ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aonis...@apache.org
Subject [2/2] ambari git commit: AMBARI-13843. Create a script to setup an Ambari deployment for non-root (aonishuk)
Date Wed, 11 Nov 2015 17:36:36 GMT
AMBARI-13843. Create a script to setup an Ambari deployment for non-root (aonishuk)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/092181e8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/092181e8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/092181e8

Branch: refs/heads/branch-2.1
Commit: 092181e8c256b2ff21eec946b9ae1883fca7b2b0
Parents: bbe2ec8
Author: Andrew Onishuk <aonishuk@hortonworks.com>
Authored: Wed Nov 11 19:36:25 2015 +0200
Committer: Andrew Onishuk <aonishuk@hortonworks.com>
Committed: Wed Nov 11 19:36:25 2015 +0200

----------------------------------------------------------------------
 .../non_root/setup_and_start_non_root_agent.sh  | 32 ++++++++++++++++++++
 .../non_root/setup_and_start_non_root_server.sh | 19 ++++++++++++
 2 files changed, 51 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/092181e8/contrib/utils/non_root/setup_and_start_non_root_agent.sh
----------------------------------------------------------------------
diff --git a/contrib/utils/non_root/setup_and_start_non_root_agent.sh b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
new file mode 100755
index 0000000..a564546
--- /dev/null
+++ b/contrib/utils/non_root/setup_and_start_non_root_agent.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# Run this on every ambari-agent node where you wish to have ambari-agent running as non-root
+
+# The script functions:
+# a) adds ambari user
+# b) adds required sudo priviligies for it into /etc/sudoers
+# c) Starts ambari-agent as ambari user
+
+useradd ambari
+
+echo 'Defaults    exempt_group = ambari' >> /etc/sudoers
+echo 'Defaults    !env_reset,env_delete-=PATH' >> /etc/sudoers
+echo 'Defaults: ambari !requiretty' >> /etc/sudoers
+
+echo 'ambari        ALL=(ALL)       NOPASSWD:SETENV: /usr/bin/yum,/usr/bin/zypper,/usr/bin/apt-get,
/bin/mkdir, /usr/bin/test, /bin/ln, /bin/chown, /bin/chmod, /bin/chgrp, /usr/sbin/groupadd,
/usr/sbin/groupmod, /usr/sbin/useradd, /usr/sbin/usermod, /bin/cp, /usr/sbin/setenforce, /usr/bin/test,
/usr/bin/stat, /bin/mv, /bin/sed, /bin/rm, /bin/kill, /bin/readlink, /usr/bin/pgrep, /bin/cat,
/usr/bin/unzip, /bin/tar, /usr/bin/tee, /usr/bin/hdp-select, /usr/bin/conf-select, /usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh,
/usr/lib/hadoop/bin/hadoop-daemon.sh, /usr/lib/hadoop/sbin/hadoop-daemon.sh, /usr/hdp/current/ranger-admin/setup.sh,
/usr/hdp/current/ranger-usersync/setup.sh, /usr/bin/ranger-usersync-stop, /usr/bin/ranger-usersync-start,
/sbin/chkconfig gmond off, /sbin/chkconfig gmetad off, /etc/init.d/httpd *, /sbin/service
hdp-gmetad start, /sbin/service hdp-gmond start, /usr/hdp/current/ranger-admin/ranger_credential_helper.py,
/usr/hdp/current/ranger-kms/ranger_credential_he
 lper.py, /usr/sbin/gmond, /usr/sbin/update-rc.d ganglia-monitor *, /usr/sbin/update-rc.d
gmetad *, /etc/init.d/apache2 *, /usr/sbin/service hdp-gmond *, /usr/sbin/service hdp-gmetad
*, /usr/sbin/service mysql *, /sbin/service mysqld *, /sbin/service mysql *, /bin/su hdfs
*, /bin/su ambari-qa *, /bin/su ranger *, /bin/su zookeeper *, /bin/su knox *,/bin/su falcon
*,/bin/su ams *, /bin/su flume *,/bin/su hbase *,/bin/su spark *,/bin/su accumulo *,/bin/su
hive *, /bin/su hcat *,/bin/su kafka *,/bin/su mapred *,/bin/su oozie *,/bin/su sqoop *,/bin/su
storm *,/bin/su tez *,/bin/su atlas *,/bin/su yarn *,/bin/su kms *,/bin/su mysql *' >>
/etc/sudoers
+
+sed -i.bak 's/run_as_user\s*=\s*.*$/run_as_user=ambari/g' '/etc/ambari-agent/conf/ambari-agent.ini'
+su - ambari -c '/usr/sbin/ambari-agent restart'

http://git-wip-us.apache.org/repos/asf/ambari/blob/092181e8/contrib/utils/non_root/setup_and_start_non_root_server.sh
----------------------------------------------------------------------
diff --git a/contrib/utils/non_root/setup_and_start_non_root_server.sh b/contrib/utils/non_root/setup_and_start_non_root_server.sh
new file mode 100755
index 0000000..469a7a6
--- /dev/null
+++ b/contrib/utils/non_root/setup_and_start_non_root_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+# setups ambari-server to run as ambari user and starts server as such 
+
+echo -ne 'y\nambari\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n' | ambari-server setup
+ambari-server restart


Mime
View raw message