ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vbrodets...@apache.org
Subject ambari git commit: AMBARI-9693. Review and update kerberos descriptors for various services.(vbrodetskyi)
Date Wed, 18 Feb 2015 15:32:15 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 1e37bff5a -> 8ae21c8b7


AMBARI-9693. Review and update kerberos descriptors for various services.(vbrodetskyi)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8ae21c8b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8ae21c8b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8ae21c8b

Branch: refs/heads/trunk
Commit: 8ae21c8b72c873a611d0f9a8e352f7ac77280e9a
Parents: 1e37bff
Author: Vitaly Brodetskyi <vbrodetskyi@hortonworks.com>
Authored: Wed Feb 18 17:31:40 2015 +0200
Committer: Vitaly Brodetskyi <vbrodetskyi@hortonworks.com>
Committed: Wed Feb 18 17:31:40 2015 +0200

----------------------------------------------------------------------
 .../server/controller/KerberosHelper.java       | 14 ++++++
 .../apache/ambari/server/utils/StageUtils.java  | 46 ++++++++++----------
 .../HBASE/0.96.0.2.0/kerberos.json              |  5 ++-
 .../HDFS/2.1.0.2.0/kerberos.json                | 14 +++++-
 .../YARN/2.1.0.2.0/kerberos.json                | 18 +++++++-
 .../server/controller/KerberosHelperTest.java   | 16 +++----
 6 files changed, 80 insertions(+), 33 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
index fa829a4..db19611 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java
@@ -78,6 +78,7 @@ import org.apache.ambari.server.state.PropertyInfo;
 import org.apache.ambari.server.state.SecurityState;
 import org.apache.ambari.server.state.SecurityType;
 import org.apache.ambari.server.state.Service;
+import org.apache.ambari.server.state.ServiceComponent;
 import org.apache.ambari.server.state.ServiceComponentHost;
 import org.apache.ambari.server.state.StackId;
 import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor;
@@ -91,6 +92,7 @@ import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
 import org.apache.ambari.server.state.svccomphost.ServiceComponentHostServerActionEvent;
 import org.apache.ambari.server.utils.StageUtils;
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -1135,6 +1137,18 @@ public class KerberosHelper {
       configHelper.cloneAttributesMap(attributes, configurationAttributes.get(type));
     }
 
+    // add clusterHostInfo config
+    Map<String, String> componentHosts = new HashMap<String, String>();
+    for (Map.Entry<String, Service> service : cluster.getServices().entrySet()) {
+      for (Map.Entry<String, ServiceComponent> serviceComponent : service.getValue().getServiceComponents().entrySet())
{
+        if (StageUtils.getComponentToClusterInfoKeyMap().keySet().contains(serviceComponent.getValue().getName()))
{
+          componentHosts.put(StageUtils.getComponentToClusterInfoKeyMap().get(serviceComponent.getValue().getName()),
+                  StringUtils.join(serviceComponent.getValue().getServiceComponentHosts().keySet(),
","));
+        }
+      }
+    }
+    configurations.put("clusterHostInfo", componentHosts);
+
     return configurations;
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
index f6d44d8..de84f35 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java
@@ -17,26 +17,8 @@
  */
 package org.apache.ambari.server.utils;
 
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.nio.charset.Charset;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeMap;
-import java.util.TreeSet;
-
-import javax.xml.bind.JAXBException;
-
+import com.google.common.base.Joiner;
+import com.google.gson.Gson;
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.Role;
 import org.apache.ambari.server.RoleCommand;
@@ -57,8 +39,24 @@ import org.codehaus.jackson.map.JsonMappingException;
 import org.codehaus.jackson.map.ObjectMapper;
 import org.codehaus.jackson.map.SerializationConfig;
 
-import com.google.common.base.Joiner;
-import com.google.gson.Gson;
+import javax.xml.bind.JAXBException;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.nio.charset.Charset;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.TreeMap;
+import java.util.TreeSet;
 
 public class StageUtils {
 
@@ -140,6 +138,10 @@ public class StageUtils {
     return requestId + "-" + stageId;
   }
 
