You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ec...@apache.org on 2017/04/21 14:54:41 UTC
[1/5] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log is
growing rapidly on the KDC server (echekanskiy)
Repository: ambari
Updated Branches:
refs/heads/trunk 84d2b3a0a -> b299641a0
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py b/ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py
index 5730783..530d1d9 100644
--- a/ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py
+++ b/ambari-server/src/test/python/stacks/2.1/YARN/test_apptimelineserver.py
@@ -266,116 +266,6 @@ class TestAppTimelineServer(RMFTestCase):
group = 'hadoop',
)
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'yarn-site': {
- 'yarn.timeline-service.keytab': '/path/to/applicationtimeline/keytab',
- 'yarn.timeline-service.principal': 'applicationtimeline_principal',
- 'yarn.timeline-service.http-authentication.kerberos.keytab': 'path/to/timeline/kerberos/keytab',
- 'yarn.timeline-service.http-authentication.kerberos.principal': 'timeline_principal'
- }
- }
- result_issues = []
- props_value_check = {"yarn.timeline-service.enabled": "true",
- "yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.timeline-service.principal",
- "yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.principal",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
-
- props_read_check = ["yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/application_timeline_server.py",
- classname="ApplicationTimelineServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('yarn-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['yarn-env']['yarn_user'],
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'],
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/application_timeline_server.py",
- classname="ApplicationTimelineServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains yarn-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/application_timeline_server.py",
- classname="ApplicationTimelineServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'yarn-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/application_timeline_server.py",
- classname="ApplicationTimelineServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/application_timeline_server.py",
- classname="ApplicationTimelineServer",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
@patch.object(resource_management.libraries.functions, "get_stack_version", new = MagicMock(return_value='2.3.0.0-1234'))
def test_pre_upgrade_restart_23(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
index e0118de..32b5d70 100644
--- a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
+++ b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py
@@ -128,108 +128,6 @@ class TestKnoxGateway(RMFTestCase):
)
self.assertNoMoreResources()
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock,
- validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- "krb5JAASLogin":
- {
- 'keytab': "/path/to/keytab",
- 'principal': "principal"
- },
- "gateway-site" : {
- "gateway.hadoop.kerberos.secured" : "true"
- }
- }
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
- classname = "KnoxGateway",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- self.assertTrue(build_exp_mock.call_count, 2)
- build_exp_mock.assert_called_with('gateway-site', {"gateway.hadoop.kerberos.secured": "true"}, None, None)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 1)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['knox-env']['knox_user'],
- security_params['krb5JAASLogin']['keytab'],
- security_params['krb5JAASLogin']['principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
- classname = "KnoxGateway",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains krb5JAASLogin
- empty_security_params = {"krb5JAASLogin" : {}}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
- classname = "KnoxGateway",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file and principal are not set."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {'krb5JAASLogin': "Something bad happened"}
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
- classname = "KnoxGateway",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/knox_gateway.py",
- classname = "KnoxGateway",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
@patch("os.path.isdir")
def test_pre_upgrade_restart(self, isdir_mock):
isdir_mock.return_value = True
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py b/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
index cd2fac8..539bef5 100644
--- a/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
+++ b/ambari-server/src/test/python/stacks/2.5/ATLAS/test_atlas_server.py
@@ -184,45 +184,3 @@ class TestAtlasServer(RMFTestCase):
self.assertResourceCalled('File', '/usr/hdp/current/atlas-server/conf/hdfs-site.xml',action = ['delete'],)
self.assertNoMoreResources()
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
-
- security_params = {
- 'atlas-application': {
- 'atlas.authentication.keytab': '/etc/security/keytabs/atlas.service.keytab',
- 'atlas.authentication.method.file': 'true',
- 'atlas.authentication.method.kerberos': 'true',
- 'atlas.authentication.method.kerberos.keytab': '/etc/security/keytabs/spnego.service.keytab',
- 'atlas.authentication.method.kerberos.principal': 'HTTP/_HOST@EXAMPLE.COM',
- 'atlas.authentication.principal': 'atlas/_HOST@EXAMPLE.COM'
- }
- }
- result_issues = []
- props_value_check = {'atlas.authentication.method.kerberos': 'true',
- 'atlas.solr.kerberos.enable': 'true'}
- props_empty_check = ['atlas.authentication.principal',
- 'atlas.authentication.keytab',
- 'atlas.authentication.method.kerberos.principal',
- 'atlas.authentication.method.kerberos.keytab']
- props_read_check = ['atlas.authentication.keytab',
- 'atlas.authentication.method.kerberos.keytab']
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/metadata_server.py",
- classname = "MetadataServer",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- build_exp_mock.assert_called_with('atlas-application', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
-
- self.assertNoMoreResources()
[5/5] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log is
growing rapidly on the KDC server (echekanskiy)
Posted by ec...@apache.org.
AMBARI-20733. /var/log/krb5kdc.log is growing rapidly on the KDC server (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b299641a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b299641a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b299641a
Branch: refs/heads/trunk
Commit: b299641a076266e8f2a19f55068c89d56bc602b7
Parents: 84d2b3a
Author: Eugene Chekanskiy <ec...@hortonworks.com>
Authored: Fri Apr 21 17:54:13 2017 +0300
Committer: Eugene Chekanskiy <ec...@hortonworks.com>
Committed: Fri Apr 21 17:54:13 2017 +0300
----------------------------------------------------------------------
.../src/main/python/ambari_agent/ActionQueue.py | 9 +-
.../ambari_agent/CustomServiceOrchestrator.py | 33 +-----
.../test/python/ambari_agent/TestActionQueue.py | 13 +--
.../TestCustomServiceOrchestrator.py | 51 --------
.../libraries/script/script.py | 16 ---
.../ambari/server/agent/ComponentStatus.java | 28 +----
.../ambari/server/agent/HeartbeatProcessor.java | 20 ----
.../package/scripts/accumulo_script.py | 50 --------
.../0.1.0/package/scripts/metrics_collector.py | 66 +----------
.../package/scripts/metadata_server.py | 78 -------------
.../0.5.0.2.1/package/scripts/falcon_client.py | 10 --
.../0.5.0.2.1/package/scripts/falcon_server.py | 59 ----------
.../0.96.0.2.0/package/scripts/hbase_master.py | 49 --------
.../package/scripts/hbase_regionserver.py | 49 --------
.../package/scripts/phoenix_queryserver.py | 6 +-
.../HDFS/2.1.0.2.0/package/scripts/datanode.py | 58 ---------
.../2.1.0.2.0/package/scripts/hdfs_client.py | 45 -------
.../2.1.0.2.0/package/scripts/journalnode.py | 57 ---------
.../HDFS/2.1.0.2.0/package/scripts/namenode.py | 57 ---------
.../2.1.0.2.0/package/scripts/nfsgateway.py | 58 ---------
.../HDFS/2.1.0.2.0/package/scripts/snamenode.py | 60 ----------
.../2.1.0.2.0/package/scripts/zkfc_slave.py | 43 -------
.../HDFS/3.0.0.3.0/package/scripts/datanode.py | 58 ---------
.../3.0.0.3.0/package/scripts/hdfs_client.py | 45 -------
.../3.0.0.3.0/package/scripts/journalnode.py | 57 ---------
.../HDFS/3.0.0.3.0/package/scripts/namenode.py | 57 ---------
.../3.0.0.3.0/package/scripts/nfsgateway.py | 58 ---------
.../HDFS/3.0.0.3.0/package/scripts/snamenode.py | 60 ----------
.../3.0.0.3.0/package/scripts/zkfc_slave.py | 43 -------
.../package/scripts/hive_metastore.py | 52 ---------
.../0.12.0.2.0/package/scripts/hive_server.py | 61 ----------
.../package/scripts/hive_server_interactive.py | 61 ----------
.../package/scripts/webhcat_server.py | 67 -----------
.../2.1.0.3.0/package/scripts/hive_metastore.py | 52 ---------
.../2.1.0.3.0/package/scripts/hive_server.py | 61 ----------
.../package/scripts/hive_server_interactive.py | 61 ----------
.../2.1.0.3.0/package/scripts/webhcat_server.py | 67 -----------
.../package/scripts/kerberos_client.py | 21 ----
.../0.5.0.2.2/package/scripts/knox_gateway.py | 61 ----------
.../4.0.0.2.0/package/scripts/oozie_server.py | 63 ----------
.../STORM/0.9.1/package/scripts/drpc_server.py | 52 ---------
.../STORM/0.9.1/package/scripts/nimbus.py | 45 -------
.../STORM/0.9.1/package/scripts/pacemaker.py | 52 ---------
.../STORM/0.9.1/package/scripts/ui_server.py | 53 ---------
.../scripts/application_timeline_server.py | 61 ----------
.../2.1.0.2.0/package/scripts/historyserver.py | 56 ---------
.../2.1.0.2.0/package/scripts/nodemanager.py | 60 ----------
.../package/scripts/resourcemanager.py | 60 ----------
.../scripts/application_timeline_server.py | 61 ----------
.../3.0.0.3.0/package/scripts/historyserver.py | 56 ---------
.../3.0.0.3.0/package/scripts/nodemanager.py | 60 ----------
.../package/scripts/resourcemanager.py | 60 ----------
.../3.4.5/package/scripts/zookeeper_server.py | 51 --------
.../KERBEROS/package/scripts/kerberos_client.py | 21 ----
.../server/agent/HeartbeatProcessorTest.java | 7 --
.../server/agent/TestHeartbeatHandler.java | 13 ---
.../stacks/2.0.6/HBASE/test_hbase_master.py | 102 ----------------
.../2.0.6/HBASE/test_hbase_regionserver.py | 104 -----------------
.../python/stacks/2.0.6/HDFS/test_datanode.py | 111 ------------------
.../stacks/2.0.6/HDFS/test_hdfs_client.py | 100 ----------------
.../stacks/2.0.6/HDFS/test_journalnode.py | 114 ------------------
.../python/stacks/2.0.6/HDFS/test_namenode.py | 114 ------------------
.../python/stacks/2.0.6/HDFS/test_nfsgateway.py | 116 ------------------
.../python/stacks/2.0.6/HDFS/test_snamenode.py | 117 +------------------
.../test/python/stacks/2.0.6/HDFS/test_zkfc.py | 102 +---------------
.../stacks/2.0.6/HIVE/test_hive_server.py | 112 ------------------
.../stacks/2.0.6/HIVE/test_webhcat_server.py | 116 ------------------
.../stacks/2.0.6/OOZIE/test_oozie_server.py | 113 ------------------
.../stacks/2.0.6/YARN/test_historyserver.py | 106 -----------------
.../stacks/2.0.6/YARN/test_nodemanager.py | 109 -----------------
.../stacks/2.0.6/YARN/test_resourcemanager.py | 108 -----------------
.../2.0.6/ZOOKEEPER/test_zookeeper_server.py | 103 ----------------
.../stacks/2.1/FALCON/test_falcon_client.py | 24 ----
.../stacks/2.1/FALCON/test_falcon_server.py | 109 -----------------
.../stacks/2.1/HIVE/test_hive_metastore.py | 113 ------------------
.../stacks/2.1/STORM/test_storm_drpc_server.py | 104 -----------------
.../stacks/2.1/STORM/test_storm_nimbus.py | 103 ----------------
.../stacks/2.1/STORM/test_storm_ui_server.py | 82 -------------
.../stacks/2.1/YARN/test_apptimelineserver.py | 110 -----------------
.../python/stacks/2.2/KNOX/test_knox_gateway.py | 102 ----------------
.../stacks/2.5/ATLAS/test_atlas_server.py | 42 -------
81 files changed, 13 insertions(+), 5211 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-agent/src/main/python/ambari_agent/ActionQueue.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/ActionQueue.py b/ambari-agent/src/main/python/ambari_agent/ActionQueue.py
index 75880c6..1eda5c2 100644
--- a/ambari-agent/src/main/python/ambari_agent/ActionQueue.py
+++ b/ambari-agent/src/main/python/ambari_agent/ActionQueue.py
@@ -498,16 +498,14 @@ class ActionQueue(threading.Thread):
def execute_status_command_and_security_status(self, command):
component_status_result = self.customServiceOrchestrator.requestComponentStatus(command)
- component_security_status_result = self.customServiceOrchestrator.requestComponentSecurityState(command)
-
- return command, component_status_result, component_security_status_result
+ return command, component_status_result
def process_status_command_result(self, result):
'''
Executes commands of type STATUS_COMMAND
'''
try:
- command, component_status_result, component_security_status_result = result
+ command, component_status_result = result
cluster = command['clusterName']
service = command['serviceName']
component = command['componentName']
@@ -548,9 +546,6 @@ class ActionQueue(threading.Thread):
if self.controller.recovery_manager.enabled():
result['sendExecCmdDet'] = str(request_execution_cmd)
- # Add security state to the result
- result['securityState'] = component_security_status_result
-
if component_extra is not None and len(component_extra) != 0:
if component_extra.has_key('alerts'):
result['alerts'] = component_extra['alerts']
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
index a67e16e..8b8a8f9 100644
--- a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
+++ b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
@@ -47,7 +47,6 @@ class CustomServiceOrchestrator():
SCRIPT_TYPE_PYTHON = "PYTHON"
COMMAND_TYPE = "commandType"
COMMAND_NAME_STATUS = "STATUS"
- COMMAND_NAME_SECURITY_STATUS = "SECURITY_STATUS"
CUSTOM_ACTION_COMMAND = 'ACTIONEXECUTE'
CUSTOM_COMMAND_COMMAND = 'CUSTOM_COMMAND'
@@ -63,7 +62,7 @@ class CustomServiceOrchestrator():
AMBARI_SERVER_PORT = "ambari_server_port"
AMBARI_SERVER_USE_SSL = "ambari_server_use_ssl"
- FREQUENT_COMMANDS = [COMMAND_NAME_SECURITY_STATUS, COMMAND_NAME_STATUS]
+ FREQUENT_COMMANDS = [COMMAND_NAME_STATUS]
DONT_DEBUG_FAILURES_FOR_COMMANDS = FREQUENT_COMMANDS
REFLECTIVELY_RUN_COMMANDS = FREQUENT_COMMANDS # -- commands which run a lot and often (this increases their speed)
DONT_BACKUP_LOGS_FOR_COMMANDS = FREQUENT_COMMANDS
@@ -467,36 +466,6 @@ class CustomServiceOrchestrator():
override_output_files=override_output_files)
return res
- def requestComponentSecurityState(self, command):
- """
- Determines the current security state of the component
- A command will be issued to trigger the security_status check and the result of this check will
- returned to the caller. If the component lifecycle script has no security_status method the
- check will return non zero exit code and "UNKNOWN" will be returned.
