You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ot...@apache.org on 2018/10/24 15:03:56 UTC

[07/51] [abbrv] metron git commit: METRON-1774 Allow user to configure JAAS client in Ambari (nickwallen) closes apache/metron#1192

METRON-1774 Allow user to configure JAAS client in Ambari (nickwallen) closes apache/metron#1192


Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/b84c8740
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/b84c8740
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/b84c8740

Branch: refs/heads/feature/METRON-1090-stellar-assignment
Commit: b84c8740db5fbd05f3876aee3cb5532622a6b9dd
Parents: 91c410f
Author: nickwallen <ni...@nickallen.org>
Authored: Tue Sep 18 11:35:13 2018 -0400
Committer: nickallen <ni...@apache.org>
Committed: Tue Sep 18 11:35:13 2018 -0400

----------------------------------------------------------------------
 .../configuration/metron-client-jaas-conf.xml   | 61 ++++++++++++++++++++
 .../common-services/METRON/CURRENT/metainfo.xml |  1 +
 .../CURRENT/package/scripts/metron_security.py  |  4 +-
 .../package/scripts/params/params_linux.py      |  2 +
 .../package/templates/client_jaas.conf.j2       | 44 --------------
 5 files changed, 66 insertions(+), 46 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
new file mode 100644
index 0000000..141a5eb
--- /dev/null
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false" supports_adding_forbidden="true">
+  <property>
+    <name>content</name>
+    <display-name>metron_client_jaas template</display-name>
+    <description>Metron client JAAS configuration</description>
+    <value>
+StormClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=false
+   storeKey=false
+   useTicketCache=true
+   serviceName="nimbus"
+   principal="{{metron_principal_name}}";
+};
+Client {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{metron_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   serviceName="zookeeper"
+   principal="{{metron_principal_name}}";
+};
+KafkaClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="{{metron_keytab_path}}"
+   storeKey=true
+   useTicketCache=false
+   serviceName="kafka"
+   principal="{{metron_principal_name}}";
+};
+   </value>
+    <value-attributes>
+      <type>content</type>
+      <show-property-name>false</show-property-name>
+    </value-attributes>
+    <on-ambari-upgrade add="false"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
index f83d93b..644ba97 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
@@ -471,6 +471,7 @@
         <config-type>kafka-broker</config-type>
         <config-type>kafka-env</config-type>
         <config-type>zeppelin-config</config-type>
+        <config-type>metron-client-jaas-conf</config-type>
       </configuration-dependencies>
       <restartRequiredAfterChange>true</restartRequiredAfterChange>
       <quickLinksConfigurations>

http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
index 4f04daf..d9486e8 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
@@ -16,6 +16,7 @@ limitations under the License.
 
 import os.path
 from resource_management.core.source import Template
+from resource_management.core.source import InlineTemplate
 from resource_management.core.resources.system import Directory, File
 from resource_management.core import global_lock
 from resource_management.core.logger import Logger
@@ -46,7 +47,7 @@ def storm_security_setup(params):
                   )
 
         File(ambari_format('{client_jaas_path}'),
-             content=Template('client_jaas.conf.j2'),
+             content=InlineTemplate(params.metron_client_jaas_conf_template),
              owner=params.metron_user,
              group=params.metron_group,
              mode=0755
@@ -80,4 +81,3 @@ def kinit(kinit_path_local, keytab_path, principal_name, execute_user=None):
             Execute(kinitcmd, user=execute_user)
     finally:
         kinit_lock.release()
-

http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
index 9be09f1..0525c7f 100755
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
@@ -259,6 +259,8 @@ if security_enabled:
     kafka_principal_name = kafka_principal_raw.replace('_HOST', hostname_lowercase)
     kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
 
+    metron_client_jaas_conf_template = config['configurations']['metron-client-jaas-conf']['content']
+
     nimbus_seeds = config['configurations']['storm-site']['nimbus.seeds']
     # Check wether Solr mpack is installed
     if 'solr-config-env' in config['configurations']:

http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
deleted file mode 100644
index c0a047e..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-
-StormClient {
-   com.sun.security.auth.module.Krb5LoginModule required
-   useKeyTab=false
-   storeKey=false
-   useTicketCache=true
-   serviceName="nimbus"
-   principal="{{metron_principal_name}}";
-};
-Client {
-   com.sun.security.auth.module.Krb5LoginModule required
-   useKeyTab=true
-   keyTab="{{metron_keytab_path}}"
-   storeKey=true
-   useTicketCache=false
-   serviceName="zookeeper"
-   principal="{{metron_principal_name}}";
-};
-KafkaClient {
-   com.sun.security.auth.module.Krb5LoginModule required
-   useKeyTab=true
-   keyTab="{{metron_keytab_path}}"
-   storeKey=true
-   useTicketCache=false
-   serviceName="kafka"
-   principal="{{metron_principal_name}}";
-};