You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2015/10/06 13:12:30 UTC
[1/2] ambari git commit: AMBARI-13321. Oozie Alert Fails In
Kerberized Environment That Is Not SSL (aonishuk)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 43155ade0 -> 8692e32aa
refs/heads/trunk 6b8f69243 -> 815c5caaa
AMBARI-13321. Oozie Alert Fails In Kerberized Environment That Is Not SSL (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/815c5caa
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/815c5caa
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/815c5caa
Branch: refs/heads/trunk
Commit: 815c5caaa846a45dbded22da488a0242127ead2e
Parents: 6b8f692
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Tue Oct 6 14:12:23 2015 +0300
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Tue Oct 6 14:12:23 2015 +0300
----------------------------------------------------------------------
.../package/alerts/alert_check_oozie_server.py | 72 +++++++++-----------
1 file changed, 34 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/815c5caa/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
index c3143c6..764473e 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
@@ -43,28 +43,26 @@ KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY = '{{kerberos-env/executable_search_paths}}
OOZIE_URL_KEY = '{{oozie-site/oozie.base.url}}'
SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
-OOZIE_PRINCIPAL = '{{cluster-env/smokeuser_principal_name}}'
-OOZIE_KEYTAB = '{{cluster-env/smokeuser_keytab}}'
OOZIE_USER = '{{oozie-env/oozie_user}}'
OOZIE_CONF_DIR = '/usr/hdp/current/oozie-server/conf'
OOZIE_CONF_DIR_LEGACY = '/etc/oozie/conf'
OOZIE_HTTPS_PORT = '{{oozie-site/oozie.https.port}}'
OOZIE_ENV_CONTENT = '{{oozie-env/content}}'
-SMOKEUSER_KEYTAB_KEY = '{{cluster-env/smokeuser_keytab}}'
-SMOKEUSER_PRINCIPAL_KEY = '{{cluster-env/smokeuser_principal_name}}'
-SMOKEUSER_KEY = '{{cluster-env/smokeuser}}'
+USER_KEYTAB_KEY = '{{oozie-site/oozie.service.HadoopAccessorService.keytab.file}}'
+USER_PRINCIPAL_KEY = '{{oozie-site/oozie.service.HadoopAccessorService.kerberos.principal}}'
+USER_KEY = '{{oozie-env/oozie_user}}'
# default keytab location
-SMOKEUSER_KEYTAB_SCRIPT_PARAM_KEY = 'default.smoke.keytab'
-SMOKEUSER_KEYTAB_DEFAULT = '/etc/security/keytabs/smokeuser.headless.keytab'
+USER_KEYTAB_SCRIPT_PARAM_KEY = 'default.oozie.keytab'
+USER_KEYTAB_DEFAULT = '/etc/security/keytabs/oozie.headless.keytab'
-# default smoke principal
-SMOKEUSER_PRINCIPAL_SCRIPT_PARAM_KEY = 'default.smoke.principal'
-SMOKEUSER_PRINCIPAL_DEFAULT = 'ambari-qa@EXAMPLE.COM'
+# default user principal
+USER_PRINCIPAL_SCRIPT_PARAM_KEY = 'default.oozie.principal'
+USER_PRINCIPAL_DEFAULT = 'oozie@EXAMPLE.COM'
-# default smoke user
-SMOKEUSER_DEFAULT = 'ambari-qa'
+# default user
+USER_DEFAULT = 'oozie'
class KerberosPropertiesNotFound(Exception): pass
@@ -82,8 +80,8 @@ def get_tokens():
Returns a tuple of tokens in the format {{site/property}} that will be used
to build the dictionary passed into execute
"""
- return (OOZIE_URL_KEY, SMOKEUSER_PRINCIPAL_KEY, SECURITY_ENABLED, SMOKEUSER_KEYTAB_KEY, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY,
- SMOKEUSER_KEY, OOZIE_HTTPS_PORT, OOZIE_ENV_CONTENT)
+ return (OOZIE_URL_KEY, USER_PRINCIPAL_KEY, SECURITY_ENABLED, USER_KEYTAB_KEY, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY,
+ USER_KEY, OOZIE_HTTPS_PORT, OOZIE_ENV_CONTENT)
@OsFamilyFuncImpl(os_family=OSConst.WINSRV_FAMILY)
