ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-9583. Add kerberos support for spark (Zhan Zhang via rlevas)
Date Thu, 12 Feb 2015 03:12:31 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk b9c9832cd -> 41e275b1d


AMBARI-9583. Add kerberos support for spark (Zhan Zhang via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/41e275b1
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/41e275b1
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/41e275b1

Branch: refs/heads/trunk
Commit: 41e275b1df128b18ee595e6b8b963f48312010ef
Parents: b9c9832
Author: Zhan Zhang <zzhang@hortonworks.com>
Authored: Wed Feb 11 22:12:17 2015 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Wed Feb 11 22:12:17 2015 -0500

----------------------------------------------------------------------
 .../1.2.0.2.2/configuration/spark-defaults.xml  | 10 +++++
 .../SPARK/1.2.0.2.2/kerberos.json               | 40 ++++++++++++++++++++
 .../package/scripts/job_history_server.py       |  4 ++
 .../SPARK/1.2.0.2.2/package/scripts/params.py   |  7 ++++
 .../server/stack/KerberosDescriptorTest.java    |  8 ++++
 5 files changed, 69 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/41e275b1/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/configuration/spark-defaults.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/configuration/spark-defaults.xml
b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/configuration/spark-defaults.xml
index 564e697..20989b3 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/configuration/spark-defaults.xml
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/configuration/spark-defaults.xml
@@ -86,4 +86,14 @@
     <value></value>
   </property>
 
+  <property>
+    <name>spark.history.kerberos.principal</name>
+    <value>none</value>
+  </property>
+
+  <property>
+    <name>spark.history.kerberos.keytab</name>
+    <value>none</value>
+  </property>
+
 </configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/41e275b1/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
new file mode 100644
index 0000000..499d0dd
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json
@@ -0,0 +1,40 @@
+{
+  "services": [
+    {
+      "name": "SPARK",
+      "identities": [
+        {
+          "name": "/smokeuser"
+        }
+      ],
+      "components": [
+        {
+          "name": "SPARK_JOBHISTORYSERVER",
+          "identities": [
+            {
+              "name": "spark_historyserver",
+              "principal": {
+                "value": "spark/_HOST@${realm}",
+                "type" : "service",
+                "configuration": "spark-defaults/spark.history.kerberos.principal",
+                "local_username" : "${spark-env/spark_user}"
+              },
+              "keytab": {
+                "file": "${keytab_dir}/spark.service.keytab",
+                "owner": {
+                  "name": "${spark-env/spark_user}",
+                  "access": "r"
+                },
+                "group": {
+                  "name": "${cluster-env/user_group}",
+                  "access": ""
+                },
+                "configuration": "spark-defaults/spark.history.kerberos.keytab"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/41e275b1/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/job_history_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/job_history_server.py
b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/job_history_server.py
index 7199ec4..06389c7 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/job_history_server.py
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/job_history_server.py
@@ -66,6 +66,10 @@ class JobHistoryServer(Script):
     env.set_params(params)
     self.configure(env)
 
+    if params.security_enabled:
+      spark_kinit_cmd = format("{kinit_path_local} -kt {spark_kerberos_keytab} {spark_principal};
")
+      Execute(spark_kinit_cmd, user=params.spark_user)
+
     # FIXME! TODO! remove this after soft link bug is fixed:
     if not os.path.islink('/usr/hdp/current/spark'):
       hdp_version = get_hdp_version()

http://git-wip-us.apache.org/repos/asf/ambari/blob/41e275b1/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/params.py
index 99988ee..8189039 100644
--- a/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/package/scripts/params.py
@@ -116,3 +116,10 @@ if spark_driver_extraJavaOptions.find('-Dhdp.version') == -1:
 spark_yarn_am_extraJavaOptions = str(config['configurations']['spark-defaults']['spark.yarn.am.extraJavaOptions'])
 if spark_yarn_am_extraJavaOptions.find('-Dhdp.version') == -1:
   spark_yarn_am_extraJavaOptions = spark_yarn_am_extraJavaOptions + ' -Dhdp.version=' + str(hdp_full_version)
+
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"])
+spark_kerberos_keytab =  config['configurations']['spark-defaults']['spark.history.kerberos.keytab']
+spark_kerberos_principal =  config['configurations']['spark-defaults']['spark.history.kerberos.principal']
+if security_enabled:
+  spark_principal = spark_kerberos_principal.replace('_HOST',spark_history_server_host.lower())

http://git-wip-us.apache.org/repos/asf/ambari/blob/41e275b1/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
index bcd78ee..f60668f 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/stack/KerberosDescriptorTest.java
@@ -141,6 +141,14 @@ public class KerberosDescriptorTest {
     Assert.notNull(descriptor.getService("ZOOKEEPER"));
   }
 
+  @Test
+  public void testCommonSparkServiceDescriptor() throws IOException {
+    KerberosDescriptor descriptor = getKerberosDescriptor(commonServicesDirectory, "SPARK",
"1.2.0.2.2");
+    Assert.notNull(descriptor);
+    Assert.notNull(descriptor.getServices());
+    Assert.notNull(descriptor.getService("SPARK"));
+  }
+
   private KerberosDescriptor getKerberosDescriptor(File baseDirectory, String service, String
version) throws IOException {
     File serviceDirectory = new File(baseDirectory, service);
     File serviceVersionDirectory = new File(serviceDirectory, version);


Mime
View raw message