ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aonis...@apache.org
Subject [2/2] ambari git commit: AMBARI-12449. Ranger KMS after some time becomes stopped on non-root agent + systemwide umask 027 (aonishuk)
Date Fri, 17 Jul 2015 15:11:30 GMT
AMBARI-12449. Ranger KMS after some time becomes stopped on non-root agent + systemwide umask
027 (aonishuk)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4570ca31
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4570ca31
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4570ca31

Branch: refs/heads/branch-2.1
Commit: 4570ca3190f7b5448fa70a1ed31fb3d16e1fdb94
Parents: 56640af
Author: Andrew Onishuk <aonishuk@hortonworks.com>
Authored: Fri Jul 17 18:11:21 2015 +0300
Committer: Andrew Onishuk <aonishuk@hortonworks.com>
Committed: Fri Jul 17 18:11:21 2015 +0300

----------------------------------------------------------------------
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 23 +++++++++++---------
 .../0.5.0.2.3/package/scripts/params.py         |  2 +-
 2 files changed, 14 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4570ca31/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 2d3e42c..2551ccd 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -90,7 +90,7 @@ def setup_java_patch():
     if len(hadoop_jar_files) != 0:
       for f in hadoop_jar_files:
         Execute((format('{java_home}/bin/jar'),'-uf', format('{kms_home}/ews/webapp/lib/{f}'),
format('{kms_home}/ews/webapp/META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory')),
-          sudo=True)
+          user=params.kms_user)
 
         File(format('{kms_home}/ews/webapp/lib/{f}'), owner=params.kms_user, group=params.kms_group)
 
@@ -99,9 +99,12 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password)
   import params
 
   if cred_provider_path is not None:
-    cred_setup = format('{cred_setup_prefix} -f {cred_provider_path} -k "{credential_alias}"
-v {credential_password!p} -c 1')
-
-    Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+    cred_setup = params.cred_setup_prefix + ('-f', cred_provider_path, '-k', credential_alias,
'-v', credential_password, '-c', '1')
+    Execute(cred_setup, 
+            environment={'JAVA_HOME': params.java_home}, 
+            logoutput=True, 
+            sudo=True,
+    )
 
     File(cred_provider_path,
       owner = params.kms_user,
@@ -267,14 +270,14 @@ def enable_kms_plugin():
       mode=0744)
 
     if params.xa_audit_db_is_enabled:
-      cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v {xa_audit_db_password!p}
-c 1')
-      Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+      cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'auditDBCred',
'-v', params.xa_audit_db_password, '-c', '1')
+      Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
 
-    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v {ssl_keystore_password!p}
-c 1')
-    Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+    cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslKeyStore',
'-v', params.ssl_keystore_password, '-c', '1')
+    Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
 
-    cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v {ssl_truststore_password!p}
-c 1')
-    Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True)
+    cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslTrustStore',
'-v', params.ssl_truststore_password, '-c', '1')
+    Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
 
     File(params.credential_file,
       owner = params.kms_user,

http://git-wip-us.apache.org/repos/asf/ambari/blob/4570ca31/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index 0169a9b..9d895f4 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -64,7 +64,7 @@ jdbc_alias = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credentia
 masterkey_alias = config['configurations']['dbks-site']['ranger.ks.masterkey.credential.alias']
 repo_name = str(config['clusterName']) + '_kms'
 cred_lib_path = os.path.join(kms_home,"cred","lib","*")
-cred_setup_prefix = format('python {kms_home}/ranger_credential_helper.py -l "{cred_lib_path}"')
+cred_setup_prefix = (format('{kms_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
 credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
 
 if has_ranger_admin:


Mime
View raw message