def get_check_command(oozie_url, host_name, configurations):
@@ -98,9 +96,9 @@ def get_check_command(oozie_url, host_name, configurations):
def get_check_command(oozie_url, host_name, configurations, parameters):
kerberos_env = None
- smokeuser = SMOKEUSER_DEFAULT
- if SMOKEUSER_KEY in configurations:
- smokeuser = configurations[SMOKEUSER_KEY]
+ user = USER_DEFAULT
+ if USER_KEY in configurations:
+ user = configurations[USER_KEY]
security_enabled = False
if SECURITY_ENABLED in configurations:
@@ -108,20 +106,22 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
if security_enabled:
# defaults
- smokeuser_keytab = SMOKEUSER_KEYTAB_DEFAULT
- smokeuser_principal = SMOKEUSER_PRINCIPAL_DEFAULT
+ user_keytab = USER_KEYTAB_DEFAULT
+ user_principal = USER_PRINCIPAL_DEFAULT
# check script params
- if SMOKEUSER_PRINCIPAL_SCRIPT_PARAM_KEY in parameters:
- smokeuser_principal = parameters[SMOKEUSER_PRINCIPAL_SCRIPT_PARAM_KEY]
- if SMOKEUSER_KEYTAB_SCRIPT_PARAM_KEY in parameters:
- smokeuser_keytab = parameters[SMOKEUSER_KEYTAB_SCRIPT_PARAM_KEY]
+ if USER_PRINCIPAL_SCRIPT_PARAM_KEY in parameters:
+ user_principal = parameters[USER_PRINCIPAL_SCRIPT_PARAM_KEY]
+ user_principal = user_principal.replace('_HOST', host_name.lower())
+ if USER_KEYTAB_SCRIPT_PARAM_KEY in parameters:
+ user_keytab = parameters[USER_KEYTAB_SCRIPT_PARAM_KEY]
# check configurations last as they should always take precedence
- if SMOKEUSER_PRINCIPAL_KEY in configurations:
- smokeuser_principal = configurations[SMOKEUSER_PRINCIPAL_KEY]
- if SMOKEUSER_KEYTAB_KEY in configurations:
- smokeuser_keytab = configurations[SMOKEUSER_KEYTAB_KEY]
+ if USER_PRINCIPAL_KEY in configurations:
+ user_principal = configurations[USER_PRINCIPAL_KEY]
+ user_principal = user_principal.replace('_HOST', host_name.lower())
+ if USER_KEYTAB_KEY in configurations:
+ user_keytab = configurations[USER_KEYTAB_KEY]
# Create the kerberos credentials cache (ccache) file and set it in the environment to use
# when executing curl
@@ -140,13 +140,13 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
# Determine if we need to kinit by testing to see if the relevant cache exists and has
# non-expired tickets. Tickets are marked to expire after 5 minutes to help reduce the number
# it kinits we do but recover quickly when keytabs are regenerated
- return_code, _ = call(klist_command, user=smokeuser)
+ return_code, _ = call(klist_command, user=user)
if return_code != 0:
kinit_path_local = get_kinit_path(kerberos_executable_search_paths)
- kinit_command = format("{kinit_path_local} -l 5m -kt {smokeuser_keytab} {smokeuser_principal}; ")
+ kinit_command = format("{kinit_path_local} -l 5m -kt {user_keytab} {user_principal}; ")
# kinit
- Execute(kinit_command, environment=kerberos_env, user=smokeuser)
+ Execute(kinit_command, environment=kerberos_env, user=user)
# oozie configuration directory uses a symlink when > HDP 2.2
oozie_config_directory = OOZIE_CONF_DIR_LEGACY
@@ -156,7 +156,7 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
command = "source {0}/oozie-env.sh ; oozie admin -oozie {1} -status".format(
oozie_config_directory, oozie_url)
- return (command, kerberos_env, smokeuser)
+ return (command, kerberos_env, user)
def execute(configurations={}, parameters={}, host_name=None):
"""
@@ -174,10 +174,6 @@ def execute(configurations={}, parameters={}, host_name=None):
if not OOZIE_URL_KEY in configurations:
return (RESULT_CODE_UNKNOWN, ['The Oozie URL is a required parameter.'])
