You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@slider.apache.org by jm...@apache.org on 2014/10/27 21:15:05 UTC

git commit: SLIDER-560 default secure config files for use by ambari slider view

Repository: incubator-slider
Updated Branches:
  refs/heads/develop 7506d930a -> 01f1e7d10


SLIDER-560 default secure config files for use by ambari slider view


Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/01f1e7d1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/01f1e7d1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/01f1e7d1

Branch: refs/heads/develop
Commit: 01f1e7d101616ccf5276d7446d494aa0e95277e9
Parents: 7506d93
Author: Jon Maron <jm...@hortonworks.com>
Authored: Mon Oct 27 16:13:45 2014 -0400
Committer: Jon Maron <jm...@hortonworks.com>
Committed: Mon Oct 27 16:14:47 2014 -0400

----------------------------------------------------------------------
 .../hbase/appConfig-secured-default.json        | 63 +++++++++++++++++
 .../storm/appConfig-secured-default.json        | 71 ++++++++++++++++++++
 2 files changed, 134 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/01f1e7d1/app-packages/hbase/appConfig-secured-default.json
----------------------------------------------------------------------
diff --git a/app-packages/hbase/appConfig-secured-default.json b/app-packages/hbase/appConfig-secured-default.json
new file mode 100644
index 0000000..2f3465f
--- /dev/null
+++ b/app-packages/hbase/appConfig-secured-default.json
@@ -0,0 +1,63 @@
+{
+    "schema": "http://example.org/specification/v2.0.0",
+    "metadata": {
+    },
+    "global": {
+        "application.def": ".slider/package/HBASE/slider-hbase-app-package-0.98.4.2.2.0.0-830-hadoop2.zip",
+        "create.default.zookeeper.node": "true",
+        "java_home": "/usr/jdk64/jdk1.7.0_67",
+        "system_configs": "core-site,hdfs-site",
+
+        "site.global.app_user": "${USER_NAME}",
+        "site.global.app_root": "${AGENT_WORK_ROOT}/app/install/hbase-0.98.4.2.2.0.0-830-hadoop2",
+
+        "site.global.ganglia_server_host": "${NN_HOST}",
+        "site.global.ganglia_server_port": "8667",
+        "site.global.ganglia_server_id": "Application1",
+        "site.global.ganglia_enabled":"true",
+
+        "site.global.hbase_instance_name": "instancename",
+        "site.global.hbase_root_password": "secret",
+        "site.global.user_group": "hadoop",
+        "site.global.security_enabled": "false",
+        "site.global.monitor_protocol": "http",
+        "site.global.hbase_thrift_port": "${HBASE_THRIFT.ALLOCATED_PORT}",
+        "site.global.hbase_thrift2_port": "${HBASE_THRIFT2.ALLOCATED_PORT}",
+        "site.global.hbase_rest_port": "${HBASE_REST.ALLOCATED_PORT}",
+
+        "site.hbase-env.hbase_master_heapsize": "1024m",
+        "site.hbase-env.hbase_regionserver_heapsize": "1024m",
+
+        "site.hbase-site.hbase.rootdir": "${DEFAULT_DATA_DIR}",
+        "site.hbase-site.hbase.superuser": "${USER_NAME}",
+        "site.hbase-site.hbase.tmp.dir": "${AGENT_WORK_ROOT}/work/app/tmp",
+        "site.hbase-site.hbase.local.dir": "${hbase.tmp.dir}/local",
+        "site.hbase-site.hbase.zookeeper.quorum": "${ZK_HOST}",
+        "site.hbase-site.zookeeper.znode.parent": "${DEFAULT_ZK_PATH}",
+        "site.hbase-site.hbase.regionserver.info.port": "0",
+        "site.hbase-site.hbase.master.info.port": "${HBASE_MASTER.ALLOCATED_PORT}",
+        "site.hbase-site.hbase.regionserver.port": "0",
+        "site.hbase-site.hbase.master.port": "0",
+
+        "site.hbase-site.hbase.security.authentication": "kerberos",
+        "site.hbase-site.hbase.security.authorization": "true",