- """
- override_output_files=True # by default, we override status command output
- if logger.level == logging.DEBUG:
- override_output_files = False
- security_check_res = self.runCommand(command, self.status_commands_stdout,
- self.status_commands_stderr, self.COMMAND_NAME_SECURITY_STATUS,
- override_output_files=override_output_files)
- result = 'UNKNOWN'
-
- if security_check_res is None:
- logger.warn("The return value of the security_status check was empty, the security status is unknown")
- elif 'exitcode' not in security_check_res:
- logger.warn("Missing 'exitcode' value from the security_status check result, the security status is unknown")
- elif security_check_res['exitcode'] != 0:
- logger.debug("The 'exitcode' value from the security_status check result indicated the check routine failed to properly execute, the security status is unknown")
- elif 'structuredOut' not in security_check_res:
- logger.warn("Missing 'structuredOut' value from the security_status check result, the security status is unknown")
- elif 'securityState' not in security_check_res['structuredOut']:
- logger.warn("Missing 'securityState' value from the security_status check structuredOut data set, the security status is unknown")
- else:
- result = security_check_res['structuredOut']['securityState']
-
- return result
-
def resolve_script_path(self, base_dir, script):
"""
Encapsulates logic of script location determination.
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py b/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py
index ab46f96..faa9b81 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py
@@ -988,12 +988,11 @@ class TestActionQueue(TestCase):
dummy_controller.recovery_manager = RecoveryManager(tempfile.mktemp())
- result = (self.status_command, {'exitcode': 0 }, 'UNKNOWN')
+ result = (self.status_command, {'exitcode': 0 })
actionQueue.process_status_command_result(result)
report = actionQueue.result()
- expected = {'dummy report': '',
- 'securityState' : 'UNKNOWN'}
+ expected = {'dummy report': ''}
self.assertEqual(len(report['componentStatus']), 1)
self.assertEqual(report['componentStatus'][0], expected)
@@ -1019,12 +1018,11 @@ class TestActionQueue(TestCase):
dummy_controller.recovery_manager = RecoveryManager(tempfile.mktemp(), True, False)
- result = (self.status_command, {'exitcode': 0 }, 'UNKNOWN')
+ result = (self.status_command, {'exitcode': 0 })
actionQueue.process_status_command_result(result)
report = actionQueue.result()
expected = {'dummy report': '',
- 'securityState' : 'UNKNOWN',
'sendExecCmdDet': 'True'}
self.assertEqual(len(report['componentStatus']), 1)
@@ -1033,12 +1031,11 @@ class TestActionQueue(TestCase):
requires_recovery_mock.return_value = True
command_exists_mock.return_value = True
- result = (self.status_command, {'exitcode': 0 }, 'UNKNOWN')
+ result = (self.status_command, {'exitcode': 0 })
actionQueue.process_status_command_result(result)
report = actionQueue.result()
expected = {'dummy report': '',
- 'securityState' : 'UNKNOWN',
'sendExecCmdDet': 'False'}
self.assertEqual(len(report['componentStatus']), 1)
@@ -1062,7 +1059,7 @@ class TestActionQueue(TestCase):
'structuredOut': {'alerts': [ {'name': 'flume_alert'} ] }
}
- result = (self.status_command_for_alerts, command_return_value, command_return_value)
+ result = (self.status_command_for_alerts, command_return_value)
build_mock.return_value = {'somestatusresult': 'aresult'}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
----------------------------------------------------------------------
diff --git a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
index 8e5e9a3..c54ffca 100644
--- a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
+++ b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py
@@ -569,57 +569,6 @@ class TestCustomServiceOrchestrator(TestCase):
status = orchestrator.requestComponentStatus(status_command)
self.assertEqual(runCommand_mock.return_value, status)
- @patch.object(CustomServiceOrchestrator, "runCommand")
- @patch.object(FileCache, "__init__")
- def test_requestComponentSecurityState(self, FileCache_mock, runCommand_mock):
- FileCache_mock.return_value = None
- status_command = {
- "serviceName" : 'HDFS',
- "commandType" : "STATUS_COMMAND",
- "clusterName" : "",
- "componentName" : "DATANODE",
- 'configurations':{}
- }
- dummy_controller = MagicMock()
- orchestrator = CustomServiceOrchestrator(self.config, dummy_controller)
- # Test securityState
- runCommand_mock.return_value = {
- 'exitcode' : 0,
- 'structuredOut' : {'securityState': 'UNSECURED'}
- }
-
- status = orchestrator.requestComponentSecurityState(status_command)
- self.assertEqual('UNSECURED', status)
-
- # Test case where exit code indicates failure
- runCommand_mock.return_value = {
- "exitcode" : 1
- }
- status = orchestrator.requestComponentSecurityState(status_command)
- self.assertEqual('UNKNOWN', status)
-
- @patch.object(FileCache, "__init__")
- def test_requestComponentSecurityState_realFailure(self, FileCache_mock):
- '''
- Tests the case where the CustomServiceOrchestrator attempts to call a service's security_status
- method, but fails to do so because the script or method was not found.
- :param FileCache_mock:
- :return:
- '''
- FileCache_mock.return_value = None
- status_command = {
- "serviceName" : 'BOGUS_SERVICE',
- "commandType" : "STATUS_COMMAND",
- "clusterName" : "",
- "componentName" : "DATANODE",
- 'configurations':{}
- }
- dummy_controller = MagicMock()
- orchestrator = CustomServiceOrchestrator(self.config, dummy_controller)
-
- status = orchestrator.requestComponentSecurityState(status_command)
- self.assertEqual('UNKNOWN', status)
-
@patch.object(CustomServiceOrchestrator, "get_py_executor")
@patch.object(CustomServiceOrchestrator, "dump_command_to_json")
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-common/src/main/python/resource_management/libraries/script/script.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/script/script.py b/ambari-common/src/main/python/resource_management/libraries/script/script.py
index d0e5678..a08feab 100644
--- a/ambari-common/src/main/python/resource_management/libraries/script/script.py
+++ b/ambari-common/src/main/python/resource_management/libraries/script/script.py
@@ -864,22 +864,6 @@ class Script(object):
"""
self.fail_with_error('configure method isn\'t implemented')
- def security_status(self, env):
- """
- To be overridden by subclasses to provide the current security state of the component.
- Implementations are required to set the "securityState" property of the structured out data set
- to one of the following values:
-
- UNSECURED - If the component is not configured for any security protocol such as
- Kerberos
- SECURED_KERBEROS - If the component is configured for Kerberos
- UNKNOWN - If the security state cannot be determined
- ERROR - If the component is supposed to be secured, but there are issues with the
- configuration. For example, if the component is configured for Kerberos
- but the configured principal and keytab file fail to kinit
- """
- self.put_structured_out({"securityState": "UNKNOWN"})
-
def generate_configs_get_template_file_content(self, filename, dicts):
config = self.get_config()
content = ''
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java
index 5591ae8..68e1734 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java
@@ -28,12 +28,6 @@ public class ComponentStatus {
private String msg;
private String status;
- /**
- * A String declaring the component's security state
- *
- * @see org.apache.ambari.server.state.SecurityState
- */
- private String securityState;
private String sendExecCmdDet = "False";
private String serviceName;
@@ -74,26 +68,6 @@ public class ComponentStatus {
this.status = status;
}
- /**
- * Gets the relevant component's security state.
- *
- * @return a String declaring this component's security state
- * @see org.apache.ambari.server.state.SecurityState
- */
- public String getSecurityState() {
- return securityState;
- }
-
- /**
- * Sets the relevant component's security state.
- *
- * @param securityState a String declaring this component's security state
- * @see org.apache.ambari.server.state.SecurityState
- */
- public void setSecurityState(String securityState) {
- this.securityState = securityState;
- }
-
public String getStackVersion() {
return stackVersion;
}
@@ -158,7 +132,7 @@ public class ComponentStatus {
@Override
public String toString() {
return "ComponentStatus [componentName=" + componentName + ", msg=" + msg
- + ", status=" + status + ", securityState=" + securityState
+ + ", status=" + status
+ ", serviceName=" + serviceName + ", clusterName=" + clusterName
+ ", stackVersion=" + stackVersion + ", configurationTags="
+ configurationTags + ", extra=" + extra + "]";
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
index 8cd2804..c1028dc 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java
@@ -56,7 +56,6 @@ import org.apache.ambari.server.state.ComponentInfo;
import org.apache.ambari.server.state.Host;
import org.apache.ambari.server.state.HostHealthStatus;
import org.apache.ambari.server.state.MaintenanceState;
-import org.apache.ambari.server.state.SecurityState;
import org.apache.ambari.server.state.Service;
import org.apache.ambari.server.state.ServiceComponent;
import org.apache.ambari.server.state.ServiceComponentHost;
@@ -617,25 +616,6 @@ public class HeartbeatProcessor extends AbstractService{
}
}
- SecurityState prevSecurityState = scHost.getSecurityState();
- SecurityState currentSecurityState = SecurityState.valueOf(status.getSecurityState());
- if((prevSecurityState != currentSecurityState)) {
- if(prevSecurityState.isEndpoint()) {
- scHost.setSecurityState(currentSecurityState);
- LOG.info(String.format("Security of service component %s of service %s of cluster %s " +
- "has changed from %s to %s on host %s",
- componentName, status.getServiceName(), status.getClusterName(), prevSecurityState,
- currentSecurityState, hostname));
- }
- else {
- LOG.debug(String.format("Security of service component %s of service %s of cluster %s " +
- "has changed from %s to %s on host %s but will be ignored since %s is a " +
- "transitional state",
- componentName, status.getServiceName(), status.getClusterName(),
- prevSecurityState, currentSecurityState, hostname, prevSecurityState));
- }
- }
-
if (null != status.getStackVersion() && !status.getStackVersion().isEmpty()) {
scHost.setStackVersion(gson.fromJson(status.getStackVersion(), StackId.class));
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py
index 01fbce2..445c996 100644
--- a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py
+++ b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py
@@ -119,56 +119,6 @@ class AccumuloScript(Script):
# some accumulo components depend on the client, so update that too
stack_select.select("accumulo-client", params.version)
-
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- props_value_check = {}
- props_empty_check = ['general.kerberos.keytab',
- 'general.kerberos.principal']
- props_read_check = ['general.kerberos.keytab']
- accumulo_site_expectations = build_expectations('accumulo-site',
- props_value_check, props_empty_check, props_read_check)
-
- accumulo_expectations = {}
- accumulo_expectations.update(accumulo_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'accumulo-site.xml': FILE_TYPE_XML})
-
- result_issues = validate_security_config_properties(security_params, accumulo_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'accumulo-site' not in security_params
- or 'general.kerberos.keytab' not in security_params['accumulo-site']
- or 'general.kerberos.principal' not in security_params['accumulo-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.accumulo_user,
- security_params['accumulo-site']['general.kerberos.keytab'],
- security_params['accumulo-site']['general.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir,
- 30)
-
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py
index 7073de6..fc2576d 100644
--- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py
+++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py
@@ -77,71 +77,7 @@ class AmsCollector(Script):
@OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT)
class AmsCollectorDefault(AmsCollector):
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hbase.security.authentication": "kerberos",
- "hbase.security.authorization": "true"}
-
- props_empty_check = ["hbase.zookeeper.property.authProvider.1",
- "hbase.master.keytab.file",
- "hbase.master.kerberos.principal",
- "hbase.regionserver.keytab.file",
- "hbase.regionserver.kerberos.principal"
- ]
- props_read_check = ['hbase.master.keytab.file', 'hbase.regionserver.keytab.file']
- ams_hbase_site_expectations = build_expectations('hbase-site', props_value_check,
- props_empty_check,
- props_read_check)
-
- expectations = {}
- expectations.update(ams_hbase_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.ams_hbase_conf_dir,
- {'hbase-site.xml': FILE_TYPE_XML})
-
- # In case of blueprint deployment security_status might be called before AMS collector is installed.