- # use localhost on Windows, 0.0.0.0 on others; 0.0.0.0 means bind to all
- # interfaces, which doesn't work on Windows
- localhost_address = 'localhost' if OSCheck.get_os_family() == OSConst.WINSRV_FAMILY else '0.0.0.0'
-
https_port = None
# try to get https port form oozie-env content
if OOZIE_ENV_CONTENT in configurations:
@@ -203,12 +199,12 @@ def execute(configurations={}, parameters={}, host_name=None):
# https will not work with localhost address, we need put fqdn
if https_port is None:
- oozie_url = oozie_url.replace(urlparse(oozie_url).hostname, localhost_address)
+ oozie_url = oozie_url.replace(urlparse(oozie_url).hostname, host_name)
try:
- command, env, smokeuser = get_check_command(oozie_url, host_name, configurations, parameters)
+ command, env, user = get_check_command(oozie_url, host_name, configurations, parameters)
# execute the command
- Execute(command, environment=env, user=smokeuser)
+ Execute(command, environment=env, user=user)
return (RESULT_CODE_OK, ["Successful connection to {0}".format(oozie_url)])
except KerberosPropertiesNotFound, ex:
[2/2] ambari git commit: AMBARI-13321. Oozie Alert Fails In
Kerberized Environment That Is Not SSL (aonishuk)
Posted by ao...@apache.org.
AMBARI-13321. Oozie Alert Fails In Kerberized Environment That Is Not SSL (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8692e32a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8692e32a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8692e32a
Branch: refs/heads/branch-2.1
Commit: 8692e32aa403c0435e120b663ed3f02f050d2ceb
Parents: 43155ad
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Tue Oct 6 14:12:26 2015 +0300
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Tue Oct 6 14:12:26 2015 +0300
----------------------------------------------------------------------
.../package/alerts/alert_check_oozie_server.py | 72 +++++++++-----------
1 file changed, 34 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/8692e32a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
index c3143c6..764473e 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/alerts/alert_check_oozie_server.py
@@ -43,28 +43,26 @@ KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY = '{{kerberos-env/executable_search_paths}}
OOZIE_URL_KEY = '{{oozie-site/oozie.base.url}}'
SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
-OOZIE_PRINCIPAL = '{{cluster-env/smokeuser_principal_name}}'
-OOZIE_KEYTAB = '{{cluster-env/smokeuser_keytab}}'
OOZIE_USER = '{{oozie-env/oozie_user}}'
OOZIE_CONF_DIR = '/usr/hdp/current/oozie-server/conf'
OOZIE_CONF_DIR_LEGACY = '/etc/oozie/conf'
OOZIE_HTTPS_PORT = '{{oozie-site/oozie.https.port}}'
OOZIE_ENV_CONTENT = '{{oozie-env/content}}'
-SMOKEUSER_KEYTAB_KEY = '{{cluster-env/smokeuser_keytab}}'
-SMOKEUSER_PRINCIPAL_KEY = '{{cluster-env/smokeuser_principal_name}}'
-SMOKEUSER_KEY = '{{cluster-env/smokeuser}}'
+USER_KEYTAB_KEY = '{{oozie-site/oozie.service.HadoopAccessorService.keytab.file}}'
