ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aonis...@apache.org
Subject ambari git commit: AMBARI-15245. [Ambari tarballs] non-root server setup: setup permissions and jdk (aonishuk)
Date Tue, 01 Mar 2016 12:43:26 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 61be6b22e -> 4019afa25


AMBARI-15245. [Ambari tarballs] non-root server setup: setup permissions and jdk (aonishuk)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4019afa2
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4019afa2
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4019afa2

Branch: refs/heads/trunk
Commit: 4019afa252244d21f17d10473196ee283678ee2c
Parents: 61be6b2
Author: Andrew Onishuk <aonishuk@hortonworks.com>
Authored: Tue Mar 1 14:43:21 2016 +0200
Committer: Andrew Onishuk <aonishuk@hortonworks.com>
Committed: Tue Mar 1 14:43:21 2016 +0200

----------------------------------------------------------------------
 ambari-server/conf/unix/ambari-sudo.sh          | 54 ++++++++++++--------
 ambari-server/conf/unix/ambari.properties       |  5 +-
 .../ambari_server/dbConfiguration_linux.py      |  8 +--
 .../python/ambari_server/serverConfiguration.py | 16 +++---
 .../main/python/ambari_server/serverSetup.py    | 13 +++--
 .../main/python/ambari_server/setupSecurity.py  | 11 ++--
 .../src/test/python/TestAmbariServer.py         |  1 -
 7 files changed, 59 insertions(+), 49 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/conf/unix/ambari-sudo.sh
----------------------------------------------------------------------
diff --git a/ambari-server/conf/unix/ambari-sudo.sh b/ambari-server/conf/unix/ambari-sudo.sh
index a4682f6..ba76f25 100644
--- a/ambari-server/conf/unix/ambari-sudo.sh
+++ b/ambari-server/conf/unix/ambari-sudo.sh
@@ -13,29 +13,39 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 
-# since ambari-server doesn't have sudo permissions this file is just a mock file
-# which always runs commands without sudo.
-ENV=()
-SUDO_ARGS=()
+SUDO_BINARY="/usr/bin/sudo"
 
-for i ; do
-  if [[ "$i" == *"="* ]] ; then
-    ENV+=("$i")
-    shift
-  elif [[ "$i" == "-"* ]] ; then
-    SUDO_ARGS+=("$i")
-    shift
-  else
-    break
-  fi
-done
+if [[ $# -eq 0 ]] ; then
+  echo 'usage: ambari-sudo.sh [sudo_arg1, sudo_arg2 ...] command [arg1, arg2 ...]'
+  exit 1
+fi
+
+# if user is non-root
+if [ "$EUID" -ne 0 ] ; then
+  $SUDO_BINARY "$@"
+else
+  ENV=()
+  SUDO_ARGS=()
+
+  for i ; do
+    if [[ "$i" == *"="* ]] ; then
+      ENV+=("$i")
+      shift
+    elif [[ "$i" == "-"* ]] ; then
+      SUDO_ARGS+=("$i")
+      shift
+    else
+      break
+    fi
+  done
   
-#echo "sudo arguments: ${SUDO_ARGS[@]}"
-#echo "env: ${ENV[@]}"
-#echo "args: $@"
+  #echo "sudo arguments: ${SUDO_ARGS[@]}"
+  #echo "env: ${ENV[@]}"
+  #echo "args: $@"
 
-if [ "$ENV" ] ; then
-  export "${ENV[@]}"
-fi
+  if [ "$ENV" ] ; then
+    export "${ENV[@]}"
+  fi
 
-"$@"
\ No newline at end of file
+  "$@"
+fi
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/conf/unix/ambari.properties
----------------------------------------------------------------------
diff --git a/ambari-server/conf/unix/ambari.properties b/ambari-server/conf/unix/ambari.properties
index 81ef446..ba5090c 100644
--- a/ambari-server/conf/unix/ambari.properties
+++ b/ambari-server/conf/unix/ambari.properties
@@ -29,14 +29,14 @@ jdk1.7.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-7u67-linux-x64.tar
 jdk1.7.dest-file=jdk-7u67-linux-x64.tar.gz
 jdk1.7.jcpol-url=http://public-repo-1.hortonworks.com/ARTIFACTS/UnlimitedJCEPolicyJDK7.zip
 jdk1.7.jcpol-file=UnlimitedJCEPolicyJDK7.zip
-jdk1.7.home=/usr/jdk64/
+jdk1.7.home=$ROOT/usr/jdk64/
 jdk1.7.re=(jdk.*)/jre
 jdk1.8.desc=Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files 8
 jdk1.8.url=http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-8u60-linux-x64.tar.gz
 jdk1.8.dest-file=jdk-8u60-linux-x64.tar.gz
 jdk1.8.jcpol-url=http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-8.zip
 jdk1.8.jcpol-file=jce_policy-8.zip
-jdk1.8.home=/usr/jdk64/
+jdk1.8.home=$ROOT/usr/jdk64/
 jdk1.8.re=(jdk.*)/jre
 jdk.download.supported=true
 jce.download.supported=true
@@ -52,7 +52,6 @@ recommendations.dir=$ROOT/var/run/ambari-server/stack-recommendations
 stackadvisor.script=$ROOT/var/lib/ambari-server/resources/scripts/stack_advisor.py
 server.tmp.dir=$ROOT/var/lib/ambari-server/data/tmp
 ambari.python.wrap=ambari-python-wrap
-ambari-server.user=root
 
 server.connection.max.idle.millis=900000
 server.fqdn.service.url=http://169.254.169.254/latest/meta-data/public-hostname

http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
index 3ebebae..6ecc64d 100644
--- a/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
+++ b/ambari-server/src/main/python/ambari_server/dbConfiguration_linux.py
@@ -47,6 +47,8 @@ from ambari_server.serverConfiguration import encrypt_password, store_password_f
     JDBC_CONNECTION_POOL_IDLE_TEST_INTERVAL, JDBC_CONNECTION_POOL_MAX_AGE, JDBC_CONNECTION_POOL_MAX_IDLE_TIME,
\
     JDBC_CONNECTION_POOL_MAX_IDLE_TIME_EXCESS, JDBC_SQLA_SERVER_NAME
 
+from ambari_commons.constants import AMBARI_SUDO_BINARY
+
 from ambari_server.userInput import get_YN_input, get_validated_string_input, read_password
 from ambari_server.utils import get_postgre_hba_dir, get_postgre_running_status
 from ambari_server.ambariPath import AmbariPath
@@ -312,12 +314,12 @@ class LinuxDBMSConfig(DBMSConfig):
 # PostgreSQL configuration and setup
 class PGConfig(LinuxDBMSConfig):
   # PostgreSQL settings
-  SETUP_DB_CMD = ['su', '-', 'postgres',
+  SETUP_DB_CMD = [AMBARI_SUDO_BINARY, 'su', 'postgres', '-', 
                   '--command=psql -f {0} -v username=\'"{1}"\' -v password="\'{2}\'" -v dbname="{3}"']
-  UPGRADE_STACK_CMD = ['su', 'postgres',
+  UPGRADE_STACK_CMD = [AMBARI_SUDO_BINARY, 'su', 'postgres',
                        '--command=psql -f {0} -v stack_name="\'{1}\'"  -v stack_version="\'{2}\'"
-v dbname="{3}"']
 
-  CHANGE_OWNER_COMMAND = ['su', '-', 'postgres',
+  CHANGE_OWNER_COMMAND = [AMBARI_SUDO_BINARY, 'su', 'postgres', '-',
                           '--command=' + AmbariPath.get("/var/lib/ambari-server/resources/scripts/change_owner.sh")
+ ' -d {0} -s {1} -o {2}']
 
   PG_ERROR_BLOCKED = "is being accessed by other users"

http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/src/main/python/ambari_server/serverConfiguration.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverConfiguration.py b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
index 3df1663..26a0098 100644
--- a/ambari-server/src/main/python/ambari_server/serverConfiguration.py
+++ b/ambari-server/src/main/python/ambari_server/serverConfiguration.py
@@ -326,7 +326,7 @@ class ServerConfigDefaults(object):
 
     #Standard messages
     self.MESSAGE_SERVER_RUNNING_AS_ROOT = ""
-    self.MESSAGE_ERROR_SETUP_NOT_ROOT = ""
+    self.MESSAGE_WARN_SETUP_NOT_ROOT = ""
     self.MESSAGE_ERROR_RESET_NOT_ROOT = ""
     self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = ""
     self.MESSAGE_CHECK_FIREWALL = ""
@@ -381,7 +381,7 @@ class ServerConfigDefaultsWindows(ServerConfigDefaults):
 
     #Standard messages
     self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with 'root' privileges."
-    self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup must be run with administrator-level
privileges"
+    self.MESSAGE_WARN_SETUP_NOT_ROOT = "Ambari-server setup is run with root-level privileges,
passwordless sudo access for some commands commands may be required"
     self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset must be run with administrator-level
privileges"
     self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with administrator-level
privileges"
     self.MESSAGE_CHECK_FIREWALL = "Checking firewall status..."
@@ -391,7 +391,7 @@ class ServerConfigDefaultsLinux(ServerConfigDefaults):
   def __init__(self):
     super(ServerConfigDefaultsLinux, self).__init__()
     # JDK
-    self.JDK_INSTALL_DIR = "/usr/jdk64"
+    self.JDK_INSTALL_DIR = AmbariPath.get("/usr/jdk64")
     self.JDK_SEARCH_PATTERN = "jdk*"
     self.JAVA_EXE_SUBPATH = "bin/java"
 
@@ -410,12 +410,12 @@ class ServerConfigDefaultsLinux(ServerConfigDefaults):
     self.NR_ADJUST_OWNERSHIP_LIST = [
       (AmbariPath.get("/var/log/ambari-server/"), "644", "{0}", True),
       (AmbariPath.get("/var/log/ambari-server/"), "755", "{0}", False),
-      (AmbariPath.get("/var/run/ambari-server/"), "644", "{0}", True),
+      (AmbariPath.get("/var/run/ambari-server/*"), "644", "{0}", True),
       (AmbariPath.get("/var/run/ambari-server/"), "755", "{0}", False),
       (AmbariPath.get("/var/run/ambari-server/bootstrap"), "755", "{0}", False),
       (AmbariPath.get("/var/lib/ambari-server/ambari-env.sh"), "700", "{0}", False),
       (AmbariPath.get("/var/lib/ambari-server/ambari-sudo.sh"), "700", "{0}", False),
-      (AmbariPath.get("/var/lib/ambari-server/keys/"), "600", "{0}", True),
+      (AmbariPath.get("/var/lib/ambari-server/keys/*"), "600", "{0}", True),
       (AmbariPath.get("/var/lib/ambari-server/keys/"), "700", "{0}", False),
       (AmbariPath.get("/var/lib/ambari-server/keys/db/"), "700", "{0}", False),
       (AmbariPath.get("/var/lib/ambari-server/keys/db/newcerts/"), "700", "{0}", False),
@@ -424,10 +424,10 @@ class ServerConfigDefaultsLinux(ServerConfigDefaults):
       (AmbariPath.get("/var/lib/ambari-server/resources/stacks/"), "755", "{0}", True),
       (AmbariPath.get("/var/lib/ambari-server/resources/custom_actions/"), "755", "{0}",
True),
       (AmbariPath.get("/var/lib/ambari-server/resources/host_scripts/"), "755", "{0}", True),
-      (AmbariPath.get("/var/lib/ambari-server/resources/views/"), "644", "{0}", True),
+      (AmbariPath.get("/var/lib/ambari-server/resources/views/*"), "644", "{0}", True),
       (AmbariPath.get("/var/lib/ambari-server/resources/views/"), "755", "{0}", False),
       (AmbariPath.get("/var/lib/ambari-server/resources/views/work/"), "755", "{0}", True),
-      (AmbariPath.get("/etc/ambari-server/conf/"), "644", "{0}", True),
+      (AmbariPath.get("/etc/ambari-server/conf/*"), "644", "{0}", True),
       (AmbariPath.get("/etc/ambari-server/conf/"), "755", "{0}", False),
       (AmbariPath.get("/etc/ambari-server/conf/password.dat"), "640", "{0}", False),
       (AmbariPath.get("/var/lib/ambari-server/keys/pass.txt"), "600", "{0}", False),
@@ -463,7 +463,7 @@ class ServerConfigDefaultsLinux(ServerConfigDefaults):
 
     #Standard messages
     self.MESSAGE_SERVER_RUNNING_AS_ROOT = "Ambari Server running with administrator privileges."
-    self.MESSAGE_ERROR_SETUP_NOT_ROOT = "Ambari-server setup should be run with root-level
privileges"
+    self.MESSAGE_WARN_SETUP_NOT_ROOT = "Ambari-server setup is run with root-level privileges,
passwordless sudo access for some commands commands may be required"
     self.MESSAGE_ERROR_RESET_NOT_ROOT = "Ambari-server reset should be run with root-level
privileges"
     self.MESSAGE_ERROR_UPGRADE_NOT_ROOT = "Ambari-server upgrade must be run with root-level
privileges"
     self.MESSAGE_CHECK_FIREWALL = "Checking firewall status..."

http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/src/main/python/ambari_server/serverSetup.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/serverSetup.py b/ambari-server/src/main/python/ambari_server/serverSetup.py
index 643aebd..7f6a7e3 100644
--- a/ambari-server/src/main/python/ambari_server/serverSetup.py
+++ b/ambari-server/src/main/python/ambari_server/serverSetup.py
@@ -24,6 +24,7 @@ import re
 import shutil
 import sys
 import subprocess
+import getpass
 
 from ambari_commons.exceptions import FatalException
 from ambari_commons.firewall import Firewall
@@ -47,6 +48,8 @@ from ambari_server.utils import locate_file
 from ambari_server.serverClassPath import ServerClassPath
 from ambari_server.ambariPath import AmbariPath
 
+from ambari_commons.constants import AMBARI_SUDO_BINARY
+
 # selinux commands
 GET_SE_LINUX_ST_CMD = locate_file('sestatus', '/usr/sbin')
 SE_SETENFORCE_CMD = "setenforce 0"
@@ -307,14 +310,14 @@ class AmbariUserChecksLinux(AmbariUserChecks):
 
     self.NR_USER_CHANGE_PROMPT = "Ambari-server daemon is configured to run under user '{0}'.
Change this setting [y/n] ({1})? "
     self.NR_USER_CUSTOMIZE_PROMPT = "Customize user account for ambari-server daemon [y/n]
({0})? "
-    self.NR_DEFAULT_USER = "root"
+    self.NR_DEFAULT_USER = getpass.getuser()
 
     self.NR_USERADD_CMD = 'useradd -M --comment "{1}" ' \
                           '--shell %s ' % locate_file('nologin', '/sbin') + '-d ' + AmbariPath.get('/var/lib/ambari-server/keys/')
+ ' {0}'
 
   def _create_custom_user(self):
     user = get_validated_string_input(
-      "Enter user account for ambari-server daemon (root):",
+      "Enter user account for ambari-server daemon ({0}):".format(self.user),
       self.user,
       "^[a-z_][a-z0-9_-]{1,31}$",
       "Invalid username.",
@@ -731,7 +734,7 @@ class JDKSetupLinux(JDKSetup):
       JDKRelease("jdk1.8", "Oracle JDK 1.8 + Java Cryptography Extension (JCE) Policy Files
8",
                  "http://public-repo-1.hortonworks.com/ARTIFACTS/jdk-8u60-linux-x64.tar.gz",
"jdk-8u60-linux-x64.tar.gz",
                  "http://public-repo-1.hortonworks.com/ARTIFACTS/jce_policy-8.zip", "jce_policy-8.zip",
-                 "/usr/jdk64/jdk1.8.0_40",
+                 AmbariPath.get("/usr/jdk64/jdk1.8.0_40"),
                  "(jdk.*)/jre")
     ]
 
@@ -1065,8 +1068,8 @@ def setup(options):
     raise FatalException(1, None)
 
   if not is_root():
-    err = configDefaults.MESSAGE_ERROR_SETUP_NOT_ROOT
-    raise FatalException(4, err)
+    warn_msg = configDefaults.MESSAGE_WARN_SETUP_NOT_ROOT
+    print warn_msg
 
   # proceed jdbc properties if they were set
   if _check_jdbc_options(options):

http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/src/main/python/ambari_server/setupSecurity.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/python/ambari_server/setupSecurity.py b/ambari-server/src/main/python/ambari_server/setupSecurity.py
index 36f6fa9..27a6ba5 100644
--- a/ambari-server/src/main/python/ambari_server/setupSecurity.py
+++ b/ambari-server/src/main/python/ambari_server/setupSecurity.py
@@ -120,12 +120,9 @@ def adjust_directory_permissions(ambari_user):
   bootstrap_dir = os.path.abspath(get_value_from_properties(properties, BOOTSTRAP_DIR_PROPERTY))
   print_info_msg("Cleaning bootstrap directory ({0}) contents...".format(bootstrap_dir))
 
-  shutil.rmtree(bootstrap_dir, True) #Ignore the non-existent dir error
-  #Protect against directories lingering around
-  del_attempts = 0
-  while os.path.exists(bootstrap_dir) and del_attempts < 100:
-    time.sleep(50)
-    del_attempts += 1
+  if os.path.exists(bootstrap_dir):
+    shutil.rmtree(bootstrap_dir) #Ignore the non-existent dir error
+
   if not os.path.exists(bootstrap_dir):
     try:
       os.makedirs(bootstrap_dir)
@@ -164,7 +161,7 @@ def adjust_directory_permissions(ambari_user):
   if java_home:
     jdk_security_dir = os.path.abspath(os.path.join(java_home, configDefaults.JDK_SECURITY_DIR))
     if(os.path.exists(jdk_security_dir)):
-      configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((jdk_security_dir, "644", "{0}", True))
+      configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((jdk_security_dir + "/*", "644", "{0}",
True))
       configDefaults.NR_ADJUST_OWNERSHIP_LIST.append((jdk_security_dir, "755", "{0}", False))
 
   # Grant read permissions to all users. This is required when a non-admin user is configured
to setup ambari-server.

http://git-wip-us.apache.org/repos/asf/ambari/blob/4019afa2/ambari-server/src/test/python/TestAmbariServer.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py
index c47cc67..901867c 100644
--- a/ambari-server/src/test/python/TestAmbariServer.py
+++ b/ambari-server/src/test/python/TestAmbariServer.py
@@ -1202,7 +1202,6 @@ class TestAmbariServer(TestCase):
     get_resources_location_mock.return_value = "dummy_resources_dir"
     exists_mock.return_value = False
     adjust_directory_permissions("user")
-    self.assertEquals(rmtree_mock.call_args_list[0][0][0], os.path.join(os.getcwd(), "dummy_bootstrap_dir"))
     self.assertTrue(mkdir_mock.called)
 
     set_file_permissions_mock.reset_mock()


Mime
View raw message