- if ('hbase-site' not in security_params or 'hbase.cluster.distributed' not in security_params['hbase-site']) :
- self.put_structured_out({"securityState": "UNKNOWN"})
- return
-
- is_hbase_distributed = security_params['hbase-site']['hbase.cluster.distributed']
- # for embedded mode, when HBase is backed by file, security state is SECURED_KERBEROS by definition when cluster is secured
- if status_params.security_enabled and not is_hbase_distributed:
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- return
-
- result_issues = validate_security_config_properties(security_params, expectations)
-
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hbase-site' not in security_params or
- 'hbase.master.keytab.file' not in security_params['hbase-site'] or
- 'hbase.master.kerberos.principal' not in security_params['hbase-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hbase_user,
- security_params['hbase-site']['hbase.master.keytab.file'],
- security_params['hbase-site']['hbase.master.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (
- cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
+ pass
@OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY)
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
index 3c62243..1ef77cf 100644
--- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
+++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py
@@ -168,84 +168,6 @@ class MetadataServer(Script):
env.set_params(status_params)
check_process_status(status_params.pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- file_name_key = 'applicaton'
- props_value_check = {'atlas.authentication.method': 'kerberos',
- 'atlas.http.authentication.enabled': 'true',
- 'atlas.http.authentication.type': 'kerberos'}
- props_empty_check = ['atlas.authentication.principal',
- 'atlas.authentication.keytab',
- 'atlas.http.authentication.kerberos.principal',
- 'atlas.http.authentication.kerberos.keytab']
- props_read_check = ['atlas.authentication.keytab',
- 'atlas.http.authentication.kerberos.keytab']
-
- if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, status_params.version_for_stack_feature_checks):
- file_name_key = 'atlas-application'
- props_value_check = {'atlas.authentication.method.kerberos': 'true',
- 'atlas.solr.kerberos.enable': 'true'}
- props_empty_check = ['atlas.authentication.principal',
- 'atlas.authentication.keytab',
- 'atlas.authentication.method.kerberos.principal',
- 'atlas.authentication.method.kerberos.keytab']
- props_read_check = ['atlas.authentication.keytab',
- 'atlas.authentication.method.kerberos.keytab']
-
- atlas_site_expectations = build_expectations(file_name_key,
- props_value_check,
- props_empty_check,
- props_read_check)
-
- atlas_expectations = {}
- atlas_expectations.update(atlas_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {status_params.conf_file: FILE_TYPE_PROPERTIES})
- result_issues = validate_security_config_properties(security_params, atlas_expectations)
-
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( file_name_key not in security_params
- or 'atlas.authentication.keytab' not in security_params[file_name_key]
- or 'atlas.authentication.principal' not in security_params[file_name_key]):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Atlas service keytab file or principal are not set property."})
- return
-
- if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, status_params.version_for_stack_feature_checks):
- if ( file_name_key not in security_params
- or 'atlas.authentication.method.kerberos.keytab' not in security_params[file_name_key]
- or 'atlas.authentication.method.kerberos.principal' not in security_params[file_name_key]):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Method Authentication keytab file or principal are not set property."})
- return
- else:
- if ( file_name_key not in security_params
- or 'atlas.http.authentication.kerberos.keytab' not in security_params[file_name_key]
- or 'atlas.http.authentication.kerberos.principal' not in security_params[file_name_key]):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "HTTP Authentication keytab file or principal are not set property."})
- return
-
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py
index 6d1dbc5..b0f517b 100644
--- a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py
+++ b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py
@@ -59,16 +59,6 @@ class FalconClientLinux(FalconClient):
conf_select.select(params.stack_name, "falcon", params.version)
stack_select.select("falcon-client", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
-
@OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY)
class FalconClientWindows(FalconClient):
def install(self, env):
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py
index c4960a7..23f9ef8 100644
--- a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py
+++ b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py
@@ -89,65 +89,6 @@ class FalconServerLinux(FalconServer):
falcon_server_upgrade.pre_start_restore()
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"*.falcon.authentication.type": "kerberos",
- "*.falcon.http.authentication.type": "kerberos"}
- props_empty_check = ["*.falcon.service.authentication.kerberos.principal",
- "*.falcon.service.authentication.kerberos.keytab",
- "*.falcon.http.authentication.kerberos.principal",
- "*.falcon.http.authentication.kerberos.keytab"]
- props_read_check = ["*.falcon.service.authentication.kerberos.keytab",
- "*.falcon.http.authentication.kerberos.keytab"]
- falcon_startup_props = build_expectations('startup', props_value_check, props_empty_check,
- props_read_check)
-
- falcon_expectations ={}
- falcon_expectations.update(falcon_startup_props)
-
- security_params = get_params_from_filesystem('/etc/falcon/conf',
- {'startup.properties': FILE_TYPE_PROPERTIES})
- result_issues = validate_security_config_properties(security_params, falcon_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'startup' not in security_params
- or '*.falcon.service.authentication.kerberos.keytab' not in security_params['startup']
- or '*.falcon.service.authentication.kerberos.principal' not in security_params['startup']) \
- or '*.falcon.http.authentication.kerberos.keytab' not in security_params['startup'] \
- or '*.falcon.http.authentication.kerberos.principal' not in security_params['startup']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.falcon_user,
- security_params['startup']['*.falcon.service.authentication.kerberos.keytab'],
- security_params['startup']['*.falcon.service.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.falcon_user,
- security_params['startup']['*.falcon.http.authentication.kerberos.keytab'],
- security_params['startup']['*.falcon.http.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.falcon_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
index d2c8089..83af3aa 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py
@@ -98,55 +98,6 @@ class HbaseMasterDefault(HbaseMaster):
check_process_status(status_params.hbase_master_pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hbase.security.authentication" : "kerberos",
- "hbase.security.authorization": "true"}
- props_empty_check = ['hbase.master.keytab.file',
- 'hbase.master.kerberos.principal']
- props_read_check = ['hbase.master.keytab.file']
- hbase_site_expectations = build_expectations('hbase-site', props_value_check, props_empty_check,
- props_read_check)
-
- hbase_expectations = {}
- hbase_expectations.update(hbase_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hbase_conf_dir,
- {'hbase-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hbase_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'hbase-site' not in security_params
- or 'hbase.master.keytab.file' not in security_params['hbase-site']
- or 'hbase.master.kerberos.principal' not in security_params['hbase-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hbase_user,
- security_params['hbase-site']['hbase.master.keytab.file'],
- security_params['hbase-site']['hbase.master.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
index 226e7fd5..75910b1 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py
@@ -109,55 +109,6 @@ class HbaseRegionServerDefault(HbaseRegionServer):
check_process_status(status_params.regionserver_pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hbase.security.authentication" : "kerberos",
- "hbase.security.authorization": "true"}
- props_empty_check = ['hbase.regionserver.keytab.file',
- 'hbase.regionserver.kerberos.principal']
- props_read_check = ['hbase.regionserver.keytab.file']
- hbase_site_expectations = build_expectations('hbase-site', props_value_check, props_empty_check,
- props_read_check)
-
- hbase_expectations = {}
- hbase_expectations.update(hbase_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hbase_conf_dir,
- {'hbase-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hbase_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'hbase-site' not in security_params
- or 'hbase.regionserver.keytab.file' not in security_params['hbase-site']
- or 'hbase.regionserver.kerberos.principal' not in security_params['hbase-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hbase_user,
- security_params['hbase-site']['hbase.regionserver.keytab.file'],
- security_params['hbase-site']['hbase.regionserver.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py
index 77820cc..8a85d6e 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py
@@ -71,10 +71,6 @@ class PhoenixQueryServer(Script):
import status_params
env.set_params(status_params)
phoenix_service('status')
-
-
- def security_status(self, env):
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
@@ -89,4 +85,4 @@ class PhoenixQueryServer(Script):
return [status_params.phoenix_pid_file]
if __name__ == "__main__":
- PhoenixQueryServer().execute()
\ No newline at end of file
+ PhoenixQueryServer().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py
index cd52885..da03cce 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py
@@ -143,64 +143,6 @@ class DataNodeDefault(DataNode):
hdfs_binary = self.get_hdfs_binary()
# ensure the DataNode has started and rejoined the cluster
datanode_upgrade.post_upgrade_check(hdfs_binary)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.datanode.keytab.file',
- 'dfs.datanode.kerberos.principal']
- props_read_check = ['dfs.datanode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.datanode.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.datanode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.datanode.keytab.file'],
- security_params['hdfs-site']['dfs.datanode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py
index 4dabdbc..51acc9e 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py
@@ -66,51 +66,6 @@ class HdfsClientDefault(HdfsClient):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hadoop-client", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- hdfs_expectations ={}
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- if status_params.hdfs_user_principal or status_params.hdfs_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- status_params.hdfs_user_keytab,
- status_params.hdfs_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityIssuesFound": "hdfs principal and/or keytab file is not specified"})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
-
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
@OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY)
class HdfsClientWindows(HdfsClient):
def install(self, env):
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py
index 9448fa6..7fd8d70 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py
@@ -105,63 +105,6 @@ class JournalNodeDefault(JournalNode):
env.set_params(status_params)
check_process_status(status_params.journalnode_pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
-
- props_value_check = None
- props_empty_check = ['dfs.journalnode.keytab.file',
- 'dfs.journalnode.kerberos.principal']
- props_read_check = ['dfs.journalnode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(hdfs_site_expectations)
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.journalnode.kerberos.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.journalnode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.journalnode.kerberos.keytab.file'],
- security_params['hdfs-site']['dfs.journalnode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
index 1347f37..65cd378 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py
@@ -216,63 +216,6 @@ class NameNodeDefault(NameNode):
try_sleep=10
)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.namenode.kerberos.internal.spnego.principal',
- 'dfs.namenode.keytab.file',
- 'dfs.namenode.kerberos.principal']
- props_read_check = ['dfs.namenode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'hdfs-site' not in security_params
- or 'dfs.namenode.keytab.file' not in security_params['hdfs-site']
- or 'dfs.namenode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.namenode.keytab.file'],
- security_params['hdfs-site']['dfs.namenode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def rebalancehdfs(self, env):
import params
env.set_params(params)
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py
index 7ba1f96..fa451f4 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py
@@ -76,64 +76,6 @@ class NFSGateway(Script):
env.set_params(status_params)
check_process_status(status_params.nfsgateway_pid_file)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['nfs.keytab.file',
- 'nfs.kerberos.principal']
- props_read_check = ['nfs.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'nfs.keytab.file' not in security_params['hdfs-site'] or
- 'nfs.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['nfs.keytab.file'],
- security_params['hdfs-site'][
- 'nfs.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py
index 0f1f438..1408468 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py
@@ -74,66 +74,6 @@ class SNameNodeDefault(SNameNode):
if params.version and check_stack_feature(StackFeature.ROLLING_UPGRADE, params.version):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hadoop-hdfs-secondarynamenode", params.version)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal',
- 'dfs.secondary.namenode.keytab.file',
- 'dfs.secondary.namenode.kerberos.principal']
- props_read_check = ['dfs.secondary.namenode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.secondary.namenode.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.secondary.namenode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'],
- security_params['hdfs-site'][
- 'dfs.secondary.namenode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py
index be0d2ed..ca5f605 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py
@@ -119,49 +119,6 @@ class ZkfcSlaveDefault(ZkfcSlave):
env.set_params(status_params)
check_process_status(status_params.zkfc_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- if not result_issues: # If all validations passed successfully
- if status_params.hdfs_user_principal or status_params.hdfs_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- status_params.hdfs_user_keytab,
- status_params.hdfs_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out(
- {"securityIssuesFound": "hdfs principal and/or keytab file is not specified"})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def disable_security(self, env):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/datanode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/datanode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/datanode.py
index 130c021..78a8f4b 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/datanode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/datanode.py
@@ -98,64 +98,6 @@ class DataNodeDefault(DataNode):
# ensure the DataNode has started and rejoined the cluster
datanode_upgrade.post_upgrade_check(hdfs_binary)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.datanode.keytab.file',
- 'dfs.datanode.kerberos.principal']
- props_read_check = ['dfs.datanode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.datanode.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.datanode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.datanode.keytab.file'],
- security_params['hdfs-site']['dfs.datanode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/hdfs_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/hdfs_client.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/hdfs_client.py
index 4dabdbc..51acc9e 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/hdfs_client.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/hdfs_client.py
@@ -66,51 +66,6 @@ class HdfsClientDefault(HdfsClient):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hadoop-client", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- hdfs_expectations ={}
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- if status_params.hdfs_user_principal or status_params.hdfs_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- status_params.hdfs_user_keytab,
- status_params.hdfs_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityIssuesFound": "hdfs principal and/or keytab file is not specified"})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
