jaas.conf | 22 ++++++++
.../hadoop_zookeeper/templates/jaas.conf | 25 ---------
.../hadoop_zookeeper/templates/server-jaas.conf | 25 +++++++++
5 files changed, 89 insertions(+), 44 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env
----------------------------------------------------------------------
diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env b/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env
index 6aca488..0bde871 100644
--- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env
+++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/files/java.env
@@ -12,4 +12,5 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/jaas.conf"
+export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/server-jaas.conf"
+export CLIENT_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/client-jaas.conf"
http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp
----------------------------------------------------------------------
diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp b/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp
index 7bbfcfd..6965090 100644
--- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp
+++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/manifests/init.pp
@@ -13,7 +13,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-class hadoop_zookeeper {
+class hadoop_zookeeper (
+ $kerberos_realm = "",
+) {
class deploy ($roles) {
if ("zookeeper-client" in $roles) {
@@ -25,19 +27,45 @@ class hadoop_zookeeper {
}
}
- class client {
+ class common (
+ $kerberos_realm = $hadoop_zookeeper::kerberos_realm,
+ ) inherits hadoop_zookeeper {
+ if ($kerberos_realm) {
+ file { '/etc/zookeeper/conf/java.env':
+ source => 'puppet:///modules/hadoop_zookeeper/java.env',
+ }
+ Package<| title == 'zookeeper' |> -> File['/etc/zookeeper/conf/java.env']
+ Package<| title == 'zookeeper-server' |> -> File['/etc/zookeeper/conf/java.env']
+ File['/etc/zookeeper/conf/java.env'] ~> Service<| title == 'zookeeper-server' |>
+ }
+ }
+
+ class client (
+ $kerberos_realm = $hadoop_zookeeper::kerberos_realm,
+ ) inherits hadoop_zookeeper {
+ include common
+
package { "zookeeper":
ensure => latest,
require => Package["jdk"],
- }
+ }
+
+ if ($kerberos_realm) {
+ file { '/etc/zookeeper/conf/client-jaas.conf':
+ content => template('hadoop_zookeeper/client-jaas.conf'),
+ require => Package['zookeeper'],
+ }
+ }
}
class server($myid,
$port = "2181",
$datadir = "/var/lib/zookeeper",
$ensemble = ["localhost:2888:3888"],
- $kerberos_realm = "")
- {
+ $kerberos_realm = $hadoop_zookeeper::kerberos_realm,
+ ) inherits hadoop_zookeeper {
+ include common
+
package { "zookeeper-server":
ensure => latest,
require => Package["jdk"],
@@ -45,13 +73,13 @@ class hadoop_zookeeper {
service { "zookeeper-server":
ensure => running,
- require => [ Package["zookeeper-server"],
+ require => [ Package["zookeeper-server"],
Exec["zookeeper-server-initialize"] ],
subscribe => [ File["/etc/zookeeper/conf/zoo.cfg"],
File["/var/lib/zookeeper/myid"] ],
hasrestart => true,
hasstatus => true,
- }
+ }
file { "/etc/zookeeper/conf/zoo.cfg":
content => template("hadoop_zookeeper/zoo.cfg"),
@@ -62,7 +90,7 @@ class hadoop_zookeeper {
content => inline_template("<%= @myid %>"),
require => Package["zookeeper-server"],
}
-
+
exec { "zookeeper-server-initialize":
command => "/usr/bin/zookeeper-server-initialize",
user => "zookeeper",
@@ -74,19 +102,13 @@ class hadoop_zookeeper {
require kerberos::client
kerberos::host_keytab { "zookeeper":
- spnego => true,
- notify => Service["zookeeper-server"],
+ spnego => true,
require => Package["zookeeper-server"],
+ before => Service["zookeeper-server"],
}
- file { "/etc/zookeeper/conf/java.env":
- source => "puppet:///modules/hadoop_zookeeper/java.env",
- require => Package["zookeeper-server"],
- notify => Service["zookeeper-server"],
- }
-
- file { "/etc/zookeeper/conf/jaas.conf":
- content => template("hadoop_zookeeper/jaas.conf"),
+ file { "/etc/zookeeper/conf/server-jaas.conf":
+ content => template("hadoop_zookeeper/server-jaas.conf"),
require => Package["zookeeper-server"],
notify => Service["zookeeper-server"],
}
http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf
----------------------------------------------------------------------
diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf
new file mode 100644
index 0000000..55ff396
--- /dev/null
+++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/client-jaas.conf
@@ -0,0 +1,22 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=false
+ useTicketCache=true;
+};
http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf
----------------------------------------------------------------------
diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf
deleted file mode 100644
index 61b2eac..0000000
--- a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/jaas.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * <p/>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p/>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-Server {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="/etc/zookeeper.keytab"
- storeKey=true
- useTicketCache=false
- principal="zookeeper/<%= @fqdn %>@<%= @kerberos_realm %>";
-};
http://git-wip-us.apache.org/repos/asf/bigtop/blob/b2d94ebe/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf
----------------------------------------------------------------------
diff --git a/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf
new file mode 100644
index 0000000..61b2eac
--- /dev/null
+++ b/bigtop-deploy/puppet/modules/hadoop_zookeeper/templates/server-jaas.conf
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Server {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="/etc/zookeeper.keytab"
+ storeKey=true
+ useTicketCache=false
+ principal="zookeeper/<%= @fqdn %>@<%= @kerberos_realm %>";
+};