ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jai...@apache.org
Subject ambari git commit: AMBARI-8776. Create Kerberos Descriptors for ZooKeeper, Storm, Oozie and Falcon services. (jaimin)
Date Thu, 18 Dec 2014 01:51:25 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 19f251150 -> 4d4fc0cbb


AMBARI-8776. Create Kerberos Descriptors for ZooKeeper, Storm, Oozie and Falcon services.
(jaimin)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4d4fc0cb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4d4fc0cb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4d4fc0cb

Branch: refs/heads/trunk
Commit: 4d4fc0cbb5929655080ba79604244a7a0eba862c
Parents: 19f2511
Author: Jaimin Jetly <jaimin@hortonworks.com>
Authored: Wed Dec 17 17:50:03 2014 -0800
Committer: Jaimin Jetly <jaimin@hortonworks.com>
Committed: Wed Dec 17 17:50:20 2014 -0800

----------------------------------------------------------------------
 .../main/resources/stacks/HDP/2.2/kerberos.json |  2 +-
 .../HDP/2.2/services/FALCON/kerberos.json       | 63 +++++++++++++
 .../stacks/HDP/2.2/services/HBASE/kerberos.json |  3 +
 .../stacks/HDP/2.2/services/HIVE/kerberos.json  | 21 +++++
 .../stacks/HDP/2.2/services/OOZIE/kerberos.json | 64 +++++++++++++
 .../stacks/HDP/2.2/services/STORM/kerberos.json | 98 ++++++++++++++++++++
 .../stacks/HDP/2.2/services/YARN/kerberos.json  | 12 +--
 .../HDP/2.2/services/ZOOKEEPER/kerberos.json    | 38 ++++++++
 8 files changed, 294 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
index b9031d0..be766ed 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
@@ -43,7 +43,7 @@
     {
       "name": "hbase",
       "principal": {
-        "value": "hdfs@${realm}",
+        "value": "hbase@${realm}",
         "configuration": "hbase-env/hbase_principal_name"
       },
       "keytab": {

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
new file mode 100644
index 0000000..98e917a
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/FALCON/kerberos.json
@@ -0,0 +1,63 @@
+{
+  "services": [
+    {
+      "name": "FALCON",
+      "identities": [
+        {
+          "name": "/spnego"
+        },
+        {
+          "name": "/smokeuser"
+        },
+        {
+          "name": "/hdfs"
+        }
+      ],
+      "configurations": [
+        {
+          "falcon-startup.properties": {
+            "*.falcon.authentication.type": "kerberos",
+            "*.falcon.http.authentication.type": "kerberos",
+            "*.dfs.namenode.kerberos.principal": "nn/_HOST@${realm}"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name": "FALCON_SERVER",
+          "identities": [
+            {
+              "name": "falcon_server",
+              "principal": {
+                "value": "falcon/${host}@${realm}",
+                "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.principal"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/falcon.service.keytab",
+                "owner": {
+                  "name": "${falcon-env/falcon_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "falcon-startup.properties/*.falcon.service.authentication.kerberos.keytab"
+              }
+            },
+            {
+              "name": "/spnego",
+              "principal": {
+                "value": "HTTP/${host}@${realm}",
+                "configuration": "falcon-startup.properties/oozie.authentication.kerberos.principal"
+              },
+              "keytab": {
+                "configuration": "falcon-startup.properties/oozie.authentication.kerberos.keytab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
index 2d321a7..d9e1c25 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
@@ -10,6 +10,9 @@
           "name": "/hdfs"
         },
         {
+          "name": "/hbase"
+        },
+        {
           "name": "/smokeuser"
         }
       ],

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
index 216aad7..de5d733 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/kerberos.json
@@ -17,6 +17,12 @@
             "hive.security.authorization.enabled": "true",
             "hive.server2.authentication": "KERBEROS"
           }
+        },
+        {
+          "webhcat-site": {
+            "templeton.kerberos.secret": "secret",
+            "templeton.hive.properties": "hive.metastore.local=false,hive.metastore.uris=thrift://${host}:9083,hive.metastore.sasl.enabled=true,hive.metastore.execute.setugi=true,hive.metastore.warehouse.dir=/apps/hive/warehouse,hive.exec.mode.local.auto=false,hive.metastore.kerberos.principal=hive/_HOST@${realm}"
+          }
         }
       ],
       "components": [
@@ -76,6 +82,21 @@
               }
             }
           ]
+        },
+        {
+          "name": "WEBHCAT_SERVER",
+          "identities": [
+            {
+              "name": "/spnego",
+              "principal": {
+                "value": "HTTP/${host}@${realm}",
+                "configuration": "webhcat-site/templeton.kerberos.principal"
+              },
+              "keytab": {
+                "configuration": "webhcat-site/templeton.kerberos.keytab"
+              }
+            }
+          ]
         }
       ]
     }