-
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
@OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY)
class HdfsClientWindows(HdfsClient):
def install(self, env):
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/journalnode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/journalnode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/journalnode.py
index 9448fa6..7fd8d70 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/journalnode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/journalnode.py
@@ -105,63 +105,6 @@ class JournalNodeDefault(JournalNode):
env.set_params(status_params)
check_process_status(status_params.journalnode_pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
-
- props_value_check = None
- props_empty_check = ['dfs.journalnode.keytab.file',
- 'dfs.journalnode.kerberos.principal']
- props_read_check = ['dfs.journalnode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(hdfs_site_expectations)
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.journalnode.kerberos.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.journalnode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.journalnode.kerberos.keytab.file'],
- security_params['hdfs-site']['dfs.journalnode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
[2/5] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log is
growing rapidly on the KDC server (echekanskiy)
Posted by ec...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
index e952108..127a045 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_zkfc.py
@@ -381,104 +381,4 @@ class TestZkfc(RMFTestCase):
environment = {'HADOOP_LIBEXEC_DIR': '/usr/lib/hadoop/libexec'},
not_if = "ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E test -f /var/run/hadoop/hdfs/hadoop-hdfs-zkfc.pid && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E pgrep -F /var/run/hadoop/hdfs/hadoop-hdfs-zkfc.pid",
)
- self.assertNoMoreResources()
-
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
-
- # Test that function works when is called with correct parameters
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- }
- }
-
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zkfc_slave.py",
- classname = "ZkfcSlave",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('core-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- self.config_dict['configurations']['hadoop-env']['hdfs_user_keytab'],
- self.config_dict['configurations']['hadoop-env']['hdfs_user_principal_name'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zkfc_slave.py",
- classname = "ZkfcSlave",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zkfc_slave.py",
- classname = "ZkfcSlave",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hdfs-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zkfc_slave.py",
- classname = "ZkfcSlave",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with empty hdfs_user_principal and hdfs_user_keytab
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zkfc_slave.py",
- classname = "ZkfcSlave",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
\ No newline at end of file
+ self.assertNoMoreResources()
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py
index 6592590..ae2ec86 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py
@@ -853,118 +853,6 @@ From source with checksum 150f554beae04f76f814f59549dead8b"""
self.assertNoMoreResources()
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'hive-site': {
- "hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true",
- "hive.server2.authentication.kerberos.keytab": "path/to/keytab",
- "hive.server2.authentication.kerberos.principal": "principal",
- "hive.server2.authentication.spnego.keytab": "path/to/spnego_keytab",
- "hive.server2.authentication.spnego.principal": "spnego_principal"
- }
- }
- result_issues = []
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_server.py",
- classname = "HiveServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- get_params_mock.assert_called_with('/usr/hdp/current/hive-server2/conf', {'hive-site.xml': "XML"})
- build_exp_mock.assert_called_with('hive-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hive-env']['hive_user'],
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_server.py",
- classname = "HiveServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains startup
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_server.py",
- classname = "HiveServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {}
- result_issues_with_params['hive-site']="Something bad happened"
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_server.py",
- classname = "HiveServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_server.py",
- classname = "HiveServer",
- command = "security_status",
- config_file="../../2.1/configs/default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
@patch("resource_management.libraries.functions.copy_tarball.copy_to_hdfs")
def test_pre_upgrade_restart(self, copy_to_hdfs_mock):
copy_to_hdfs_mock.return_value = True
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
index 718ad4d..03dd391 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_webhcat_server.py
@@ -276,122 +276,6 @@ class TestWebHCatServer(RMFTestCase):
mode = 0644,
)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'webhcat-site': {
- "templeton.kerberos.secret": "secret",
- "templeton.kerberos.keytab": 'path/to/keytab',
- "templeton.kerberos.principal": "principal"
- },
- "hive-site": {
- "hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"
- }
- }
- result_issues = []
- webhcat_props_value_check = {"templeton.kerberos.secret": "secret"}
- webhcat_props_empty_check = ["templeton.kerberos.keytab",
- "templeton.kerberos.principal"]
- webhcat_props_read_check = ["templeton.kerberos.keytab"]
-
- hive_props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- hive_props_empty_check = None
- hive_props_read_check = None
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/webhcat_server.py",
- classname = "WebHCatServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hive-site', hive_props_value_check, hive_props_empty_check, hive_props_read_check)
- # get_params_mock.assert_called_with(status_params.hive_conf_dir, {'hive-site.xml': "XML"})
- get_params_mock.assert_called_with('/usr/hdp/current/hive-webhcat/conf', {'webhcat-site.xml': "XML"})
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hive-env']['webhcat_user'],
- security_params['webhcat-site']['templeton.kerberos.keytab'],
- security_params['webhcat-site']['templeton.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/webhcat_server.py",
- classname = "WebHCatServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains startup
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/webhcat_server.py",
- classname = "WebHCatServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hive-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/webhcat_server.py",
- classname = "WebHCatServer",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/webhcat_server.py",
- classname = "WebHCatServer",
- command = "security_status",
- config_file="../../2.1/configs/default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
-
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py b/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
index f5bd4aa..426c36a 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_server.py
@@ -1150,119 +1150,6 @@ class TestOozieServer(RMFTestCase):
)
self.assert_configure_default()
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
- security_params = {
- "oozie-site": {
- "oozie.authentication.type": "kerberos",
- "oozie.service.AuthorizationService.security.enabled": "true",
- "oozie.service.HadoopAccessorService.kerberos.enabled": "true",
- "local.realm": "EXAMPLE.COM",
- "oozie.authentication.kerberos.principal": "principal",
- "oozie.authentication.kerberos.keytab": "/path/to_keytab",
- "oozie.service.HadoopAccessorService.kerberos.principal": "principal",
- "oozie.service.HadoopAccessorService.keytab.file": "/path/to_keytab"}
- }
-
- result_issues = []
- props_value_check = {"oozie.authentication.type": "kerberos",
- "oozie.service.AuthorizationService.security.enabled": "true",
- "oozie.service.HadoopAccessorService.kerberos.enabled": "true"}
- props_empty_check = [ "local.realm",
- "oozie.authentication.kerberos.principal",
- "oozie.authentication.kerberos.keytab",
- "oozie.service.HadoopAccessorService.kerberos.principal",
- "oozie.service.HadoopAccessorService.keytab.file"]
- props_read_check = None
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/oozie_server.py",
- classname = "OozieServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- get_params_mock.assert_called_with("/etc/oozie/conf", {'oozie-site.xml': 'XML'})
- build_exp_mock.assert_called_with('oozie-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['oozie-env']['oozie_user'],
- security_params['oozie-site']['oozie.service.HadoopAccessorService.keytab.file'],
- security_params['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/oozie_server.py",
- classname = "OozieServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains oozie-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/oozie_server.py",
- classname = "OozieServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'oozie-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/oozie_server.py",
- classname = "OozieServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/oozie_server.py",
- classname = "OozieServer",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
-
@patch("os.path.isdir")
@patch("os.path.exists")
@patch("os.path.isfile")
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
index fc7fcd8..53218d5 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_historyserver.py
@@ -741,112 +741,6 @@ class TestHistoryServer(RMFTestCase):
group = 'hadoop',
)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- "mapred-site": {
- 'mapreduce.jobhistory.keytab': "/path/to/keytab1",
- 'mapreduce.jobhistory.principal': "principal1",
- 'mapreduce.jobhistory.webapp.spnego-keytab-file': "/path/to/keytab2",
- 'mapreduce.jobhistory.webapp.spnego-principal': "principal2"
- }
- }
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/historyserver.py",
- classname="HistoryServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- get_params_mock.assert_called_with("/etc/hadoop/conf", {'mapred-site.xml': 'XML'})
- build_exp_mock.assert_called_with('mapred-site',
- None,
- [
- 'mapreduce.jobhistory.keytab',
- 'mapreduce.jobhistory.principal',
- 'mapreduce.jobhistory.webapp.spnego-keytab-file',
- 'mapreduce.jobhistory.webapp.spnego-principal'
- ],
- None)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['mapred-env']['mapred_user'],
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'],
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/historyserver.py",
- classname="HistoryServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contain mapred-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/historyserver.py",
- classname="HistoryServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal not set."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {'mapred-site': "Something bad happened"}
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/historyserver.py",
- classname="HistoryServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/historyserver.py",
- classname="HistoryServer",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
def assert_call_to_get_hadoop_conf_dir(self):
# From call to conf_select.get_hadoop_conf_dir()
self.assertResourceCalled("Execute", ("cp", "-R", "-p", "/etc/hadoop/conf", "/etc/hadoop/conf.backup"),
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
index fbc1b85..6fc5bae 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_nodemanager.py
@@ -632,115 +632,6 @@ class TestNodeManager(RMFTestCase):
self.assertTrue(mocks_dict['call'].called)
self.assertEqual(mocks_dict['call'].call_count,1)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'yarn-site': {
- 'yarn.nodemanager.keytab': 'path/to/nodemanager/keytab',
- 'yarn.nodemanager.principal': 'nodemanager_principal',
- 'yarn.nodemanager.webapp.spnego-keytab-file': 'path/to/nodemanager/webapp/keytab',
- 'yarn.nodemanager.webapp.spnego-principal': 'nodemanager_webapp_principal'
- }
- }
- result_issues = []
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.nodemanager.principal",
- "yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-principal",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nodemanager.py",
- classname="Nodemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('yarn-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['yarn-env']['yarn_user'],
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nodemanager.py",
- classname="Nodemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains yarn-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nodemanager.py",
- classname="Nodemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'yarn-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nodemanager.py",
- classname="Nodemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nodemanager.py",
- classname="Nodemanager",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
-
@patch.object(resource_management.libraries.functions, "get_stack_version", new = MagicMock(return_value='2.3.0.0-1234'))
def test_pre_upgrade_restart_23(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
index a63caeb..ed5ee2c 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_resourcemanager.py
@@ -525,114 +525,6 @@ class TestResourceManager(RMFTestCase):
group = 'hadoop',
)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'yarn-site': {
- 'yarn.resourcemanager.keytab': '/path/to/resourcemanager/keytab',
- 'yarn.resourcemanager.principal': 'nresourcemanager_principal',
- 'yarn.resourcemanager.webapp.spnego-keytab-file': 'path/to/resourcemanager/webapp/keytab',
- 'yarn.resourcemanager.webapp.spnego-principal': 'resourcemanager_webapp_principal'
- }
- }
- result_issues = []
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.resourcemanager.principal",
- "yarn.resourcemanager.keytab",
- "yarn.resourcemanager.webapp.spnego-principal",
- "yarn.resourcemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.resourcemanager.keytab",
- "yarn.resourcemanager.webapp.spnego-keytab-file"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/resourcemanager.py",
- classname="Resourcemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('yarn-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['yarn-env']['yarn_user'],
- security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/resourcemanager.py",
- classname="Resourcemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains yarn-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/resourcemanager.py",
- classname="Resourcemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'yarn-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/resourcemanager.py",
- classname="Resourcemanager",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/resourcemanager.py",
- classname="Resourcemanager",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
def test_pre_upgrade_restart_23(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/ZOOKEEPER/test_zookeeper_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/ZOOKEEPER/test_zookeeper_server.py b/ambari-server/src/test/python/stacks/2.0.6/ZOOKEEPER/test_zookeeper_server.py
index b9ebea2..6d38a67 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/ZOOKEEPER/test_zookeeper_server.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/ZOOKEEPER/test_zookeeper_server.py
@@ -247,109 +247,6 @@ class TestZookeeperServer(RMFTestCase):
group = 'hadoop',
)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'zookeeper_jaas': {
- 'Server': {
- 'keyTab': 'path/to/zookeeper/service/keytab',
- 'principal': 'zookeeper_keytab'
- }
- }
- }
- result_issues = []
- props_value_check = None
- props_empty_check = ['Server/keyTab', 'Server/principal']
- props_read_check = ['Server/keyTab']
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zookeeper_server.py",
- classname = "ZookeeperServer",
- command = "security_status",
- config_file = "secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('zookeeper_jaas', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['zookeeper-env']['zk_user'],
- security_params['zookeeper_jaas']['Server']['keyTab'],
- security_params['zookeeper_jaas']['Server']['principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zookeeper_server.py",
- classname = "ZookeeperServer",
- command = "security_status",
- config_file = "secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains zookeeper_jaas
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zookeeper_server.py",
- classname = "ZookeeperServer",
- command = "security_status",
- config_file = "secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'zookeeper_jaas': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zookeeper_server.py",
- classname = "ZookeeperServer",
- command = "security_status",
- config_file = "secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/zookeeper_server.py",
