ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jai...@apache.org
Subject ambari git commit: AMBARI-8790. Fix HBase Kerberos Descriptor, HBASE_CLIENT is incorrect. (robert levas via jaimin)
Date Thu, 18 Dec 2014 21:23:03 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk c2b9a1a72 -> 02b034bea


AMBARI-8790. Fix HBase Kerberos Descriptor, HBASE_CLIENT is incorrect. (robert levas via jaimin)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/02b034be
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/02b034be
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/02b034be

Branch: refs/heads/trunk
Commit: 02b034bea2af3ab4d85d4f9d5def249291929186
Parents: c2b9a1a
Author: Jaimin Jetly <jaimin@hortonworks.com>
Authored: Thu Dec 18 13:21:41 2014 -0800
Committer: Jaimin Jetly <jaimin@hortonworks.com>
Committed: Thu Dec 18 13:21:49 2014 -0800

----------------------------------------------------------------------
 .../main/resources/stacks/HDP/2.2/kerberos.json | 19 -----
 .../stacks/HDP/2.2/services/HBASE/kerberos.json | 72 +++++++-----------
 .../server/stack/KerberosDescriptorTest.java    | 77 ++++++++++++++++++++
 3 files changed, 103 insertions(+), 65 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/02b034be/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
index be766ed..92370a3 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/kerberos.json
@@ -41,25 +41,6 @@
       }
     },
     {
-      "name": "hbase",
-      "principal": {
-        "value": "hbase@${realm}",
-        "configuration": "hbase-env/hbase_principal_name"
-      },
-      "keytab": {
-        "file": "${keytab_dir}/hbase.headless.keytab",
-        "owner": {
-          "name": "root",
-          "access": "r"
-        },
-        "group": {
-          "name": "${cluster-env/user_group}",
-          "access": "r"
-        },
-        "configuration": "hbase-env/hbase_user_keytab"
-      }
-    },
-    {
       "name": "smokeuser",
       "principal": {
         "value": "ambari-qa@${realm}",

http://git-wip-us.apache.org/repos/asf/ambari/blob/02b034be/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
index d9e1c25..2807aaa 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/kerberos.json
@@ -10,12 +10,36 @@
           "name": "/hdfs"
         },
         {
-          "name": "/hbase"
+          "name": "hbase",
+          "principal": {
+            "value": "hbase@${realm}",
+            "configuration": "hbase-env/hbase_principal_name"
+          },
+          "keytab": {
+            "file": "${keytab_dir}/hbase.headless.keytab",
+            "owner": {
+              "name": "${hbase-env/hbase_user}",
+              "access": "r"
+            },
+            "group": {
+              "name": "${cluster-env/user_group}",
+              "access": "r"
+            },
+            "configuration": "hbase-env/hbase_user_keytab"
+          }
         },
         {
           "name": "/smokeuser"
         }
       ],
+      "configurations": [
+        {
+          "hbase-site": {
+            "hbase.security.authentication": "kerberos",
+            "hbase.security.authorization": "true"
+          }
+        }
+      ],
       "components": [
         {
           "name": "HBASE_MASTER",
@@ -66,51 +90,7 @@
           ]
         },
         {
-          "name": "HBASE_CLIENT",
-          "identities": [
-            {
-              "name": "secondary_namenode_nn",
-              "principal": {
-                "value": "nn/_HOST@${realm}",
-                "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.principal"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/snn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                },
-                "configuration": "hdfs-site/dfs.secondary.namenode.keytab.file"
-              }
-            },
-            {
-              "name": "secondary_namenode_host",
-              "principal": {
-                "value": "host/_HOST@${realm}"
-              },
-              "keytab": {
-                "file": "${keytab_dir}/snn.service.keytab",
-                "owner": {
-                  "name": "${hadoop-env/hdfs_user}",
-                  "access": "r"
-                },
-                "group": {
-                  "name": "${cluster-env/user_group}",
-                  "access": ""
-                }
-              }
-            },
-            {
-              "name": "/spnego",
-              "principal": {
-                "configuration": "hdfs-site/dfs.secondary.namenode.kerberos.internal.spnego.principal"
-              }
-            }
-          ]
+          "name": "HBASE_CLIENT"
         }
       ]
     }

http://git-wip-us.apache.org/repos/asf/ambari/blob/02b034be/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
new file mode 100644
index 0000000..0abb2f3
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.stack;
+
+import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.springframework.util.Assert;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+
+/**
+ * KerberosDescriptorTest tests the stack- and service-level descriptors for certain stacks
+ * and services
+ */
+public class KerberosDescriptorTest {
+  private static File stacksDirectory;
+  private static File hdpStackDirectory;
+  private static File hdp22StackDirectory;
+  private static File hdp22ServicesDirectory;
+  private static File commonServicesDirectory;
+
+
+  @BeforeClass
+  public static void beforeClass() {
+    URL rootDirectoryURL = KerberosDescriptorTest.class.getResource("/");
+    Assert.notNull(rootDirectoryURL);
+
+    stacksDirectory = new File(new File(rootDirectoryURL.getFile()).getParent(), "classes/stacks");
+    Assert.notNull(stacksDirectory);
+    Assert.isTrue(stacksDirectory.canRead());
+
+    hdpStackDirectory = new File(stacksDirectory, "HDP");
+    Assert.notNull(hdpStackDirectory);
+    Assert.isTrue(hdpStackDirectory.canRead());
+
+    hdp22StackDirectory = new File(hdpStackDirectory, "2.2");
+    Assert.notNull(hdp22StackDirectory);
+    Assert.isTrue(hdp22StackDirectory.canRead());
+
+    hdp22ServicesDirectory = new File(hdp22StackDirectory, "services");
+    Assert.notNull(hdp22ServicesDirectory);
+    Assert.isTrue(hdp22ServicesDirectory.canRead());
+
+    commonServicesDirectory = new File(new File(rootDirectoryURL.getFile()).getParent(),
"classes/common-services");
+    Assert.notNull(commonServicesDirectory);
+    Assert.isTrue(commonServicesDirectory.canRead());
+
+  }
+
+  @Test
+  public void testHDP22HBASEServiceDescriptor() throws IOException {
+    File hbaseDirectory = new File(hdp22ServicesDirectory, "HBASE");
+    KerberosDescriptor descriptor = KerberosDescriptor.fromFile(new File(hbaseDirectory,
"kerberos.json"));
+    Assert.notNull(descriptor);
+    Assert.notNull(descriptor.getServices());
+    Assert.notNull(descriptor.getService("HBASE"));
+  }
+}


Mime
View raw message