+  public static Map<String, String> getComponentToClusterInfoKeyMap() {
+    return componentToClusterInfoKeyMap;
+  }
+
   public static long[] getRequestStage(String actionId) {
     String[] fields = actionId.split("-");
     long[] requestStageIds = new long[2];

http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 9ddad69..67664a9 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -39,7 +39,10 @@
           "hbase-site": {
             "hbase.security.authentication": "kerberos",
             "hbase.security.authorization": "true",
-            "zookeeper.znode.parent": "/hbase-secure"
+            "zookeeper.znode.parent": "/hbase-secure",
+            "hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController",
+            "hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController",
+            "hbase.bulkload.staging.dir": "/apps/hbase/staging"
           }
         }
       ],

http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index af8f93b..c327efb 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -25,7 +25,19 @@
             "hadoop.security.authentication": "kerberos",
             "hadoop.rpc.protection": "authentication",
             "hadoop.security.authorization": "true",
-            "hadoop.security.auth_to_local": "_AUTH_TO_LOCAL_RULES"
+            "hadoop.security.auth_to_local": "_AUTH_TO_LOCAL_RULES",
+            "hadoop.http.authentication.kerberos.name.rules": "",
+            "hadoop.http.filter.initializers": "",
+            "hadoop.http.authentication.type": "simple",
+            "hadoop.http.authentication.signature.secret": "",
+            "hadoop.http.authentication.signature.secret.file": "",
+            "hadoop.http.authentication.signer.secret.provider": "",
+            "hadoop.http.authentication.signer.secret.provider.object": "",
+            "hadoop.http.authentication.token.validity": "",
+            "hadoop.http.authentication.cookie.domain": "",
+            "hadoop.http.authentication.cookie.path": "",
+            "hadoop.proxyuser.HTTP.groups": "${core-site/proxyuser_group}",
+            "hadoop.proxyuser.HTTP.hosts": "${clusterHostInfo/webhcat_server_host}"
           }
         }
       ],

http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
index 42d0c1e..d4b005a 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json
@@ -18,7 +18,23 @@
           "yarn-site": {
             "yarn.timeline-service.enabled": "true",
             "yarn.timeline-service.http-authentication.type": "kerberos",
-            "yarn.acl.enable": "true"
+            "yarn.acl.enable": "true",
+            "yarn.timeline-service.http-authentication.signature.secret": "",
+            "yarn.timeline-service.http-authentication.signature.secret.file": "",
+            "yarn.timeline-service.http-authentication.signer.secret.provider": "",
+            "yarn.timeline-service.http-authentication.signer.secret.provider.object": "",
+            "yarn.timeline-service.http-authentication.token.validity": "",
+            "yarn.timeline-service.http-authentication.cookie.domain": "",
+            "yarn.timeline-service.http-authentication.cookie.path": "",
+            "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "",
+            "yarn.timeline-service.http-authentication.proxyusers.*.users": "",
+            "yarn.timeline-service.http-authentication.proxyusers.*.groups": "",
+            "yarn.timeline-service.http-authentication.kerberos.name.rules": "",
+            "yarn.resourcemanager.proxyusers.*.groups": "",
+            "yarn.resourcemanager.proxyusers.*.hosts": "",
+            "yarn.resourcemanager.proxyusers.*.users": "",
+            "yarn.resourcemanager.proxy-user-privileges.enabled": "true",
+            "yarn.nodemanager.linux-container-executor.cgroups.mount-path": ""
           }
         }
       ],

http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 1c8af3f..215161c 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -375,7 +375,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(service1.getName()).andReturn("SERVICE1").anyTimes();
     expect(service1.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
     service1.setSecurityState(SecurityState.SECURED_KERBEROS);
     expectLastCall().once();
 
@@ -383,7 +383,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(service2.getName()).andReturn("SERVICE2").anyTimes();
     expect(service2.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
     service2.setSecurityState(SecurityState.SECURED_KERBEROS);
     expectLastCall().once();
 
@@ -625,7 +625,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(service1.getName()).andReturn("SERVICE1").anyTimes();
     expect(service1.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
     service1.setSecurityState(SecurityState.UNSECURED);
     expectLastCall().once();
 
@@ -633,7 +633,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(service2.getName()).andReturn("SERVICE2").anyTimes();
     expect(service2.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
     service2.setSecurityState(SecurityState.UNSECURED);
     expectLastCall().once();
 
@@ -852,13 +852,13 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(service1.getName()).andReturn("SERVICE1").anyTimes();
     expect(service1.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
 
     final Service service2 = createStrictMock(Service.class);
     expect(service2.getName()).andReturn("SERVICE2").anyTimes();
     expect(service2.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
 
     final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class);
     expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes();
@@ -1130,13 +1130,13 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(service1.getName()).andReturn("SERVICE1").anyTimes();
     expect(service1.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
 
     final Service service2 = createStrictMock(Service.class);
     expect(service2.getName()).andReturn("SERVICE2").anyTimes();
     expect(service2.getServiceComponents())
         .andReturn(Collections.<String, ServiceComponent>emptyMap())
-        .once();
+        .times(2);
 
     final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class);
     expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes();


Mime
View raw message