ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-11238. When Kerberizing a cluster with Ranger HBase plugin enabled, HBase coprocessor properties in hbase-site are overwritten (and breaks Ranger HBase plugin) (Emil Anca via rlevas)
Date Wed, 20 May 2015 13:28:07 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 444faa1e9 -> ce8f5aaa0


AMBARI-11238. When Kerberizing a cluster with Ranger HBase plugin enabled, HBase coprocessor
properties in hbase-site are overwritten (and breaks Ranger HBase plugin) (Emil Anca via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ce8f5aaa
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ce8f5aaa
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ce8f5aaa

Branch: refs/heads/trunk
Commit: ce8f5aaa0bfbdc48f71140cd89c47d3aa7869dcf
Parents: 444faa1
Author: Emil Anca <eanca@hortonworks.com>
Authored: Wed May 20 09:27:50 2015 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Wed May 20 09:28:07 2015 -0400

----------------------------------------------------------------------
 .../common-services/HBASE/0.96.0.2.0/kerberos.json   |  4 ++--
 .../HBASE/0.96.0.2.0/package/scripts/params_linux.py | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/ce8f5aaa/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
index 125a9c9..5da0846 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json
@@ -40,8 +40,8 @@
             "hbase.security.authentication": "kerberos",
             "hbase.security.authorization": "true",
             "zookeeper.znode.parent": "/hbase-secure",
-            "hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController",
-            "hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController",
+              "hbase.coprocessor.master.classes": "{{hbase_coprocessor_master_classes}}",
+              "hbase.coprocessor.region.classes": "{{hbase_coprocessor_region_classes}}",
             "hbase.bulkload.staging.dir": "/apps/hbase/staging"
           }
         }

http://git-wip-us.apache.org/repos/asf/ambari/blob/ce8f5aaa/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
index 410a690..7d83550 100644
--- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py
@@ -215,9 +215,8 @@ policy_user = config['configurations']['ranger-hbase-plugin-properties']['policy
 #For curl command in ranger plugin to get db connector
 jdk_location = config['hostLevelParams']['jdk_location']
 java_share_dir = '/usr/share/java'
-
+enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower()
== 'yes')
 if has_ranger_admin:
-  enable_ranger_hbase = (config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower()
== 'yes')
   xa_audit_db_password = unicode(config['configurations']['admin-properties']['audit_db_password'])
   repo_config_password = unicode(config['configurations']['ranger-hbase-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'])
   xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
@@ -275,3 +274,15 @@ if has_ranger_admin:
     ssl_keystore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
     ssl_truststore_password = unicode(config['configurations']['ranger-hbase-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
     credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+# Used to dynamically set the hbase-site props that are referenced during Kerbenization
+if security_enabled:
+  if not enable_ranger_hbase: # Default props, no ranger plugin
+    hbase_coprocessor_master_classes = "org.apache.hadoop.hbase.security.access.AccessController"
+    hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController"
+  elif xml_configurations_supported: # HDP stack 2.3+ ranger plugin enabled
+    hbase_coprocessor_master_classes = "org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor
"
+    hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor"
+  else: # HDP Stack 2.2 and less / ranger plugin enabled
+    hbase_coprocessor_master_classes = "com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"
+    hbase_coprocessor_region_classes = "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor"


Mime
View raw message