You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@metron.apache.org by ot...@apache.org on 2018/10/24 15:03:56 UTC
[07/51] [abbrv] metron git commit: METRON-1774 Allow user to
configure JAAS client in Ambari (nickwallen) closes apache/metron#1192
METRON-1774 Allow user to configure JAAS client in Ambari (nickwallen) closes apache/metron#1192
Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/b84c8740
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/b84c8740
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/b84c8740
Branch: refs/heads/feature/METRON-1090-stellar-assignment
Commit: b84c8740db5fbd05f3876aee3cb5532622a6b9dd
Parents: 91c410f
Author: nickwallen <ni...@nickallen.org>
Authored: Tue Sep 18 11:35:13 2018 -0400
Committer: nickallen <ni...@apache.org>
Committed: Tue Sep 18 11:35:13 2018 -0400
----------------------------------------------------------------------
.../configuration/metron-client-jaas-conf.xml | 61 ++++++++++++++++++++
.../common-services/METRON/CURRENT/metainfo.xml | 1 +
.../CURRENT/package/scripts/metron_security.py | 4 +-
.../package/scripts/params/params_linux.py | 2 +
.../package/templates/client_jaas.conf.j2 | 44 --------------
5 files changed, 66 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
new file mode 100644
index 0000000..141a5eb
--- /dev/null
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false" supports_adding_forbidden="true">
+ <property>
+ <name>content</name>
+ <display-name>metron_client_jaas template</display-name>
+ <description>Metron client JAAS configuration</description>
+ <value>
+StormClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=false
+ storeKey=false
+ useTicketCache=true
+ serviceName="nimbus"
+ principal="{{metron_principal_name}}";
+};
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="{{metron_keytab_path}}"
+ storeKey=true
+ useTicketCache=false
+ serviceName="zookeeper"
+ principal="{{metron_principal_name}}";
+};
+KafkaClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="{{metron_keytab_path}}"
+ storeKey=true
+ useTicketCache=false
+ serviceName="kafka"
+ principal="{{metron_principal_name}}";
+};
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
index f83d93b..644ba97 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml
@@ -471,6 +471,7 @@
<config-type>kafka-broker</config-type>
<config-type>kafka-env</config-type>
<config-type>zeppelin-config</config-type>
+ <config-type>metron-client-jaas-conf</config-type>
</configuration-dependencies>
<restartRequiredAfterChange>true</restartRequiredAfterChange>
<quickLinksConfigurations>
http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
index 4f04daf..d9486e8 100644
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py
@@ -16,6 +16,7 @@ limitations under the License.
import os.path
from resource_management.core.source import Template
+from resource_management.core.source import InlineTemplate
from resource_management.core.resources.system import Directory, File
from resource_management.core import global_lock
from resource_management.core.logger import Logger
@@ -46,7 +47,7 @@ def storm_security_setup(params):
)
File(ambari_format('{client_jaas_path}'),
- content=Template('client_jaas.conf.j2'),
+ content=InlineTemplate(params.metron_client_jaas_conf_template),
owner=params.metron_user,
group=params.metron_group,
mode=0755
@@ -80,4 +81,3 @@ def kinit(kinit_path_local, keytab_path, principal_name, execute_user=None):
Execute(kinitcmd, user=execute_user)
finally:
kinit_lock.release()
-
http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
index 9be09f1..0525c7f 100755
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
+++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py
@@ -259,6 +259,8 @@ if security_enabled:
kafka_principal_name = kafka_principal_raw.replace('_HOST', hostname_lowercase)
kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab']
+ metron_client_jaas_conf_template = config['configurations']['metron-client-jaas-conf']['content']
+
nimbus_seeds = config['configurations']['storm-site']['nimbus.seeds']
# Check wether Solr mpack is installed
if 'solr-config-env' in config['configurations']:
http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
deleted file mode 100644
index c0a047e..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-
-StormClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=false
- storeKey=false
- useTicketCache=true
- serviceName="nimbus"
- principal="{{metron_principal_name}}";
-};
-Client {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="{{metron_keytab_path}}"
- storeKey=true
- useTicketCache=false
- serviceName="zookeeper"
- principal="{{metron_principal_name}}";
-};
-KafkaClient {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- keyTab="{{metron_keytab_path}}"
- storeKey=true
- useTicketCache=false
- serviceName="kafka"
- principal="{{metron_principal_name}}";
-};