ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From odiache...@apache.org
Subject ambari git commit: AMBARI-14053. PXF should get secured when security is enabled on cluster via kerberos wizard on ambari (Bhuvnesh Chaudhary via odiachenko).
Date Tue, 01 Dec 2015 00:30:18 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 1f1c661a1 -> ca53dfd10


AMBARI-14053. PXF should get secured when security is enabled on cluster via kerberos wizard
on ambari (Bhuvnesh Chaudhary via odiachenko).


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ca53dfd1
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ca53dfd1
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ca53dfd1

Branch: refs/heads/trunk
Commit: ca53dfd106099a37712a04e5f6dc65329baca9d1
Parents: 1f1c661
Author: Oleksandr Diachenko <odiachenko@pivotal.io>
Authored: Mon Nov 30 16:30:04 2015 -0800
Committer: Oleksandr Diachenko <odiachenko@pivotal.io>
Committed: Mon Nov 30 16:30:04 2015 -0800

----------------------------------------------------------------------
 .../common-services/PXF/3.0.0/kerberos.json     | 35 ++++++++++++++++++++
 .../PXF/3.0.0/package/scripts/params.py         |  4 +++
 .../PXF/3.0.0/package/scripts/pxf.py            | 10 +++++-
 3 files changed, 48 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/ca53dfd1/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json
new file mode 100644
index 0000000..0a3c3c7
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/kerberos.json
@@ -0,0 +1,35 @@
+{
+    "services": [
+        {
+            "components": [
+                {
+                    "identities": [
+                        {
+                            "keytab": {
+                                "configuration": null,
+                                "file": "${keytab_dir}/pxf.service.keytab",
+                                "group": {
+                                    "access": "",
+                                    "name": "${cluster-env/user_group}"
+                                },
+                                "owner": {
+                                    "access": "r",
+                                    "name": "pxf"
+                                }
+                            },
+                            "name": "pxf_client_pxf",
+                            "principal": {
+                                "configuration": null,
+                                "local_username": null,
+                                "type": "service",
+                                "value": "pxf/_HOST@${realm}"
+                            }
+                        }
+                    ],
+                    "name": "PXF"
+                }
+            ],
+            "name": "PXF"
+        }
+    ]
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/ca53dfd1/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py
index a4986c9..1d77787 100644
--- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/params.py
@@ -40,3 +40,7 @@ java_home = config["hostLevelParams"]["java_home"] if "java_home" in config["hos
 
 # Timeouts
 default_exec_timeout = 600
+
+# security related
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+realm_name = config['configurations']['kerberos-env']['realm']

http://git-wip-us.apache.org/repos/asf/ambari/blob/ca53dfd1/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py
b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py
index dd0031c..08475fd 100644
--- a/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py
+++ b/ambari-server/src/main/resources/common-services/PXF/3.0.0/package/scripts/pxf.py
@@ -21,6 +21,7 @@ limitations under the License.
 from resource_management import Script
 
 from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.script.config_dictionary import ConfigDictionary
 from resource_management.core.resources.accounts import User
 from resource_management.core.resources.system import Directory, File, Execute
 from resource_management.core.source import Template
@@ -99,9 +100,16 @@ class Pxf(Script):
       shutil.copy2("{0}/pxf-privatehdp.classpath".format(params.pxf_conf_dir),
                    "{0}/pxf-private.classpath".format(params.pxf_conf_dir))
 
+    if params.security_enabled:
+      pxf_site_dict = dict(params.config['configurations']['pxf-site'])
+      pxf_site_dict['pxf.service.kerberos.principal'] = "{0}/_HOST@{1}".format(params.pxf_user,
params.realm_name)
+      pxf_site = ConfigDictionary(pxf_site_dict)
+    else:
+      pxf_site = params.config['configurations']['pxf-site']
+
     XmlConfig("pxf-site.xml",
               conf_dir=params.pxf_conf_dir,
-              configurations=params.config['configurations']['pxf-site'],
+              configurations=pxf_site,
               configuration_attributes=params.config['configuration_attributes']['pxf-site'])
 
 


Mime
View raw message