+USER_PRINCIPAL_KEY = '{{oozie-site/oozie.service.HadoopAccessorService.kerberos.principal}}'
+USER_KEY = '{{oozie-env/oozie_user}}'
# default keytab location
-SMOKEUSER_KEYTAB_SCRIPT_PARAM_KEY = 'default.smoke.keytab'
-SMOKEUSER_KEYTAB_DEFAULT = '/etc/security/keytabs/smokeuser.headless.keytab'
+USER_KEYTAB_SCRIPT_PARAM_KEY = 'default.oozie.keytab'
+USER_KEYTAB_DEFAULT = '/etc/security/keytabs/oozie.headless.keytab'
-# default smoke principal
-SMOKEUSER_PRINCIPAL_SCRIPT_PARAM_KEY = 'default.smoke.principal'
-SMOKEUSER_PRINCIPAL_DEFAULT = 'ambari-qa@EXAMPLE.COM'
+# default user principal
+USER_PRINCIPAL_SCRIPT_PARAM_KEY = 'default.oozie.principal'
+USER_PRINCIPAL_DEFAULT = 'oozie@EXAMPLE.COM'
-# default smoke user
-SMOKEUSER_DEFAULT = 'ambari-qa'
+# default user
+USER_DEFAULT = 'oozie'
class KerberosPropertiesNotFound(Exception): pass
@@ -82,8 +80,8 @@ def get_tokens():
Returns a tuple of tokens in the format {{site/property}} that will be used
to build the dictionary passed into execute
"""
- return (OOZIE_URL_KEY, SMOKEUSER_PRINCIPAL_KEY, SECURITY_ENABLED, SMOKEUSER_KEYTAB_KEY, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY,
- SMOKEUSER_KEY, OOZIE_HTTPS_PORT, OOZIE_ENV_CONTENT)
+ return (OOZIE_URL_KEY, USER_PRINCIPAL_KEY, SECURITY_ENABLED, USER_KEYTAB_KEY, KERBEROS_EXECUTABLE_SEARCH_PATHS_KEY,
+ USER_KEY, OOZIE_HTTPS_PORT, OOZIE_ENV_CONTENT)
@OsFamilyFuncImpl(os_family=OSConst.WINSRV_FAMILY)
def get_check_command(oozie_url, host_name, configurations):
@@ -98,9 +96,9 @@ def get_check_command(oozie_url, host_name, configurations):
def get_check_command(oozie_url, host_name, configurations, parameters):
kerberos_env = None
- smokeuser = SMOKEUSER_DEFAULT
- if SMOKEUSER_KEY in configurations:
- smokeuser = configurations[SMOKEUSER_KEY]
+ user = USER_DEFAULT
+ if USER_KEY in configurations:
+ user = configurations[USER_KEY]
security_enabled = False
if SECURITY_ENABLED in configurations:
@@ -108,20 +106,22 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
if security_enabled:
# defaults
- smokeuser_keytab = SMOKEUSER_KEYTAB_DEFAULT
- smokeuser_principal = SMOKEUSER_PRINCIPAL_DEFAULT
+ user_keytab = USER_KEYTAB_DEFAULT
+ user_principal = USER_PRINCIPAL_DEFAULT
# check script params
- if SMOKEUSER_PRINCIPAL_SCRIPT_PARAM_KEY in parameters:
- smokeuser_principal = parameters[SMOKEUSER_PRINCIPAL_SCRIPT_PARAM_KEY]
- if SMOKEUSER_KEYTAB_SCRIPT_PARAM_KEY in parameters:
- smokeuser_keytab = parameters[SMOKEUSER_KEYTAB_SCRIPT_PARAM_KEY]
+ if USER_PRINCIPAL_SCRIPT_PARAM_KEY in parameters:
+ user_principal = parameters[USER_PRINCIPAL_SCRIPT_PARAM_KEY]
+ user_principal = user_principal.replace('_HOST', host_name.lower())
+ if USER_KEYTAB_SCRIPT_PARAM_KEY in parameters:
+ user_keytab = parameters[USER_KEYTAB_SCRIPT_PARAM_KEY]
# check configurations last as they should always take precedence
- if SMOKEUSER_PRINCIPAL_KEY in configurations:
- smokeuser_principal = configurations[SMOKEUSER_PRINCIPAL_KEY]
- if SMOKEUSER_KEYTAB_KEY in configurations:
- smokeuser_keytab = configurations[SMOKEUSER_KEYTAB_KEY]
+ if USER_PRINCIPAL_KEY in configurations:
+ user_principal = configurations[USER_PRINCIPAL_KEY]
+ user_principal = user_principal.replace('_HOST', host_name.lower())
+ if USER_KEYTAB_KEY in configurations:
+ user_keytab = configurations[USER_KEYTAB_KEY]
# Create the kerberos credentials cache (ccache) file and set it in the environment to use
# when executing curl
@@ -140,13 +140,13 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
# Determine if we need to kinit by testing to see if the relevant cache exists and has
# non-expired tickets. Tickets are marked to expire after 5 minutes to help reduce the number
# it kinits we do but recover quickly when keytabs are regenerated
- return_code, _ = call(klist_command, user=smokeuser)
+ return_code, _ = call(klist_command, user=user)
if return_code != 0:
kinit_path_local = get_kinit_path(kerberos_executable_search_paths)
- kinit_command = format("{kinit_path_local} -l 5m -kt {smokeuser_keytab} {smokeuser_principal}; ")
+ kinit_command = format("{kinit_path_local} -l 5m -kt {user_keytab} {user_principal}; ")
# kinit
- Execute(kinit_command, environment=kerberos_env, user=smokeuser)
+ Execute(kinit_command, environment=kerberos_env, user=user)
# oozie configuration directory uses a symlink when > HDP 2.2
oozie_config_directory = OOZIE_CONF_DIR_LEGACY
@@ -156,7 +156,7 @@ def get_check_command(oozie_url, host_name, configurations, parameters):
command = "source {0}/oozie-env.sh ; oozie admin -oozie {1} -status".format(
oozie_config_directory, oozie_url)
- return (command, kerberos_env, smokeuser)
+ return (command, kerberos_env, user)
def execute(configurations={}, parameters={}, host_name=None):
"""
@@ -174,10 +174,6 @@ def execute(configurations={}, parameters={}, host_name=None):
if not OOZIE_URL_KEY in configurations:
return (RESULT_CODE_UNKNOWN, ['The Oozie URL is a required parameter.'])
- # use localhost on Windows, 0.0.0.0 on others; 0.0.0.0 means bind to all
- # interfaces, which doesn't work on Windows
- localhost_address = 'localhost' if OSCheck.get_os_family() == OSConst.WINSRV_FAMILY else '0.0.0.0'
-
https_port = None
# try to get https port form oozie-env content
if OOZIE_ENV_CONTENT in configurations:
@@ -203,12 +199,12 @@ def execute(configurations={}, parameters={}, host_name=None):
# https will not work with localhost address, we need put fqdn
if https_port is None:
- oozie_url = oozie_url.replace(urlparse(oozie_url).hostname, localhost_address)
+ oozie_url = oozie_url.replace(urlparse(oozie_url).hostname, host_name)
try:
- command, env, smokeuser = get_check_command(oozie_url, host_name, configurations, parameters)
+ command, env, user = get_check_command(oozie_url, host_name, configurations, parameters)
# execute the command
- Execute(command, environment=env, user=smokeuser)
+ Execute(command, environment=env, user=user)
return (RESULT_CODE_OK, ["Successful connection to {0}".format(oozie_url)])
except KerberosPropertiesNotFound, ex: