You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ao...@apache.org on 2015/11/11 18:36:35 UTC
[1/2] ambari git commit: AMBARI-13843. Create a script to setup an
Ambari deployment for non-root (aonishuk)
Repository: ambari
Updated Branches:
refs/heads/branch-2.1 bbe2ec80d -> 092181e8c
refs/heads/trunk 6ee80e70e -> 820f5cd22
AMBARI-13843. Create a script to setup an Ambari deployment for non-root (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/820f5cd2
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/820f5cd2
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/820f5cd2
Branch: refs/heads/trunk
Commit: 820f5cd224fce0adb42ab0fa47a59ee777d9a468
Parents: 6ee80e7
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Wed Nov 11 19:36:23 2015 +0200
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Wed Nov 11 19:36:23 2015 +0200
----------------------------------------------------------------------
.../non_root/setup_and_start_non_root_agent.sh | 32 ++++++++++++++++++++
.../non_root/setup_and_start_non_root_server.sh | 19 ++++++++++++
.../non_root/setup_and_start_non_root_agent.sh | 32 ++++++++++++++++++++
.../non_root/setup_and_start_non_root_server.sh | 19 ++++++++++++
4 files changed, 102 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/820f5cd2/b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
----------------------------------------------------------------------
diff --git a/b/contrib/utils/non_root/setup_and_start_non_root_agent.sh b/b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
new file mode 100755
index 0000000..a564546
--- /dev/null
+++ b/b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# Run this on every ambari-agent node where you wish to have ambari-agent running as non-root
+
+# The script functions:
+# a) adds ambari user
+# b) adds required sudo priviligies for it into /etc/sudoers
+# c) Starts ambari-agent as ambari user
+
+useradd ambari
+
+echo 'Defaults exempt_group = ambari' >> /etc/sudoers
+echo 'Defaults !env_reset,env_delete-=PATH' >> /etc/sudoers
+echo 'Defaults: ambari !requiretty' >> /etc/sudoers
+
+echo 'ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/chown, /bin/chmod, /bin/chgrp, /usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/useradd, /usr/sbin/usermod, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /usr/bin/hdp-select, /usr/bin/conf-select, /usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh, /usr/lib/hadoop/bin/hadoop-daemon.sh, /usr/lib/hadoop/sbin/hadoop-daemon.sh, /usr/hdp/current/ranger-admin/setup.sh, /usr/hdp/current/ranger-usersync/setup.sh, /usr/bin/ranger-usersync-stop, /usr/bin/ranger-usersync-start, /sbin/chkconfig gmond off, /sbin/chkconfig gmetad off, /etc/init.d/httpd *, /sbin/service hdp-gmetad start, /sbin/service hdp-gmond start, /usr/hdp/current/ranger-admin/ranger_credential_helper.py, /usr/hdp/current/ranger-kms/ranger_credential_he
lper.py, /usr/sbin/gmond, /usr/sbin/update-rc.d ganglia-monitor *, /usr/sbin/update-rc.d gmetad *, /etc/init.d/apache2 *, /usr/sbin/service hdp-gmond *, /usr/sbin/service hdp-gmetad *, /usr/sbin/service mysql *, /sbin/service mysqld *, /sbin/service mysql *, /bin/su hdfs *, /bin/su ambari-qa *, /bin/su ranger *, /bin/su zookeeper *, /bin/su knox *,/bin/su falcon *,/bin/su ams *, /bin/su flume *,/bin/su hbase *,/bin/su spark *,/bin/su accumulo *,/bin/su hive *, /bin/su hcat *,/bin/su kafka *,/bin/su mapred *,/bin/su oozie *,/bin/su sqoop *,/bin/su storm *,/bin/su tez *,/bin/su atlas *,/bin/su yarn *,/bin/su kms *,/bin/su mysql *' >> /etc/sudoers
+
+sed -i.bak 's/run_as_user\s*=\s*.*$/run_as_user=ambari/g' '/etc/ambari-agent/conf/ambari-agent.ini'
+su - ambari -c '/usr/sbin/ambari-agent restart'
http://git-wip-us.apache.org/repos/asf/ambari/blob/820f5cd2/b/contrib/utils/non_root/setup_and_start_non_root_server.sh
----------------------------------------------------------------------
diff --git a/b/contrib/utils/non_root/setup_and_start_non_root_server.sh b/b/contrib/utils/non_root/setup_and_start_non_root_server.sh
new file mode 100755
index 0000000..469a7a6
--- /dev/null
+++ b/b/contrib/utils/non_root/setup_and_start_non_root_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# setups ambari-server to run as ambari user and starts server as such
+
+echo -ne 'y\nambari\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n' | ambari-server setup
+ambari-server restart
http://git-wip-us.apache.org/repos/asf/ambari/blob/820f5cd2/contrib/utils/non_root/setup_and_start_non_root_agent.sh
----------------------------------------------------------------------
diff --git a/contrib/utils/non_root/setup_and_start_non_root_agent.sh b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
new file mode 100755
index 0000000..a564546
--- /dev/null
+++ b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# Run this on every ambari-agent node where you wish to have ambari-agent running as non-root
+
+# The script functions:
+# a) adds ambari user
+# b) adds required sudo priviligies for it into /etc/sudoers
+# c) Starts ambari-agent as ambari user
+
+useradd ambari
+
+echo 'Defaults exempt_group = ambari' >> /etc/sudoers
+echo 'Defaults !env_reset,env_delete-=PATH' >> /etc/sudoers
+echo 'Defaults: ambari !requiretty' >> /etc/sudoers
+
+echo 'ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/chown, /bin/chmod, /bin/chgrp, /usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/useradd, /usr/sbin/usermod, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /usr/bin/hdp-select, /usr/bin/conf-select, /usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh, /usr/lib/hadoop/bin/hadoop-daemon.sh, /usr/lib/hadoop/sbin/hadoop-daemon.sh, /usr/hdp/current/ranger-admin/setup.sh, /usr/hdp/current/ranger-usersync/setup.sh, /usr/bin/ranger-usersync-stop, /usr/bin/ranger-usersync-start, /sbin/chkconfig gmond off, /sbin/chkconfig gmetad off, /etc/init.d/httpd *, /sbin/service hdp-gmetad start, /sbin/service hdp-gmond start, /usr/hdp/current/ranger-admin/ranger_credential_helper.py, /usr/hdp/current/ranger-kms/ranger_credential_he
lper.py, /usr/sbin/gmond, /usr/sbin/update-rc.d ganglia-monitor *, /usr/sbin/update-rc.d gmetad *, /etc/init.d/apache2 *, /usr/sbin/service hdp-gmond *, /usr/sbin/service hdp-gmetad *, /usr/sbin/service mysql *, /sbin/service mysqld *, /sbin/service mysql *, /bin/su hdfs *, /bin/su ambari-qa *, /bin/su ranger *, /bin/su zookeeper *, /bin/su knox *,/bin/su falcon *,/bin/su ams *, /bin/su flume *,/bin/su hbase *,/bin/su spark *,/bin/su accumulo *,/bin/su hive *, /bin/su hcat *,/bin/su kafka *,/bin/su mapred *,/bin/su oozie *,/bin/su sqoop *,/bin/su storm *,/bin/su tez *,/bin/su atlas *,/bin/su yarn *,/bin/su kms *,/bin/su mysql *' >> /etc/sudoers
+
+sed -i.bak 's/run_as_user\s*=\s*.*$/run_as_user=ambari/g' '/etc/ambari-agent/conf/ambari-agent.ini'
+su - ambari -c '/usr/sbin/ambari-agent restart'
http://git-wip-us.apache.org/repos/asf/ambari/blob/820f5cd2/contrib/utils/non_root/setup_and_start_non_root_server.sh
----------------------------------------------------------------------
diff --git a/contrib/utils/non_root/setup_and_start_non_root_server.sh b/contrib/utils/non_root/setup_and_start_non_root_server.sh
new file mode 100755
index 0000000..469a7a6
--- /dev/null
+++ b/contrib/utils/non_root/setup_and_start_non_root_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# setups ambari-server to run as ambari user and starts server as such
+
+echo -ne 'y\nambari\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n' | ambari-server setup
+ambari-server restart
[2/2] ambari git commit: AMBARI-13843. Create a script to setup an
Ambari deployment for non-root (aonishuk)
Posted by ao...@apache.org.
AMBARI-13843. Create a script to setup an Ambari deployment for non-root (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/092181e8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/092181e8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/092181e8
Branch: refs/heads/branch-2.1
Commit: 092181e8c256b2ff21eec946b9ae1883fca7b2b0
Parents: bbe2ec8
Author: Andrew Onishuk <ao...@hortonworks.com>
Authored: Wed Nov 11 19:36:25 2015 +0200
Committer: Andrew Onishuk <ao...@hortonworks.com>
Committed: Wed Nov 11 19:36:25 2015 +0200
----------------------------------------------------------------------
.../non_root/setup_and_start_non_root_agent.sh | 32 ++++++++++++++++++++
.../non_root/setup_and_start_non_root_server.sh | 19 ++++++++++++
2 files changed, 51 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/092181e8/contrib/utils/non_root/setup_and_start_non_root_agent.sh
----------------------------------------------------------------------
diff --git a/contrib/utils/non_root/setup_and_start_non_root_agent.sh b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
new file mode 100755
index 0000000..a564546
--- /dev/null
+++ b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# Run this on every ambari-agent node where you wish to have ambari-agent running as non-root
+
+# The script functions:
+# a) adds ambari user
+# b) adds required sudo priviligies for it into /etc/sudoers
+# c) Starts ambari-agent as ambari user
+
+useradd ambari
+
+echo 'Defaults exempt_group = ambari' >> /etc/sudoers
+echo 'Defaults !env_reset,env_delete-=PATH' >> /etc/sudoers
+echo 'Defaults: ambari !requiretty' >> /etc/sudoers
+
+echo 'ambari ALL=(ALL) NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get, /bin/mkdir, /usr/bin/test, /bin/ln, /bin/chown, /bin/chmod, /bin/chgrp, /usr/sbin/groupadd, /usr/sbin/groupmod, /usr/sbin/useradd, /usr/sbin/usermod, /bin/cp, /usr/sbin/setenforce, /usr/bin/test, /usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat, /usr/bin/unzip, /bin/tar, /usr/bin/tee, /usr/bin/hdp-select, /usr/bin/conf-select, /usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh, /usr/lib/hadoop/bin/hadoop-daemon.sh, /usr/lib/hadoop/sbin/hadoop-daemon.sh, /usr/hdp/current/ranger-admin/setup.sh, /usr/hdp/current/ranger-usersync/setup.sh, /usr/bin/ranger-usersync-stop, /usr/bin/ranger-usersync-start, /sbin/chkconfig gmond off, /sbin/chkconfig gmetad off, /etc/init.d/httpd *, /sbin/service hdp-gmetad start, /sbin/service hdp-gmond start, /usr/hdp/current/ranger-admin/ranger_credential_helper.py, /usr/hdp/current/ranger-kms/ranger_credential_he
lper.py, /usr/sbin/gmond, /usr/sbin/update-rc.d ganglia-monitor *, /usr/sbin/update-rc.d gmetad *, /etc/init.d/apache2 *, /usr/sbin/service hdp-gmond *, /usr/sbin/service hdp-gmetad *, /usr/sbin/service mysql *, /sbin/service mysqld *, /sbin/service mysql *, /bin/su hdfs *, /bin/su ambari-qa *, /bin/su ranger *, /bin/su zookeeper *, /bin/su knox *,/bin/su falcon *,/bin/su ams *, /bin/su flume *,/bin/su hbase *,/bin/su spark *,/bin/su accumulo *,/bin/su hive *, /bin/su hcat *,/bin/su kafka *,/bin/su mapred *,/bin/su oozie *,/bin/su sqoop *,/bin/su storm *,/bin/su tez *,/bin/su atlas *,/bin/su yarn *,/bin/su kms *,/bin/su mysql *' >> /etc/sudoers
+
+sed -i.bak 's/run_as_user\s*=\s*.*$/run_as_user=ambari/g' '/etc/ambari-agent/conf/ambari-agent.ini'
+su - ambari -c '/usr/sbin/ambari-agent restart'
http://git-wip-us.apache.org/repos/asf/ambari/blob/092181e8/contrib/utils/non_root/setup_and_start_non_root_server.sh
----------------------------------------------------------------------
diff --git a/contrib/utils/non_root/setup_and_start_non_root_server.sh b/contrib/utils/non_root/setup_and_start_non_root_server.sh
new file mode 100755
index 0000000..469a7a6
--- /dev/null
+++ b/contrib/utils/non_root/setup_and_start_non_root_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# setups ambari-server to run as ambari user and starts server as such
+
+echo -ne 'y\nambari\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n' | ambari-server setup
+ambari-server restart