- classname = "ZookeeperServer",
- command = "security_status",
- config_file = "default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
-
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_client.py b/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_client.py
index 5f88b6b..b9747a2 100644
--- a/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_client.py
+++ b/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_client.py
@@ -91,30 +91,6 @@ class TestFalconClient(RMFTestCase):
)
self.assertNoMoreResources()
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock):
- # Test that function works when is called with correct parameters
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_client.py",
- classname="FalconClient",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_client.py",
- classname="FalconClient",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_server.py b/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_server.py
index feba0c4..44da365 100644
--- a/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_server.py
+++ b/ambari-server/src/test/python/stacks/2.1/FALCON/test_falcon_server.py
@@ -414,115 +414,6 @@ class TestFalconServer(RMFTestCase):
)
self.assertNoMoreResources()
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'startup': {
- '*.falcon.service.authentication.kerberos.keytab': 'path/to/falcon/service/keytab',
- '*.falcon.service.authentication.kerberos.principal': 'falcon_service_keytab',
- '*.falcon.http.authentication.kerberos.keytab': 'path/to/falcon/http/keytab',
- '*.falcon.http.authentication.kerberos.principal': 'falcon_http_principal'
- }
- }
- result_issues = []
- props_value_check = {"*.falcon.authentication.type": "kerberos",
- "*.falcon.http.authentication.type": "kerberos"}
- props_empty_check = ["*.falcon.service.authentication.kerberos.principal",
- "*.falcon.service.authentication.kerberos.keytab",
- "*.falcon.http.authentication.kerberos.principal",
- "*.falcon.http.authentication.kerberos.keytab"]
-
- props_read_check = ["*.falcon.service.authentication.kerberos.keytab",
- "*.falcon.http.authentication.kerberos.keytab"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_server.py",
- classname="FalconServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- get_params_mock.assert_called_with('/etc/falcon/conf', {'startup.properties': 'PROPERTIES'})
- build_exp_mock.assert_called_with('startup', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['falcon-env']['falcon_user'],
- security_params['startup']['*.falcon.http.authentication.kerberos.keytab'],
- security_params['startup']['*.falcon.http.authentication.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_server.py",
- classname="FalconServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains startup
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_server.py",
- classname="FalconServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'startup': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_server.py",
- classname="FalconServer",
- command="security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/falcon_server.py",
- classname="FalconServer",
- command="security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
@patch('os.path.isfile', new=MagicMock(return_value=True))
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.2/configs/falcon-upgrade.json"
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py b/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py
index a159cd0..94f639a 100644
--- a/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py
+++ b/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py
@@ -406,119 +406,6 @@ class TestHiveMetastore(RMFTestCase):
mode = 0755,
)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'hive-site': {
- 'hive.server2.authentication': "KERBEROS",
- 'hive.metastore.sasl.enabled': "true",
- 'hive.security.authorization.enabled': 'true',
- 'hive.metastore.kerberos.keytab.file': 'path/to/keytab',
- 'hive.metastore.kerberos.principal': 'principal'
- }
- }
- result_issues = []
- props_value_check = {
- 'hive.server2.authentication': "KERBEROS",
- 'hive.metastore.sasl.enabled': "true",
- 'hive.security.authorization.enabled': 'true'
- }
- props_empty_check = [
- 'hive.metastore.kerberos.keytab.file',
- 'hive.metastore.kerberos.principal'
- ]
- props_read_check = [
- 'hive.metastore.kerberos.keytab.file'
- ]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_metastore.py",
- classname = "HiveMetastore",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- get_params_mock.assert_called_with("/usr/hdp/current/hive-server2/conf", {'hive-site.xml': "XML"})
- build_exp_mock.assert_called_with('hive-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hive-env']['hive_user'],
- security_params['hive-site']['hive.metastore.kerberos.keytab.file'],
- security_params['hive-site']['hive.metastore.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_metastore.py",
- classname = "HiveMetastore",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains startup
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_metastore.py",
- classname = "HiveMetastore",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hive-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_metastore.py",
- classname = "HiveMetastore",
- command = "security_status",
- config_file="../../2.1/configs/secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hive_metastore.py",
- classname = "HiveMetastore",
- command = "security_status",
- config_file="../../2.1/configs/default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
index 3e10611..f208d3a 100644
--- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
+++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_drpc_server.py
@@ -176,107 +176,3 @@ class TestStormDrpcServer(TestStormBase):
self.assertEquals(
('ambari-python-wrap', '/usr/bin/conf-select', 'create-conf-dir', '--package', 'storm', '--stack-version', '2.3.0.0-1234', '--conf-version', '0'),
mocks_dict['call'].call_args_list[0][0][0])
-
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'storm_jaas': {
- 'StormServer': {
- 'keyTab': 'path/to/storm/service/keytab',
- 'principal': 'storm_keytab'
- }
- }
- }
- result_issues = []
-
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py",
- classname = "DrpcServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('storm_jaas', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['storm-env']['storm_user'],
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py",
- classname = "DrpcServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains storm_jaas
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py",
- classname = "DrpcServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'storm_jaas': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py",
- classname = "DrpcServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/drpc_server.py",
- classname = "DrpcServer",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
index 40972f9..35f057c 100644
--- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
+++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_nimbus.py
@@ -261,106 +261,3 @@ class TestStormNimbus(TestStormBase):
('ambari-python-wrap', '/usr/bin/conf-select', 'create-conf-dir', '--package', 'storm', '--stack-version', '2.3.0.0-1234', '--conf-version', '0'),
mocks_dict['call'].call_args_list[0][0][0])
self.assertNoMoreResources()
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'storm_jaas': {
- 'StormServer': {
- 'keyTab': 'path/to/storm/service/keytab',
- 'principal': 'storm_keytab'
- }
- }
- }
- result_issues = []
-
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
- classname = "Nimbus",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('storm_jaas', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['storm-env']['storm_user'],
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
- classname = "Nimbus",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains storm_jaas
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
- classname = "Nimbus",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'storm_jaas': "Something bad happened"
- }
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
- classname = "Nimbus",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nimbus.py",
- classname = "Nimbus",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- self.assertNoMoreResources()
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
index d6497ed..3ac38c7 100644
--- a/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
+++ b/ambari-server/src/test/python/stacks/2.1/STORM/test_storm_ui_server.py
@@ -246,85 +246,3 @@ class TestStormUiServer(TestStormBase):
self.assertEquals(
('ambari-python-wrap', '/usr/bin/conf-select', 'create-conf-dir', '--package', 'storm', '--stack-version', '2.3.0.0-1234', '--conf-version', '0'),
mocks_dict['call'].call_args_list[0][0][0])
-
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
- result_issues = []
-
- security_params = {
- 'storm_ui': {
- 'storm_ui_principal_name': 'HTTP/_HOST',
- 'storm_ui_keytab': '/etc/security/keytabs/spnego.service.keytab'
- }
- }
- props_value_check = None
- props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab']
- props_read_check = ['storm_ui_keytab']
-
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py",
- classname = "UiServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('storm_ui', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- self.assertTrue(cached_kinit_executor_mock.call_count, 2)
-
- cached_kinit_executor_mock.assert_called_with('/usr/bin/kinit',
- self.config_dict['configurations']['storm-env']['storm_user'],
- security_params['storm_ui']['storm_ui_keytab'],
- security_params['storm_ui']['storm_ui_principal_name'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py",
- classname = "UiServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with not empty result_issues
- result_issues_with_params = {}
- result_issues_with_params['storm_ui']="Something bad happened"
-
- validate_security_config_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py",
- classname = "UiServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ui_server.py",
- classname = "UiServer",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
[4/5] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log is
growing rapidly on the KDC server (echekanskiy)
Posted by ec...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
index 602dad7..a42ca79 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py
@@ -216,63 +216,6 @@ class NameNodeDefault(NameNode):
try_sleep=10
)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.namenode.kerberos.internal.spnego.principal',
- 'dfs.namenode.keytab.file',
- 'dfs.namenode.kerberos.principal']
- props_read_check = ['dfs.namenode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'hdfs-site' not in security_params
- or 'dfs.namenode.keytab.file' not in security_params['hdfs-site']
- or 'dfs.namenode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.namenode.keytab.file'],
- security_params['hdfs-site']['dfs.namenode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def rebalancehdfs(self, env):
import params
env.set_params(params)
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
index 7ba1f96..602c179 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py
@@ -77,64 +77,6 @@ class NFSGateway(Script):
check_process_status(status_params.nfsgateway_pid_file)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['nfs.keytab.file',
- 'nfs.kerberos.principal']
- props_read_check = ['nfs.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'nfs.keytab.file' not in security_params['hdfs-site'] or
- 'nfs.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['nfs.keytab.file'],
- security_params['hdfs-site'][
- 'nfs.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
index 0f1f438..030a470 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py
@@ -75,66 +75,6 @@ class SNameNodeDefault(SNameNode):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hadoop-hdfs-secondarynamenode", params.version)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- props_value_check = None
- props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal',
- 'dfs.secondary.namenode.keytab.file',
- 'dfs.secondary.namenode.kerberos.principal']
- props_read_check = ['dfs.secondary.namenode.keytab.file']
- hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check,
- props_read_check)
-
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
- hdfs_expectations.update(hdfs_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML,
- 'hdfs-site.xml': FILE_TYPE_XML})
-
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('hdfs-site' not in security_params or
- 'dfs.secondary.namenode.keytab.file' not in security_params['hdfs-site'] or
- 'dfs.secondary.namenode.kerberos.principal' not in security_params['hdfs-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'],
- security_params['hdfs-site'][
- 'dfs.secondary.namenode.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hdfs_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
index 19a78c7..fa948ca 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py
@@ -119,49 +119,6 @@ class ZkfcSlaveDefault(ZkfcSlave):
env.set_params(status_params)
check_process_status(status_params.zkfc_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
- core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check,
- props_read_check)
- hdfs_expectations = {}
- hdfs_expectations.update(core_site_expectations)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'core-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hdfs_expectations)
- if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \
- security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos':
- if not result_issues: # If all validations passed successfully
- if status_params.hdfs_user_principal or status_params.hdfs_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hdfs_user,
- status_params.hdfs_user_keytab,
- status_params.hdfs_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out(
- {"securityIssuesFound": "hdfs principal and/or keytab file is not specified"})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def disable_security(self, env):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
index 8b69e45..2dc6906 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
@@ -113,58 +113,6 @@ class HiveMetastoreDefault(HiveMetastore):
check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major):
self.upgrade_schema(env)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.metastore.kerberos.keytab.file",
- "hive.metastore.kerberos.principal"]
-
- props_read_check = ["hive.metastore.kerberos.keytab.file"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \
- or 'hive.metastore.kerberos.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.metastore.kerberos.keytab.file'],
- security_params['hive-site']['hive.metastore.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
-
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
-
def upgrade_schema(self, env):
"""
Executes the schema upgrade binary. This is its own function because it could
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
index f6251e7..7c3a805 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py
@@ -135,67 +135,6 @@ class HiveServerDefault(HiveServer):
if resource_created:
params.HdfsResource(None, action="execute")
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def _base_node(self, path):
if not path.startswith('/'):
path = '/' + path
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
index 46864c0..8f57f1e 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py
@@ -152,67 +152,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive):
# Recursively check all existing gmetad pid files
check_process_status(status_params.hive_interactive_pid)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def restart_llap(self, env):
"""
Custom command to Restart LLAP
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
index 93fa411..18e11ab 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py
@@ -84,73 +84,6 @@ class WebHCatServerDefault(WebHCatServer):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hive-webhcat", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations ={}
- expectations.update(
- build_expectations(
- 'webhcat-site',
- {
- "templeton.kerberos.secret": "secret"
- },
- [
- "templeton.kerberos.keytab",
- "templeton.kerberos.principal"
- ],
- [
- "templeton.kerberos.keytab"
- ]
- )
- )
- expectations.update(
- build_expectations(
- 'hive-site',
- {
- "hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"
- },
- None,
- None
- )
- )
-
- security_params = {}
- security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir,
- {'webhcat-site.xml': FILE_TYPE_XML}))
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'webhcat-site' not in security_params \
- or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \
- or 'templeton.kerberos.principal' not in security_params['webhcat-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.webhcat_user,
- security_params['webhcat-site']['templeton.kerberos.keytab'],
- security_params['webhcat-site']['templeton.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hcat_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
index 8b69e45..2dc6906 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py
@@ -113,58 +113,6 @@ class HiveMetastoreDefault(HiveMetastore):
check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major):
self.upgrade_schema(env)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.metastore.kerberos.keytab.file",
- "hive.metastore.kerberos.principal"]
-
- props_read_check = ["hive.metastore.kerberos.keytab.file"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \
- or 'hive.metastore.kerberos.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.metastore.kerberos.keytab.file'],
- security_params['hive-site']['hive.metastore.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
-
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
-
def upgrade_schema(self, env):
"""
Executes the schema upgrade binary. This is its own function because it could
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
index f6251e7..7c3a805 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py
@@ -135,67 +135,6 @@ class HiveServerDefault(HiveServer):
if resource_created:
params.HdfsResource(None, action="execute")
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def _base_node(self, path):
if not path.startswith('/'):
path = '/' + path
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
index 46864c0..8f57f1e 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py
@@ -152,67 +152,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive):
# Recursively check all existing gmetad pid files
check_process_status(status_params.hive_interactive_pid)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- props_value_check = {"hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"}
- props_empty_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.kerberos.principal",
- "hive.server2.authentication.spnego.principal",
- "hive.server2.authentication.spnego.keytab"]
-
- props_read_check = ["hive.server2.authentication.kerberos.keytab",
- "hive.server2.authentication.spnego.keytab"]
- hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check,
- props_read_check)
-
- hive_expectations ={}
- hive_expectations.update(hive_site_props)
-
- security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir,
- {'hive-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, hive_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'hive-site' not in security_params \
- or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \
- or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.kerberos.keytab'],
- security_params['hive-site']['hive.server2.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.hive_user,
- security_params['hive-site']['hive.server2.authentication.spnego.keytab'],
- security_params['hive-site']['hive.server2.authentication.spnego.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def restart_llap(self, env):
"""
Custom command to Restart LLAP
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
index 93fa411..18e11ab 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py
@@ -84,73 +84,6 @@ class WebHCatServerDefault(WebHCatServer):
conf_select.select(params.stack_name, "hadoop", params.version)
stack_select.select("hive-webhcat", params.version)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations ={}
- expectations.update(
- build_expectations(
- 'webhcat-site',
- {
- "templeton.kerberos.secret": "secret"
- },
- [
- "templeton.kerberos.keytab",
- "templeton.kerberos.principal"
- ],
- [
- "templeton.kerberos.keytab"
- ]
- )
- )
- expectations.update(
- build_expectations(
- 'hive-site',
- {
- "hive.server2.authentication": "KERBEROS",
- "hive.metastore.sasl.enabled": "true",
- "hive.security.authorization.enabled": "true"
- },
- None,
- None
- )
- )
-
- security_params = {}
- security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir,
- {'webhcat-site.xml': FILE_TYPE_XML}))
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if 'webhcat-site' not in security_params \
- or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \
- or 'templeton.kerberos.principal' not in security_params['webhcat-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.webhcat_user,
- security_params['webhcat-site']['templeton.kerberos.keytab'],
- security_params['webhcat-site']['templeton.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.hcat_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
index c50c67b..39fdcf5 100644
--- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
+++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py
@@ -43,27 +43,6 @@ class KerberosClient(KerberosScript):
def status(self, env):
raise ClientComponentHasNoStatus()
- def security_status(self, env):
- import status_params
- if status_params.security_enabled:
- if status_params.smoke_user and status_params.smoke_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.smoke_user,
- status_params.smoke_user_keytab,
- status_params.smoke_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNKNOWN"})
- self.put_structured_out({"securityStateErrorInfo": "Missing smoke user credentials"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def set_keytab(self, env):
self.write_keytab_file()
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
index 31e54e5..8996d23 100644
--- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
+++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py
@@ -202,67 +202,6 @@ class KnoxGatewayDefault(KnoxGateway):
File(params.ldap_pid_file,
action = "delete"
)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations = {}
- expectations.update(build_expectations(
- 'krb5JAASLogin',
- None,
- ['keytab', 'principal'],
- None
- ))
- expectations.update(build_expectations(
- 'gateway-site',
- {
- "gateway.hadoop.kerberos.secured" : "true"
- },
- None,
- None
- ))
-
- security_params = {
- "krb5JAASLogin":
- {
- 'keytab': status_params.knox_keytab_path,
- 'principal': status_params.knox_principal_name
- }
- }
- security_params.update(get_params_from_filesystem(status_params.knox_conf_dir,
- {"gateway-site.xml" : FILE_TYPE_XML}))
-
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'krb5JAASLogin' not in security_params
- or 'keytab' not in security_params['krb5JAASLogin']
- or 'principal' not in security_params['krb5JAASLogin']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file and principal are not set."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.knox_user,
- security_params['krb5JAASLogin']['keytab'],
- security_params['krb5JAASLogin']['principal'],
- status_params.hostname,
- status_params.temp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
index a8b2cf4..9320bc3 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py
@@ -105,69 +105,6 @@ class OozieServer(Script):
@OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT)
class OozieServerDefault(OozieServer):
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- expectations = {
- "oozie-site":
- build_expectations('oozie-site',
- {
- "oozie.authentication.type": "kerberos",
- "oozie.service.AuthorizationService.security.enabled": "true",
- "oozie.service.HadoopAccessorService.kerberos.enabled": "true"
- },
- [
- "local.realm",
- "oozie.authentication.kerberos.principal",
- "oozie.authentication.kerberos.keytab",
- "oozie.service.HadoopAccessorService.kerberos.principal",
- "oozie.service.HadoopAccessorService.keytab.file"
- ],
- None)
- }
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'oozie-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ('oozie-site' not in security_params
- or 'oozie.authentication.kerberos.principal' not in security_params['oozie-site']
- or 'oozie.authentication.kerberos.keytab' not in security_params['oozie-site']
- or 'oozie.service.HadoopAccessorService.kerberos.principal' not in security_params['oozie-site']
- or 'oozie.service.HadoopAccessorService.keytab.file' not in security_params['oozie-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.oozie_user,
- security_params['oozie-site']['oozie.authentication.kerberos.keytab'],
- security_params['oozie-site']['oozie.authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.oozie_user,
- security_params['oozie-site']['oozie.service.HadoopAccessorService.keytab.file'],
- security_params['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def pre_upgrade_restart(self, env, upgrade_type=None):
"""
Performs the tasks that should be done before an upgrade of oozie. This includes:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
index 178c043..f991e71 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py
@@ -74,58 +74,6 @@ class DrpcServer(Script):
import status_params
env.set_params(status_params)
check_process_status(status_params.pid_drpc)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
-
- try:
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
- storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check,
- props_read_check)
-
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'storm_jaas.conf': FILE_TYPE_JAAS_CONF})
-
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_jaas' not in security_params
- or 'StormServer' not in security_params['storm_jaas']
- or 'keyTab' not in security_params['storm_jaas']['StormServer']
- or 'principal' not in security_params['storm_jaas']['StormServer']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
index a974103..360af5d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py
@@ -82,51 +82,6 @@ class NimbusDefault(Nimbus):
env.set_params(status_params)
check_process_status(status_params.pid_nimbus)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
- try:
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
- storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, props_read_check)
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
- security_params = get_params_from_filesystem(status_params.conf_dir, {'storm_jaas.conf': FILE_TYPE_JAAS_CONF})
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_jaas' not in security_params
- or 'StormServer' not in security_params['storm_jaas']
- or 'keyTab' not in security_params['storm_jaas']['StormServer']
- or 'principal' not in security_params['storm_jaas']['StormServer']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
index a56c0cd..fa3112d 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py
@@ -74,58 +74,6 @@ class PaceMaker(Script):
env.set_params(status_params)
check_process_status(status_params.pid_pacemaker)
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
-
- try:
- props_value_check = None
- props_empty_check = ['StormServer/keyTab', 'StormServer/principal']
- props_read_check = ['StormServer/keyTab']
- storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check,
- props_read_check)
-
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
-
- security_params = get_params_from_filesystem(status_params.conf_dir,
- {'storm_jaas.conf': FILE_TYPE_JAAS_CONF})
-
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_jaas' not in security_params
- or 'StormServer' not in security_params['storm_jaas']
- or 'keyTab' not in security_params['storm_jaas']['StormServer']
- or 'principal' not in security_params['storm_jaas']['StormServer']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_jaas']['StormServer']['keyTab'],
- security_params['storm_jaas']['StormServer']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
index 63acecf..e257ef9 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py
@@ -120,59 +120,6 @@ class UiServerDefault(UiServer):
import status_params
env.set_params(status_params)
check_process_status(status_params.pid_ui)
-
- def security_status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in status_params.config_dir:
- # storm_jaas.conf
-
- try:
- props_value_check = None
- props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab']
- props_read_check = ['storm_ui_keytab']
- storm_env_expectations = build_expectations('storm_ui', props_value_check, props_empty_check,
- props_read_check)
-
- storm_expectations = {}
- storm_expectations.update(storm_env_expectations)
-
- security_params = {}
- security_params['storm_ui'] = {}
- security_params['storm_ui']['storm_ui_principal_name'] = status_params.storm_ui_principal
- security_params['storm_ui']['storm_ui_keytab'] = status_params.storm_ui_keytab
-
- result_issues = validate_security_config_properties(security_params, storm_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'storm_ui' not in security_params
- or 'storm_ui_principal_name' not in security_params['storm_ui']
- or 'storm_ui_keytab' not in security_params['storm_ui']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.storm_user,
- security_params['storm_ui']['storm_ui_keytab'],
- security_params['storm_ui']['storm_ui_principal_name'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
index 03fff21..b1e0c16 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py
@@ -83,67 +83,6 @@ class ApplicationTimelineServerDefault(ApplicationTimelineServer):
env.set_params(status_params)
check_process_status(status_params.yarn_historyserver_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.enabled": "true",
- "yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.timeline-service.principal",
- "yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.principal",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
-
- props_read_check = ["yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.timeline-service.keytab' not in security_params['yarn-site']
- or 'yarn.timeline-service.principal' not in security_params['yarn-site']) \
- or 'yarn.timeline-service.http-authentication.kerberos.keytab' not in security_params['yarn-site'] \
- or 'yarn.timeline-service.http-authentication.kerberos.principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.timeline-service.keytab'],
- security_params['yarn-site']['yarn.timeline-service.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'],
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.yarn_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
index 8f5d380..d886244 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py
@@ -120,62 +120,6 @@ class HistoryServerDefault(HistoryServer):
env.set_params(status_params)
check_process_status(status_params.mapred_historyserver_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- expectations = {}
- expectations.update(build_expectations('mapred-site',
- None,
- [
- 'mapreduce.jobhistory.keytab',
- 'mapreduce.jobhistory.principal',
- 'mapreduce.jobhistory.webapp.spnego-keytab-file',
- 'mapreduce.jobhistory.webapp.spnego-principal'
- ],
- None))
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'mapred-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'mapred-site' not in security_params or
- 'mapreduce.jobhistory.keytab' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.principal' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.webapp.spnego-keytab-file' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.webapp.spnego-principal' not in security_params['mapred-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal not set."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.mapred_user,
- security_params['mapred-site']['mapreduce.jobhistory.keytab'],
- security_params['mapred-site']['mapreduce.jobhistory.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.mapred_user,
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'],
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.mapred_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
index 133d2e1..5acb20b 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py
@@ -90,66 +90,6 @@ class NodemanagerDefault(Nodemanager):
env.set_params(status_params)
check_process_status(status_params.nodemanager_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.nodemanager.principal",
- "yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-principal",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_site_props)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.nodemanager.keytab' not in security_params['yarn-site']
- or 'yarn.nodemanager.principal' not in security_params['yarn-site']) \
- or 'yarn.nodemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \
- or 'yarn.nodemanager.webapp.spnego-principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.nodemanager.keytab'],
- security_params['yarn-site']['yarn.nodemanager.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.yarn_log_dir
[3/5] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log is
growing rapidly on the KDC server (echekanskiy)
Posted by ec...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index b871b68..81b99e6 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -132,66 +132,6 @@ class ResourcemanagerDefault(Resourcemanager):
check_process_status(status_params.resourcemanager_pid_file)
pass
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.resourcemanager.principal",
- "yarn.resourcemanager.keytab",
- "yarn.resourcemanager.webapp.spnego-principal",
- "yarn.resourcemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.resourcemanager.keytab",
