ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dmitriu...@apache.org
Subject git commit: AMBARI-7658. Fix warning when using HTTPS_ONLY for secured DN (dlysnichenko)
Date Mon, 06 Oct 2014 19:24:55 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk a619219ff -> 0800415ca


AMBARI-7658. Fix warning when using HTTPS_ONLY for secured DN (dlysnichenko)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0800415c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0800415c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0800415c

Branch: refs/heads/trunk
Commit: 0800415cacf997914941a3465914cf55bf2c573c
Parents: a619219
Author: Lisnichenko Dmitro <dlysnichenko@hortonworks.com>
Authored: Mon Oct 6 19:17:46 2014 +0300
Committer: Lisnichenko Dmitro <dlysnichenko@hortonworks.com>
Committed: Mon Oct 6 22:23:04 2014 +0300

----------------------------------------------------------------------
 .../stacks/HDP/2.2/services/stack_advisor.py    |   5 +-
 .../stacks/2.2/common/test_stack_advisor.py     | 137 ++++++++++++++++---
 2 files changed, 121 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/0800415c/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
index 3f1faf7..19b1065 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py
@@ -101,10 +101,9 @@ class HDP22StackAdvisor(HDP21StackAdvisor):
       # determine whether we use secure ports
       address_properties_with_warnings = []
       if dfs_http_policy_value == HTTPS_ONLY:
-        any_privileged_ports_are_in_use = privileged_dfs_dn_port or privileged_dfs_https_port
-        if any_privileged_ports_are_in_use:
+        if not privileged_dfs_dn_port and (privileged_dfs_https_port or datanode_https_address
not in hdfs_site):
           important_properties = [dfs_datanode_address, datanode_https_address]
-          message = "You set up datanode to use some non-secure ports, but {0} is set to
{1}. " \
+          message = "You set up datanode to use some non-secure ports. " \
                     "If you want to run Datanode under non-root user in a secure cluster,
" \
                     "you should set all these properties {2} " \
                     "to use non-secure ports (if property {3} does not exist, " \

http://git-wip-us.apache.org/repos/asf/ambari/blob/0800415c/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
index 7d29ca8..3d6b2e6 100644
--- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
+++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py
@@ -113,12 +113,64 @@ class TestHDP22StackAdvisor(TestCase):
     validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
     self.assertEquals(validation_problems, expected)
 
-    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, secure ports
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, https address not defined
+    properties = {  # hdfs-site
+                    'dfs.http.policy': 'HTTPS_ONLY',
+                    'dfs.datanode.address': '0.0.0.0:1019',
+                    }
+    configurations = {
+      'hdfs-site': {
+        'properties': properties,
+        },
+      'core-site': {
+        'properties': secure_cluster_core_site
+      }
+    }
+    expected = [ ]
+    validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
+    self.assertEquals(validation_problems, expected)
+
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, https address defined and secure
+    properties = {  # hdfs-site
+                    'dfs.http.policy': 'HTTPS_ONLY',
+                    'dfs.datanode.address': '0.0.0.0:1019',
+                    'dfs.datanode.https.address': '0.0.0.0:1022',
+                    }
+    configurations = {
+      'hdfs-site': {
+        'properties': properties,
+        },
+      'core-site': {
+        'properties': secure_cluster_core_site
+      }
+    }
+    expected = []
+    validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
+    self.assertEquals(validation_problems, expected)
+
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, https address defined and non
secure
     properties = {  # hdfs-site
                     'dfs.http.policy': 'HTTPS_ONLY',
                     'dfs.datanode.address': '0.0.0.0:1019',
                     'dfs.datanode.https.address': '0.0.0.0:50475',
+                  }
+    configurations = {
+      'hdfs-site': {
+        'properties': properties,
+      },
+      'core-site': {
+        'properties': secure_cluster_core_site
+      }
     }
+    expected = []
+    validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
+    self.assertEquals(validation_problems, expected)
+
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, non secure dfs port, https property
not defined
+    properties = {  # hdfs-site
+                    'dfs.http.policy': 'HTTPS_ONLY',
+                    'dfs.datanode.address': '0.0.0.0:50010',
+                 }
     configurations = {
       'hdfs-site': {
         'properties': properties,
@@ -130,31 +182,80 @@ class TestHDP22StackAdvisor(TestCase):
     expected = [{'config-name': 'dfs.datanode.address',
                  'config-type': 'hdfs-site',
                  'level': 'WARN',
-                 'message': "You set up datanode to use some non-secure ports, "
-                            "but dfs.http.policy is set to HTTPS_ONLY. If you "
-                            "want to run Datanode under non-root user in a secure"
-                            " cluster, you should set all these properties ['dfs.datanode.address',
'dfs.datanode.https.address'] "
-                            "to use non-secure ports (if property dfs.datanode.https.address
does not exist, just add it)."
-                            " You may also set up property dfs.data.transfer.protection ('authentication'
is a good default value). "
-                            "Also, set up WebHDFS with SSL as described in manual in order
to be able to use HTTPS.",
+                 'message': "You set up datanode to use some non-secure ports. "
+                            "If you want to run Datanode under non-root user in "
+                            "a secure cluster, you should set all these properties "
+                            "['dfs.datanode.address', 'dfs.datanode.https.address'] "
+                            "to use non-secure ports (if property "
+                            "dfs.datanode.https.address does not exist, just add it). "
+                            "You may also set up property dfs.data.transfer.protection "
+                            "('authentication' is a good default value). Also, set up "
+                            "WebHDFS with SSL as described in manual in order to "
+                            "be able to use HTTPS.",
                  'type': 'configuration'},
                 {'config-name': 'dfs.datanode.https.address',
                  'config-type': 'hdfs-site',
                  'level': 'WARN',
-                 'message': "You set up datanode to use some non-secure ports, "
-                            "but dfs.http.policy is set to HTTPS_ONLY. If you "
-                            "want to run Datanode under non-root user in a secure"
-                            " cluster, you should set all these properties ['dfs.datanode.address',
'dfs.datanode.https.address'] "
-                            "to use non-secure ports (if property dfs.datanode.https.address
does not exist, just add it)."
-                            " You may also set up property dfs.data.transfer.protection ('authentication'
is a good default value). "
-                            "Also, set up WebHDFS with SSL as described in manual in order
to be able to use HTTPS.",
+                 'message': "You set up datanode to use some non-secure ports. "
+                            "If you want to run Datanode under non-root user in "
+                            "a secure cluster, you should set all these properties "
+                            "['dfs.datanode.address', 'dfs.datanode.https.address'] "
+                            "to use non-secure ports (if property dfs.datanode.https.address
"
+                            "does not exist, just add it). You may also set up property "
+                            "dfs.data.transfer.protection ('authentication' is a good default
value). "
+                            "Also, set up WebHDFS with SSL as described in manual in "
+                            "order to be able to use HTTPS.",
                  'type': 'configuration'}
-                ]
+    ]
     validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
     self.assertEquals(validation_problems, expected)
 
