Return-Path: X-Original-To: apmail-ambari-commits-archive@www.apache.org Delivered-To: apmail-ambari-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 54B8F1819F for ; Tue, 10 Nov 2015 22:20:43 +0000 (UTC) Received: (qmail 1830 invoked by uid 500); 10 Nov 2015 22:20:43 -0000 Delivered-To: apmail-ambari-commits-archive@ambari.apache.org Received: (qmail 1794 invoked by uid 500); 10 Nov 2015 22:20:43 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 1784 invoked by uid 99); 10 Nov 2015 22:20:43 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 10 Nov 2015 22:20:43 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 15F82E048E; Tue, 10 Nov 2015 22:20:43 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jaimin@apache.org To: commits@ambari.apache.org Message-Id: <8c83bee5a03c4a618773749fb6a4dcf7@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-13823. kafka-broker/authorizer.class.name is not removed when kerberos is disabled. (jaimin) Date: Tue, 10 Nov 2015 22:20:43 +0000 (UTC) Repository: ambari Updated Branches: refs/heads/trunk 9ef7b802a -> ae209e239 AMBARI-13823. kafka-broker/authorizer.class.name is not removed when kerberos is disabled. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ae209e23 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ae209e23 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ae209e23 Branch: refs/heads/trunk Commit: ae209e239e8b096e2665744af5b541e35e667503 Parents: 9ef7b80 Author: Jaimin Jetly Authored: Tue Nov 10 14:19:32 2015 -0800 Committer: Jaimin Jetly Committed: Tue Nov 10 14:20:24 2015 -0800 ---------------------------------------------------------------------- .../HDP/2.3/services/KAFKA/configuration/kafka-broker.xml | 1 - .../main/resources/stacks/HDP/2.3/services/stack_advisor.py | 9 +++++---- 2 files changed, 5 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/ae209e23/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/kafka-broker.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/kafka-broker.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/kafka-broker.xml index 896db6f..8c2f34a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/kafka-broker.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/kafka-broker.xml @@ -140,7 +140,6 @@ authorizer.class.name - kafka.security.auth.SimpleAclAuthorizer Kafka authorizer class http://git-wip-us.apache.org/repos/asf/ambari/blob/ae209e23/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 5a1a5f9..38cba97 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -390,15 +390,15 @@ class HDP23StackAdvisor(HDP22StackAdvisor): else: # Kerberized Cluster with Ranger plugin disabled - if security_enabled and \ + if security_enabled and 'authorizer.class.name' in services['configurations']['kafka-broker']['properties'] and \ services['configurations']['kafka-broker']['properties']['authorizer.class.name'] == 'org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer': putKafkaBrokerProperty("authorizer.class.name", 'kafka.security.auth.SimpleAclAuthorizer') # Non-kerberos Cluster with Ranger plugin disabled - else: + elif 'authorizer.class.name' in services['configurations']['kafka-broker']['properties']: putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true') # Non-Kerberos Cluster without Ranger - elif not security_enabled: + elif not security_enabled and 'authorizer.class.name' in services['configurations']['kafka-broker']['properties']: putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true') @@ -576,7 +576,8 @@ class HDP23StackAdvisor(HDP22StackAdvisor): ranger_plugin_enabled = ranger_plugin_properties['ranger-hdfs-plugin-enabled'] if ranger_plugin_properties else 'No' servicesList = [service["StackServices"]["service_name"] for service in services["services"]] if ("RANGER" in servicesList) and (ranger_plugin_enabled.lower() == 'Yes'.lower()): - if hdfs_site['dfs.namenode.inode.attributes.provider.class'].lower() != 'org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer'.lower(): + if 'dfs.namenode.inode.attributes.provider.class' not in hdfs_site or \ + hdfs_site['dfs.namenode.inode.attributes.provider.class'].lower() != 'org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer'.lower(): validationItems.append({"config-name": 'dfs.namenode.inode.attributes.provider.class', "item": self.getWarnItem( "dfs.namenode.inode.attributes.provider.class needs to be set to 'org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer' if Ranger HDFS Plugin is enabled.")})