- "yarn.resourcemanager.webapp.spnego-keytab-file"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_site_props)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.resourcemanager.keytab' not in security_params['yarn-site']
- or 'yarn.resourcemanager.principal' not in security_params['yarn-site']) \
- or 'yarn.resourcemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \
- or 'yarn.resourcemanager.webapp.spnego-principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.resourcemanager.keytab'],
- security_params['yarn-site']['yarn.resourcemanager.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def refreshqueues(self, env):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/application_timeline_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/application_timeline_server.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/application_timeline_server.py
index 03fff21..b1e0c16 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/application_timeline_server.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/application_timeline_server.py
@@ -83,67 +83,6 @@ class ApplicationTimelineServerDefault(ApplicationTimelineServer):
env.set_params(status_params)
check_process_status(status_params.yarn_historyserver_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.enabled": "true",
- "yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.timeline-service.principal",
- "yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.principal",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
-
- props_read_check = ["yarn.timeline-service.keytab",
- "yarn.timeline-service.http-authentication.kerberos.keytab"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.timeline-service.keytab' not in security_params['yarn-site']
- or 'yarn.timeline-service.principal' not in security_params['yarn-site']) \
- or 'yarn.timeline-service.http-authentication.kerberos.keytab' not in security_params['yarn-site'] \
- or 'yarn.timeline-service.http-authentication.kerberos.principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.timeline-service.keytab'],
- security_params['yarn-site']['yarn.timeline-service.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'],
- security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.yarn_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/historyserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/historyserver.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/historyserver.py
index 8f5d380..d886244 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/historyserver.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/historyserver.py
@@ -120,62 +120,6 @@ class HistoryServerDefault(HistoryServer):
env.set_params(status_params)
check_process_status(status_params.mapred_historyserver_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- expectations = {}
- expectations.update(build_expectations('mapred-site',
- None,
- [
- 'mapreduce.jobhistory.keytab',
- 'mapreduce.jobhistory.principal',
- 'mapreduce.jobhistory.webapp.spnego-keytab-file',
- 'mapreduce.jobhistory.webapp.spnego-principal'
- ],
- None))
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'mapred-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, expectations)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'mapred-site' not in security_params or
- 'mapreduce.jobhistory.keytab' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.principal' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.webapp.spnego-keytab-file' not in security_params['mapred-site'] or
- 'mapreduce.jobhistory.webapp.spnego-principal' not in security_params['mapred-site']):
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal not set."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.mapred_user,
- security_params['mapred-site']['mapreduce.jobhistory.keytab'],
- security_params['mapred-site']['mapreduce.jobhistory.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.mapred_user,
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'],
- security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.mapred_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/nodemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/nodemanager.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/nodemanager.py
index 133d2e1..5acb20b 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/nodemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/nodemanager.py
@@ -90,66 +90,6 @@ class NodemanagerDefault(Nodemanager):
env.set_params(status_params)
check_process_status(status_params.nodemanager_pid_file)
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.nodemanager.principal",
- "yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-principal",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.nodemanager.keytab",
- "yarn.nodemanager.webapp.spnego-keytab-file"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_site_props)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.nodemanager.keytab' not in security_params['yarn-site']
- or 'yarn.nodemanager.principal' not in security_params['yarn-site']) \
- or 'yarn.nodemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \
- or 'yarn.nodemanager.webapp.spnego-principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.nodemanager.keytab'],
- security_params['yarn-site']['yarn.nodemanager.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.nodemanager.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def get_log_folder(self):
import params
return params.yarn_log_dir
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
index ba748f1..78675bf 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
@@ -147,66 +147,6 @@ class ResourcemanagerDefault(Resourcemanager):
check_process_status(status_params.resourcemanager_pid_file)
pass
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
- if status_params.security_enabled:
- props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos",
- "yarn.acl.enable": "true"}
- props_empty_check = ["yarn.resourcemanager.principal",
- "yarn.resourcemanager.keytab",
- "yarn.resourcemanager.webapp.spnego-principal",
- "yarn.resourcemanager.webapp.spnego-keytab-file"]
-
- props_read_check = ["yarn.resourcemanager.keytab",
- "yarn.resourcemanager.webapp.spnego-keytab-file"]
- yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check,
- props_read_check)
-
- yarn_expectations ={}
- yarn_expectations.update(yarn_site_props)
-
- security_params = get_params_from_filesystem(status_params.hadoop_conf_dir,
- {'yarn-site.xml': FILE_TYPE_XML})
- result_issues = validate_security_config_properties(security_params, yarn_site_props)
- if not result_issues: # If all validations passed successfully
- try:
- # Double check the dict before calling execute
- if ( 'yarn-site' not in security_params
- or 'yarn.resourcemanager.keytab' not in security_params['yarn-site']
- or 'yarn.resourcemanager.principal' not in security_params['yarn-site']) \
- or 'yarn.resourcemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \
- or 'yarn.resourcemanager.webapp.spnego-principal' not in security_params['yarn-site']:
- self.put_structured_out({"securityState": "UNSECURED"})
- self.put_structured_out(
- {"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.resourcemanager.keytab'],
- security_params['yarn-site']['yarn.resourcemanager.principal'],
- status_params.hostname,
- status_params.tmp_dir)
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.yarn_user,
- security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-keytab-file'],
- security_params['yarn-site']['yarn.resourcemanager.webapp.spnego-principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def refreshqueues(self, env):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py b/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py
index c2d76be..8d9de9e 100644
--- a/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py
+++ b/ambari-server/src/main/resources/common-services/ZOOKEEPER/3.4.5/package/scripts/zookeeper_server.py
@@ -111,57 +111,6 @@ class ZookeeperServerLinux(ZookeeperServer):
import status_params
env.set_params(status_params)
check_process_status(status_params.zk_pid_file)
-
- def security_status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.security_enabled:
- # Expect the following files to be available in params.config_dir:
- # zookeeper_jaas.conf
- # zookeeper_client_jaas.conf
- try:
- props_value_check = None
- props_empty_check = ['Server/keyTab', 'Server/principal']
- props_read_check = ['Server/keyTab']
- zk_env_expectations = build_expectations('zookeeper_jaas', props_value_check, props_empty_check,
- props_read_check)
-
- zk_expectations = {}
- zk_expectations.update(zk_env_expectations)
-
- security_params = get_params_from_filesystem(status_params.config_dir,
- {'zookeeper_jaas.conf': FILE_TYPE_JAAS_CONF})
-
- result_issues = validate_security_config_properties(security_params, zk_expectations)
- if not result_issues: # If all validations passed successfully
- # Double check the dict before calling execute
- if ( 'zookeeper_jaas' not in security_params
- or 'Server' not in security_params['zookeeper_jaas']
- or 'keyTab' not in security_params['zookeeper_jaas']['Server']
- or 'principal' not in security_params['zookeeper_jaas']['Server']):
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."})
- return
-
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.zk_user,
- security_params['zookeeper_jaas']['Server']['keyTab'],
- security_params['zookeeper_jaas']['Server']['principal'],
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- else:
- issues = []
- for cf in result_issues:
- issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf]))
- self.put_structured_out({"securityIssuesFound": ". ".join(issues)})
- self.put_structured_out({"securityState": "UNSECURED"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
def get_log_folder(self):
import params
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py
index 1298f1e..b2cdaa6 100644
--- a/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py
+++ b/ambari-server/src/main/resources/stacks/PERF/1.0/services/KERBEROS/package/scripts/kerberos_client.py
@@ -43,27 +43,6 @@ class KerberosClient(KerberosScript):
def status(self, env):
raise ClientComponentHasNoStatus()
- def security_status(self, env):
- import status_params
- if status_params.security_enabled:
- if status_params.smoke_user and status_params.smoke_user_keytab:
- try:
- cached_kinit_executor(status_params.kinit_path_local,
- status_params.smoke_user,
- status_params.smoke_user_keytab,
- status_params.smoke_user_principal,
- status_params.hostname,
- status_params.tmp_dir)
- self.put_structured_out({"securityState": "SECURED_KERBEROS"})
- except Exception as e:
- self.put_structured_out({"securityState": "ERROR"})
- self.put_structured_out({"securityStateErrorInfo": str(e)})
- else:
- self.put_structured_out({"securityState": "UNKNOWN"})
- self.put_structured_out({"securityStateErrorInfo": "Missing smoke user credentials"})
- else:
- self.put_structured_out({"securityState": "UNSECURED"})
-
def set_keytab(self, env):
self.write_keytab_file()
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java
index cff0e34..2dd91c0 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/HeartbeatProcessorTest.java
@@ -495,7 +495,6 @@ public class HeartbeatProcessorTest {
componentStatus1.setServiceName(HDFS);
componentStatus1.setMessage(DummyHostStatus);
componentStatus1.setStatus(State.STARTED.name());
- componentStatus1.setSecurityState(SecurityState.SECURED_KERBEROS.name());
componentStatus1.setComponentName(DATANODE);
componentStatuses.add(componentStatus1);
ComponentStatus componentStatus2 = new ComponentStatus();
@@ -503,7 +502,6 @@ public class HeartbeatProcessorTest {
componentStatus2.setServiceName(HDFS);
componentStatus2.setMessage(DummyHostStatus);
componentStatus2.setStatus(State.STARTED.name());
- componentStatus2.setSecurityState(SecurityState.UNSECURED.name());
componentStatus2.setComponentName(SECONDARY_NAMENODE);
componentStatuses.add(componentStatus2);
hb.setComponentStatus(componentStatuses);
@@ -526,7 +524,6 @@ public class HeartbeatProcessorTest {
State componentState2 = serviceComponentHost2.getState();
State componentState3 = serviceComponentHost3.getState();
assertEquals(State.STARTED, componentState1);
- assertEquals(SecurityState.SECURED_KERBEROS, serviceComponentHost1.getSecurityState());
assertEquals(State.INSTALLED, componentState2);
assertEquals(SecurityState.SECURING, serviceComponentHost2.getSecurityState());
//starting state will not be overridden by status command
@@ -837,7 +834,6 @@ public class HeartbeatProcessorTest {
componentStatus1.setServiceName(HDFS);
componentStatus1.setMessage(DummyHostStatus);
componentStatus1.setStatus(State.STARTED.name());
- componentStatus1.setSecurityState(SecurityState.UNSECURED.name());
componentStatus1.setComponentName(DATANODE);
componentStatus1.setExtra(extra);
@@ -873,7 +869,6 @@ public class HeartbeatProcessorTest {
componentStatus1.setServiceName(HDFS);
componentStatus1.setMessage(DummyHostStatus);
componentStatus1.setStatus(State.STARTED.name());
- componentStatus1.setSecurityState(SecurityState.UNSECURED.name());
componentStatus1.setComponentName(DATANODE);
hb.setComponentStatus(Collections.singletonList(componentStatus1));
@@ -1328,7 +1323,6 @@ public class HeartbeatProcessorTest {
componentStatus1.setServiceName(HDFS);
componentStatus1.setMessage(DummyHostStatus);
componentStatus1.setStatus(State.INSTALLED.name());
- componentStatus1.setSecurityState(SecurityState.UNSECURED.name());
componentStatus1.setComponentName(DATANODE);
componentStatuses.add(componentStatus1);
@@ -1337,7 +1331,6 @@ public class HeartbeatProcessorTest {
componentStatus2.setServiceName(HDFS);
componentStatus2.setMessage(DummyHostStatus);
componentStatus2.setStatus(State.INSTALLED.name());
- componentStatus2.setSecurityState(SecurityState.UNSECURED.name());
componentStatus2.setComponentName(NAMENODE);
componentStatuses.add(componentStatus2);
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
index 80775c3..909bf69 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/TestHeartbeatHandler.java
@@ -316,7 +316,6 @@ public class TestHeartbeatHandler {
componentStatus1.setServiceName(HDFS);
componentStatus1.setMessage(DummyHostStatus);
componentStatus1.setStatus(State.STARTED.name());
- componentStatus1.setSecurityState(SecurityState.UNSECURED.name());
componentStatus1.setComponentName(DATANODE);
componentStatuses.add(componentStatus1);
@@ -325,7 +324,6 @@ public class TestHeartbeatHandler {
componentStatus2.setServiceName(HDFS);
componentStatus2.setMessage(DummyHostStatus);
componentStatus2.setStatus(State.INSTALLED.name());
- componentStatus2.setSecurityState(SecurityState.UNSECURED.name());
componentStatus2.setComponentName(NAMENODE);
componentStatuses.add(componentStatus2);
@@ -1128,14 +1126,12 @@ public class TestHeartbeatHandler {
dataNodeStatus.setServiceName(HDFS);
dataNodeStatus.setComponentName(DATANODE);
dataNodeStatus.setStatus("STARTED");
- dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(dataNodeStatus);
ComponentStatus nameNodeStatus = new ComponentStatus();
nameNodeStatus.setClusterName(cluster.getClusterName());
nameNodeStatus.setServiceName(HDFS);
nameNodeStatus.setComponentName(NAMENODE);
nameNodeStatus.setStatus("STARTED");
- nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(nameNodeStatus);
hb1.setComponentStatus(componentStatus);
handler.handleHeartBeat(hb1);
@@ -1153,14 +1149,12 @@ public class TestHeartbeatHandler {
dataNodeStatus.setServiceName(HDFS);
dataNodeStatus.setComponentName(DATANODE);
dataNodeStatus.setStatus("INSTALLED");
- dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(dataNodeStatus);
nameNodeStatus = new ComponentStatus();
nameNodeStatus.setClusterName(cluster.getClusterName());
nameNodeStatus.setServiceName(HDFS);
nameNodeStatus.setComponentName(NAMENODE);
nameNodeStatus.setStatus("STARTED");
- nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(nameNodeStatus);
hb2.setComponentStatus(componentStatus);
handler.handleHeartBeat(hb2);
@@ -1180,14 +1174,12 @@ public class TestHeartbeatHandler {
dataNodeStatus.setServiceName(HDFS);
dataNodeStatus.setComponentName(DATANODE);
dataNodeStatus.setStatus("INSTALLED");
- dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(dataNodeStatus);
nameNodeStatus = new ComponentStatus();
nameNodeStatus.setClusterName(cluster.getClusterName());
nameNodeStatus.setServiceName(HDFS);
nameNodeStatus.setComponentName(NAMENODE);
nameNodeStatus.setStatus("STARTED");
- nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(nameNodeStatus);
hb2a.setComponentStatus(componentStatus);
handler.handleHeartBeat(hb2a);
@@ -1208,14 +1200,12 @@ public class TestHeartbeatHandler {
dataNodeStatus.setServiceName(HDFS);
dataNodeStatus.setComponentName(DATANODE);
dataNodeStatus.setStatus("INSTALLED");
- dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(dataNodeStatus);
nameNodeStatus = new ComponentStatus();
nameNodeStatus.setClusterName(cluster.getClusterName());
nameNodeStatus.setServiceName(HDFS);
nameNodeStatus.setComponentName(NAMENODE);
nameNodeStatus.setStatus("INSTALLED");
- nameNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(nameNodeStatus);
hb3.setComponentStatus(componentStatus);
handler.handleHeartBeat(hb3);
@@ -1247,7 +1237,6 @@ public class TestHeartbeatHandler {
dataNodeStatus.setServiceName(HDFS);
dataNodeStatus.setComponentName(DATANODE);
dataNodeStatus.setStatus("STARTED");
- dataNodeStatus.setSecurityState(SecurityState.UNSECURED.name());
componentStatus.add(dataNodeStatus);
hb4.setComponentStatus(componentStatus);
handler.handleHeartBeat(hb4);
@@ -1405,7 +1394,6 @@ public class TestHeartbeatHandler {
componentStatus1.setServiceName(serviceName);
componentStatus1.setMessage(message);
componentStatus1.setStatus(state.name());
- componentStatus1.setSecurityState(securityState.name());
componentStatus1.setComponentName(componentName);
componentStatus1.setStackVersion(stackVersion);
return componentStatus1;
@@ -1434,7 +1422,6 @@ public class TestHeartbeatHandler {
componentStatus1.setServiceName(HDFS);
componentStatus1.setMessage(DummyHostStatus);
componentStatus1.setStatus(State.STARTED.name());
- componentStatus1.setSecurityState(SecurityState.UNSECURED.name());
componentStatus1.setComponentName(DATANODE);
componentStatuses.add(componentStatus1);
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py
index 42bc989..fda63e0 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_master.py
@@ -712,108 +712,6 @@ class TestHBaseMaster(RMFTestCase):
self.assertNoMoreResources()
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'hbase-site': {
- 'hbase.master.kerberos.principal': '/path/to/hbase_keytab',
- 'hbase.master.keytab.file': 'hbase_principal'
- }
- }
-
- result_issues = []
- props_value_check = {"hbase.security.authentication": "kerberos",
- "hbase.security.authorization": "true"}
- props_empty_check = ["hbase.master.keytab.file",
- "hbase.master.kerberos.principal"]
-
- props_read_check = ["hbase.master.keytab.file"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py",
- classname = "HbaseMaster",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hbase-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hbase-env']['hbase_user'],
- security_params['hbase-site']['hbase.master.keytab.file'],
- security_params['hbase-site']['hbase.master.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py",
- classname = "HbaseMaster",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hbase-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py",
- classname = "HbaseMaster",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {}
- result_issues_with_params['hbase-site']="Something bad happened"
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py",
- classname = "HbaseMaster",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_master.py",
- classname = "HbaseMaster",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
def test_upgrade_backup(self):
self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_upgrade.py",
classname = "HbaseMasterUpgrade",
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py
index 9bb0dd7..93f5d19 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HBASE/test_hbase_regionserver.py
@@ -530,110 +530,6 @@ class TestHbaseRegionServer(RMFTestCase):
self.assertNoMoreResources()
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'hbase-site': {
- 'hbase.regionserver.keytab.file': '/path/to/hbase_keytab',
- 'hbase.regionserver.kerberos.principal': 'hbase_principal'
- }
- }
-
- result_issues = []
- props_value_check = {"hbase.security.authentication": "kerberos",
- "hbase.security.authorization": "true"}
- props_empty_check = ["hbase.regionserver.keytab.file",
- "hbase.regionserver.kerberos.principal"]
-
- props_read_check = ["hbase.regionserver.keytab.file"]
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py",
- classname = "HbaseRegionServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hbase-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hbase-env']['hbase_user'],
- security_params['hbase-site']['hbase.regionserver.keytab.file'],
- security_params['hbase-site']['hbase.regionserver.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py",
- classname = "HbaseRegionServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hbase-site
- empty_security_params = {}
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py",
- classname = "HbaseRegionServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hbase-site' : "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py",
- classname = "HbaseRegionServer",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with security_enable = false
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hbase_regionserver.py",
- classname = "HbaseRegionServer",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
index 2cd35ab..5702b57 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_datanode.py
@@ -661,114 +661,3 @@ class TestDatanode(RMFTestCase):
self.assertEquals(
('hdfs dfsadmin -fs hdfs://ns1 -D ipc.client.connect.max.retries=5 -D ipc.client.connect.retry.interval=1000 -getDatanodeInfo 0.0.0.0:8010'),
mocks_dict['checked_call'].call_args_list[0][0][0])
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- },
- 'hdfs-site': {
- 'dfs.datanode.keytab.file': 'path/to/datanode/keytab/file',
- 'dfs.datanode.kerberos.principal': 'datanode_principal'
- }
- }
-
- props_value_check = None
- props_empty_check = ['dfs.datanode.keytab.file',
- 'dfs.datanode.kerberos.principal']
- props_read_check = ['dfs.datanode.keytab.file']
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py",
- classname = "DataNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hdfs-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- security_params['hdfs-site']['dfs.datanode.keytab.file'],
- security_params['hdfs-site']['dfs.datanode.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py",
- classname = "DataNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py",
- classname = "DataNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hdfs-site
- empty_security_params = {}
- empty_security_params['core-site'] = {}
- empty_security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py",
- classname = "DataNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {}
- result_issues_with_params['hdfs-site']="Something bad happened"
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/datanode.py",
- classname = "DataNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py
index 85098fa..fc80849 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_hdfs_client.py
@@ -88,106 +88,6 @@ class Test(RMFTestCase):
# for now, it's enough that <stack-selector-tool> is confirmed
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- }
- }
-
- props_value_check = {"hadoop.security.authentication": "kerberos",
- "hadoop.security.authorization": "true"}
- props_empty_check = ["hadoop.security.auth_to_local"]
- props_read_check = None
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py",
- classname = "HdfsClient",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('core-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- self.config_dict['configurations']['hadoop-env']['hdfs_user_keytab'],
- self.config_dict['configurations']['hadoop-env']['hdfs_user_principal_name'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py",
- classname = "HdfsClient",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py",
- classname = "HdfsClient",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hdfs-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py",
- classname = "HdfsClient",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
- # Testing with empty hdfs_user_principal and hdfs_user_keytab
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/hdfs_client.py",
- classname = "HdfsClient",
- command = "security_status",
- config_file="default.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
-
@patch("resource_management.core.shell.call")
def test_pre_upgrade_restart_23(self, call_mock):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
index 4b63de4..2202661 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_journalnode.py
@@ -369,120 +369,6 @@ class TestJournalnode(RMFTestCase):
except:
pass
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- },
- 'hdfs-site': {
- 'dfs.journalnode.kerberos.keytab.file': 'path/to/journalnode/keytab/file',
- 'dfs.journalnode.kerberos.principal': 'journalnode_principal'
- }
- }
-
- props_value_check = None
- props_empty_check = ['dfs.journalnode.keytab.file',
- 'dfs.journalnode.kerberos.principal']
- props_read_check = ['dfs.journalnode.keytab.file']
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/journalnode.py",
- classname = "JournalNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hdfs-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- security_params['hdfs-site']['dfs.journalnode.kerberos.keytab.file'],
- security_params['hdfs-site']['dfs.journalnode.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/journalnode.py",
- classname = "JournalNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/journalnode.py",
- classname = "JournalNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hdfs-site
- empty_security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- }
- }
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/journalnode.py",
- classname = "JournalNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hdfs-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/journalnode.py",
- classname = "JournalNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
-
def test_pre_upgrade_restart(self):
config_file = self.get_src_folder()+"/test/python/stacks/2.0.6/configs/default.json"
with open(config_file, "r") as f:
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
index a6a474a..01149fb 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_namenode.py
@@ -1277,120 +1277,6 @@ class TestNamenode(RMFTestCase):
self.assertTrue(isfile_mock.called)
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- },
- 'hdfs-site': {
- 'dfs.namenode.keytab.file': 'path/to/namenode/keytab/file',
- 'dfs.namenode.kerberos.principal': 'namenode_principal'
- }
- }
- props_value_check = None
- props_empty_check = ['dfs.namenode.kerberos.internal.spnego.principal',
- 'dfs.namenode.keytab.file',
- 'dfs.namenode.kerberos.principal']
- props_read_check = ['dfs.namenode.keytab.file']
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/namenode.py",
- classname = "NameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hdfs-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- security_params['hdfs-site']['dfs.namenode.keytab.file'],
- security_params['hdfs-site']['dfs.namenode.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/namenode.py",
- classname = "NameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/namenode.py",
- classname = "NameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hdfs-site
- empty_security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- }
- }
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/namenode.py",
- classname = "NameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hdfs-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/namenode.py",
- classname = "NameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
-
@patch.object(time, "sleep")
@patch("resource_management.libraries.functions.namenode_ha_utils.get_namenode_states")
def test_upgrade_restart(self, get_namenode_states_mock, sleep_mock):
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
index 396778d..b8fee12 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_nfsgateway.py
@@ -267,122 +267,6 @@ class TestNFSGateway(RMFTestCase):
group = 'hadoop',
)
-
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- },
- 'hdfs-site': {
- 'nfs.keytab.file': 'path/to/nfsgateway/keytab/file',
- 'nfs.kerberos.principal': 'nfs_principal'
- }
- }
-
- props_value_check = None
- props_empty_check = ['nfs.keytab.file',
- 'nfs.kerberos.principal']
- props_read_check = ['nfs.keytab.file']
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nfsgateway.py",
- classname = "NFSGateway",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hdfs-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- security_params['hdfs-site']['nfs.keytab.file'],
- security_params['hdfs-site']['nfs.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nfsgateway.py",
- classname = "NFSGateway",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nfsgateway.py",
- classname = "NFSGateway",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hdfs-site
- empty_security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- }
- }
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nfsgateway.py",
- classname = "NFSGateway",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hdfs-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/nfsgateway.py",
- classname = "NFSGateway",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- self.assertNoMoreResources()
-
@patch("resource_management.core.shell.call")
def test_pre_upgrade_restart(self, call_mock):
call_mock.side_effects = [(0, None), (0, None)]
http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
index 7b9dcb4..9e9366d 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/HDFS/test_snamenode.py
@@ -274,119 +274,4 @@ class TestSNamenode(RMFTestCase):
mode = 0755,
create_parents = True,
cd_access='a'
- )
-
- @patch("resource_management.libraries.functions.security_commons.build_expectations")
- @patch("resource_management.libraries.functions.security_commons.get_params_from_filesystem")
- @patch("resource_management.libraries.functions.security_commons.validate_security_config_properties")
- @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
- @patch("resource_management.libraries.script.Script.put_structured_out")
- def test_security_status(self, put_structured_out_mock, cached_kinit_executor_mock, validate_security_config_mock, get_params_mock, build_exp_mock):
- # Test that function works when is called with correct parameters
-
- security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- },
- 'hdfs-site': {
- 'dfs.secondary.namenode.keytab.file': 'path/to/snamenode/keytab/file',
- 'dfs.secondary.namenode.kerberos.principal': 'snamenode_principal'
- }
- }
-
- props_value_check = None
- props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal',
- 'dfs.secondary.namenode.keytab.file',
- 'dfs.secondary.namenode.kerberos.principal']
- props_read_check = ['dfs.secondary.namenode.keytab.file']
-
- result_issues = []
-
- get_params_mock.return_value = security_params
- validate_security_config_mock.return_value = result_issues
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/snamenode.py",
- classname = "SNameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- build_exp_mock.assert_called_with('hdfs-site', props_value_check, props_empty_check, props_read_check)
- put_structured_out_mock.assert_called_with({"securityState": "SECURED_KERBEROS"})
- cached_kinit_executor_mock.called_with('/usr/bin/kinit',
- self.config_dict['configurations']['hadoop-env']['hdfs_user'],
- security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'],
- security_params['hdfs-site']['dfs.secondary.namenode.kerberos.principal'],
- self.config_dict['hostname'],
- '/tmp')
-
- # Testing when hadoop.security.authentication is simple
- security_params['core-site']['hadoop.security.authentication'] = 'simple'
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/snamenode.py",
- classname = "SNameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
- security_params['core-site']['hadoop.security.authentication'] = 'kerberos'
-
- # Testing that the exception throw by cached_executor is caught
- cached_kinit_executor_mock.reset_mock()
- cached_kinit_executor_mock.side_effect = Exception("Invalid command")
-
- try:
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/snamenode.py",
- classname = "SNameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- except:
- self.assertTrue(True)
-
- # Testing with a security_params which doesn't contains hdfs-site
- empty_security_params = {
- 'core-site': {
- 'hadoop.security.authentication': 'kerberos'
- }
- }
- cached_kinit_executor_mock.reset_mock()
- get_params_mock.reset_mock()
- put_structured_out_mock.reset_mock()
- get_params_mock.return_value = empty_security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/snamenode.py",
- classname = "SNameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
-
- put_structured_out_mock.assert_called_with({"securityIssuesFound": "Keytab file or principal are not set property."})
-
- # Testing with not empty result_issues
- result_issues_with_params = {
- 'hdfs-site': "Something bad happened"
- }
-
- validate_security_config_mock.reset_mock()
- get_params_mock.reset_mock()
- validate_security_config_mock.return_value = result_issues_with_params
- get_params_mock.return_value = security_params
-
- self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/snamenode.py",
- classname = "SNameNode",
- command = "security_status",
- config_file="secured.json",
- stack_version = self.STACK_VERSION,
- target = RMFTestCase.TARGET_COMMON_SERVICES
- )
- put_structured_out_mock.assert_called_with({"securityState": "UNSECURED"})
\ No newline at end of file
+ )
\ No newline at end of file