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
new file mode 100644
index 0000000..9cb24ca
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/kerberos.json
@@ -0,0 +1,64 @@
+{
+  "services": [
+    {
+      "name": "OOZIE",
+      "identities": [
+        {
+          "name": "/spnego"
+        },
+        {
+          "name": "/smokeuser"
+        },
+        {
+          "name": "/hdfs"
+        }
+      ],
+      "configurations": [
+        {
+          "oozie-site": {
+            "oozie.authentication.type": "kerberos",
+            "oozie.service.AuthorizationService.authorization.enabled": "true",
+            "oozie.service.HadoopAccessorService.kerberos.enabled": "true",
+            "local.realm": "${realm}",
+            "oozie.authentication.kerberos.name.rules": "RULE:[2:$1@$0]([jt]t@.*${realm})s/.*/mapred/\nRULE:[2:$1@$0]([nd]n@.*${realm})s/.*/hdfs/\nRULE:[2:$1@$0](hm@.*${realm})s/.*/hbase/\nRULE:[2:$1@$0](rs@.*${realm})s/.*/hbase/\nDEFAULT"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name": "OOZIE_SERVER",
+          "identities": [
+            {
+              "name": "oozie_server",
+              "principal": {
+                "value": "oozie/_HOST@${realm}",
+                "configuration": "oozie-site/oozie.service.HadoopAccessorService.kerberos.principal"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/oozie.service.keytab",
+                "owner": {
+                  "name": "${oozie-env/oozie_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "oozie-site/oozie.service.HadoopAccessorService.keytab.file"
+              }
+            },
+            {
+              "name": "/spnego",
+              "principal": {
+                "configuration": "oozie-site/oozie.authentication.kerberos.principal"
+              },
+              "keytab": {
+                "configuration": "oozie-site/oozie.authentication.kerberos.keytab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
new file mode 100644
index 0000000..77f4fe4
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/kerberos.json
@@ -0,0 +1,98 @@
+{
+  "services": [
+    {
+      "name": "STORM",
+      "identities": [
+        {
+          "name": "/spnego"
+        },
+        {
+          "name": "/smokeuser"
+        },
+        {
+          "name": "storm_components",
+          "principal": {
+            "value": "storm/_HOST@${realm}",
+            "configuration": "storm-env/storm_principal_name"
+          },
+          "keytab": {
+            "file": "${keytab_dir}/storm.service.keytab",
+            "owner": {
+              "name": "${storm-env/storm_user}",
+              "access": "r"
+            },
+            "group": {
+              "name": "${cluster-env/user_group}",
+              "access": ""
+            },
+            "configuration": "storm-env/storm_keytab"
+          }
+        }
+      ],
+      "components": [
+        {
+          "name": "STORM_UI_SERVER",
+          "identities": [
+            {
+              "name": "/spnego",
+              "principal": {
+                "configuration": "storm-env/storm_ui_principal_name"
+              },
+              "keytab": {
+                "configuration": "storm-env/storm_ui_keytab"
+              }
+            }
+          ]
+        },
+        {
+          "name": "NIMBUS",
+          "identities": [
+            {
+              "name": "nimbus_server",
+              "principal": {
+                "value": "nimbus/_HOST@${realm}",
+                "configuration": "storm-env/nimbus_principal_name"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/nimbus.service.keytab",
+                "owner": {
+                  "name": "${storm-env/storm_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "storm-env/nimbus_keytab"
+              }
+            }
+          ]
+        },
+        {
+          "name": "DRPC_SERVER",
+          "identities": [
+            {
+              "name": "nimbus_server",
+              "principal": {
+                "value": "nimbus/_HOST@${realm}",
+                "configuration": "storm-env/nimbus_principal_name"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/nimbus.service.keytab",
+                "owner": {
+                  "name": "${storm-env/storm_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "storm-env/nimbus_keytab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
index 61117b5..7677a7a 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/YARN/kerberos.json
@@ -65,10 +65,10 @@
             {
               "name": "/spnego",
               "principal": {
-                "configuration": "yarn.nodemanager.webapp.spnego-principal"
+                "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal"
               },
               "keytab": {
-                "configuration": "yarn.nodemanager.webapp.spnego-keytab-file"
+                "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file"
               }
             }
           ],
@@ -120,10 +120,10 @@
             {
               "name": "/spnego",
               "principal": {
-                "configuration": "yarn.resourcemanager.webapp.spnego-principal"
+                "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal"
               },
               "keytab": {
-                "configuration": "yarn.resourcemanager.webapp.spnego-keytab-file"
+                "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file"
               }
             }
           ]
@@ -170,10 +170,10 @@
             {
               "name": "/spnego",
               "principal": {
-                "configuration": "yarn.timeline-service.http-authentication.kerberos.principal"
+                "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal"
               },
               "keytab": {
-                "configuration": "yarn.timeline-service.http-authentication.kerberos.keytab"
+                "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab"
               }
             }
           ]

http://git-wip-us.apache.org/repos/asf/ambari/blob/4d4fc0cb/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
new file mode 100644
index 0000000..ddec01f
--- /dev/null
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/ZOOKEEPER/kerberos.json
@@ -0,0 +1,38 @@
+{
+  "services": [
+    {
+      "name": "ZOOKEEPER",
+      "identities": [
+        {
+          "name": "/smokeuser"
+        }
+      ],
+      "components": [
+        {
+          "name": "ZOOKEEPER_SERVER",
+          "identities": [
+            {
+              "name": "zookeeper_zk",
+              "principal": {
+                "value": "zk/_HOST@${realm}",
+                "configuration": "zookeeper-env/zookeeper_principal_name"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/zk.service.keytab",
+                "owner": {
+                  "name": "${zookeeper-env/zk_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "zookeeper-env/zookeeper_keytab_path"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}


Mime
View raw message