+        "site.hbase-site.hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController",
+        "site.hbase-site.hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.AccessController",
+        "site.hbase-site.hbase.regionserver.kerberos.principal": "${USER_NAME}/_HOST@EXAMPLE.COM",
+        "site.hbase-site.hbase.regionserver.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab",
+        "site.hbase-site.hbase.master.kerberos.principal": "${USER_NAME}/_HOST@EXAMPLE.COM",
+        "site.hbase-site.hbase.master.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab",
+        "site.hbase-site.hbase.rest.kerberos.principal": "${USER_NAME}/_HOST@EXAMPLE.COM",
+        "site.hbase-site.hbase.rest.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab",
+        "site.hbase-site.hbase.thrift.kerberos.principal": "${USER_NAME}/_HOST@EXAMPLE.COM",
+        "site.hbase-site.hbase.thrift.keytab.file": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.headless.keytab"
+    },
+    "components": {
+        "slider-appmaster": {
+            "jvm.heapsize": "256M",
+            "slider.hdfs.keytab.dir": ".slider/keytabs/hbase",
+            "slider.am.login.keytab.name": "hbase.headless.keytab",
+            "slider.keytab.principal.name": "${USER_NAME}"
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/01f1e7d1/app-packages/storm/appConfig-secured-default.json
----------------------------------------------------------------------
diff --git a/app-packages/storm/appConfig-secured-default.json b/app-packages/storm/appConfig-secured-default.json
new file mode 100644
index 0000000..48e9447
--- /dev/null
+++ b/app-packages/storm/appConfig-secured-default.json
@@ -0,0 +1,71 @@
+{
+  "schema": "http://example.org/specification/v2.0.0",
+  "metadata": {
+  },
+  "global": {
+    "application.def": "/user/jon/slider/Apache_Storm_v_0_9_3.zip",
+    "java_home": "/usr/jdk64/jdk1.7.0_45",
+    "create.default.zookeeper.node": "true",
+
+    "site.global.app_user": "${USER_NAME}",
+    "site.global.app_root": "${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100",
+    "site.global.user_group": "hadoop",
+    "site.global.security_enabled": "true",
+    "site.global.ganglia_server_host": "${NN_HOST}",
+    "site.global.ganglia_server_id": "Application2",
+    "site.global.ganglia_enabled":"true",
+    "site.global.ganglia_server_port": "8668",
+    "site.global.rest_api_port": "${STORM_REST_API.ALLOCATED_PORT}",
+    "site.global.rest_api_admin_port": "${STORM_REST_API.ALLOCATED_PORT}",
+
+    "site.storm-site.storm.log.dir" : "${AGENT_LOG_ROOT}",
+    "site.storm-site.storm.zookeeper.servers": "['${ZK_HOST}']",
+    "site.storm-site.nimbus.thrift.port": "${NIMBUS.ALLOCATED_PORT}",
+    "site.storm-site.storm.local.dir": "${AGENT_WORK_ROOT}/app/tmp/storm",
+    "site.storm-site.transactional.zookeeper.root": "/transactional",
+    "site.storm-site.storm.zookeeper.port": "2181",
+    "site.storm-site.nimbus.childopts": "-Xmx1024m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf -javaagent:${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=${@//site/global/ganglia_server_host},port=${@//site/global/ganglia_server_port},wireformat31x=true,mode=multicast,config=${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/conf/jmxetric-conf.xml,process=Nimbus_JVM",
+    "site.storm-site.supervisor.childopts": "-Xmx256m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf  -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=0 -javaagent:${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=${NN_HOST},port=8668,wireformat31x=true,mode=multicast,config=${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/conf/jmxetric-conf.xml,process=Supervisor_JVM",
+    "site.storm-site.ui.childopts": "-Xmx768m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf",
+    "site.storm-site.worker.childopts": "-Xmx768m -Djava.security.auth.login.config=${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf -javaagent:${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/lib/jmxetric-1.0.4.jar=host=${@//site/global/ganglia_server_host},port=${@//site/global/ganglia_server_port},wireformat31x=true,mode=multicast,config=${AGENT_WORK_ROOT}/app/install/apache-storm-${pkg.version}/external/storm-jmxetric/conf/jmxetric-conf.xml,process=Worker_%ID%_JVM",
+    "site.storm-site.dev.zookeeper.path": "${AGENT_WORK_ROOT}/app/tmp/dev-storm-zookeeper",
+    "site.storm-site.drpc.invocations.port": "0",
+    "site.storm-site.storm.zookeeper.root": "${DEF_ZK_PATH}",
+    "site.storm-site.transactional.zookeeper.port": "null",
+    "site.storm-site.nimbus.host": "${NIMBUS_HOST}",
+    "site.storm-site.ui.port": "${STORM_UI_SERVER.ALLOCATED_PORT}",
+    "site.storm-site.supervisor.slots.ports": "[${SUPERVISOR.ALLOCATED_PORT}{DO_NOT_PROPAGATE},${SUPERVISOR.ALLOCATED_PORT}{DO_NOT_PROPAGATE}]",
+    "site.storm-site.drpc.port": "0",
+    "site.storm-site.drpc.servers": "['${NIMBUS_HOST}']",
+    "site.storm-site.logviewer.port": "${SUPERVISOR.ALLOCATED_PORT}{DO_NOT_PROPAGATE}",
+
+    "site.storm-site.nimbus.authorizer": "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer",
+    "site.storm-site.storm.thrift.transport": "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin",
+    "site.storm-site.java.security.auth.login.config": "${AGENT_WORK_ROOT}/app/install/apache-storm-0.9.3.0.2.5.0-100/conf/storm_jaas.conf",
+    "site.storm-site.storm.principal.tolocal": "backtype.storm.security.auth.KerberosPrincipalToLocal",
+    "site.storm-site.storm.zookeeper.superACL": "PLACE_JAAS_CLIENT_PRINCIPAL_HERE",
+    "site.storm-site.nimbus.admins": "['${USER_NAME}', 'PLACE_JAAS_STORMCLIENT_PRINCIPAL_HERE']",
+    "site.storm-site.nimbus.users": "['${USER_NAME}']",
+    "site.storm-site.nimbus.supervisor.users": "['PLACE_JAAS_STORMCLIENT_PRINCIPAL_HERE']",
+    "site.storm-site.nimubs.authorizer": "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer", 
+    "site.storm-site.storm.thrift.transport": "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin",
+    "site.storm-site.storm.principal.tolocal": "backtype.storm.security.auth.KerberosPrincipalToLocal",
+    "site.storm-site.ui.filter": "org.apache.hadoop.security.authentication.server.AuthenticationFilter",
+    "site.storm-site.ui.filter.params": "{'type': 'kerberos', 'kerberos.principal': 'HTTP/_HOST', 'kerberos.keytab': '/etc/security/keytabs/spnego.service.keytab', 'kerberos.name.rules': 'RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/DEFAULT'}",
+
+    "site.storm-env.kerberos_domain": "EXAMPLE.COM",
+    "site.storm-env.storm_client_principal_name": "PLACE_JAAS_STORMCLIENT_PRINCIPAL_HERE/_HOST",
+    "site.storm-env.storm_server_principal_name": "PLACE_JAAS_STORMSERVER_PRINCIPAL_HERE/_HOST",
+    "site.storm-env.storm_client_keytab": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.keytab",
+    "site.storm-env.storm_server_keytab": "${AGENT_WORK_ROOT}/keytabs/${USER_NAME}.keytab"
+    
+  },
+  "components": {
+    "slider-appmaster": {
+      "jvm.heapsize": "256M",
+      "slider.hdfs.keytab.dir": ".slider/keytabs/storm",
+      "slider.am.login.keytab.name": "${USER_NAME}.keytab",
+      "slider.keytab.principal.name": "${USER_NAME}"
+    }
+  }
+}