 
-    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, valid configuration
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, non secure dfs port, https defined
and secure
+    properties = {  # hdfs-site
+                    'dfs.http.policy': 'HTTPS_ONLY',
+                    'dfs.datanode.address': '0.0.0.0:50010',
+                    'dfs.datanode.https.address': '0.0.0.0:1022',
+                    }
+    configurations = {
+      'hdfs-site': {
+        'properties': properties,
+        },
+      'core-site': {
+        'properties': secure_cluster_core_site
+      }
+    }
+    expected = [{'config-name': 'dfs.datanode.address',
+                 'config-type': 'hdfs-site',
+                 'level': 'WARN',
+                 'message': "You set up datanode to use some non-secure ports. "
+                            "If you want to run Datanode under non-root user in "
+                            "a secure cluster, you should set all these properties "
+                            "['dfs.datanode.address', 'dfs.datanode.https.address'] "
+                            "to use non-secure ports (if property dfs.datanode.https.address
"
+                            "does not exist, just add it). You may also set up property "
+                            "dfs.data.transfer.protection ('authentication' is a good "
+                            "default value). Also, set up WebHDFS with SSL as described "
+                            "in manual in order to be able to use HTTPS.",
+                 'type': 'configuration'},
+                {'config-name': 'dfs.datanode.https.address',
+                 'config-type': 'hdfs-site',
+                 'level': 'WARN',
+                 'message': "You set up datanode to use some non-secure ports. "
+                            "If you want to run Datanode under non-root user in "
+                            "a secure cluster, you should set all these properties "
+                            "['dfs.datanode.address', 'dfs.datanode.https.address'] "
+                            "to use non-secure ports (if property dfs.datanode.https.address
"
+                            "does not exist, just add it). You may also set up property "
+                            "dfs.data.transfer.protection ('authentication' is a good default
value). "
+                            "Also, set up WebHDFS with SSL as described in manual in order
to be "
+                            "able to use HTTPS.",
+                 'type': 'configuration'}
+    ]
+    validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
+    self.assertEquals(validation_problems, expected)
+
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTPS_ONLY, valid non-root configuration
     properties = {  # hdfs-site
                     'dfs.http.policy': 'HTTPS_ONLY',
                     'dfs.datanode.address': '0.0.0.0:50010',
@@ -173,7 +274,7 @@ class TestHDP22StackAdvisor(TestCase):
     validation_problems = self.stackAdvisor.validateHDFSConfigurations(properties, recommendedDefaults,
configurations)
     self.assertEquals(validation_problems, expected)
 
-    # TEST CASE: Secure cluster, dfs.http.policy=HTTP_ONLY, insecure ports
+    # TEST CASE: Secure cluster, dfs.http.policy=HTTP_ONLY, insecure port
     properties = {  # hdfs-site
                     'dfs.http.policy': 'HTTP_ONLY',
                     'dfs.datanode.address': '0.0.0.0:1019',


Mime
View raw message