ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jlun...@apache.org
Subject ambari git commit: AMBARI-16874 Add capability to derive required core-site.xml properties in case if not already available (Mugdha Varadkar via jluniya)
Date Thu, 26 May 2016 05:55:53 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.4 43aad1bde -> 14d8e72d3


AMBARI-16874 Add capability to derive required core-site.xml properties in case if not already
available (Mugdha Varadkar via jluniya)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/14d8e72d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/14d8e72d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/14d8e72d

Branch: refs/heads/branch-2.4
Commit: 14d8e72d3156ecfcf8467141f8c2aae177421178
Parents: 43aad1b
Author: Jayush Luniya <jluniya@hortonworks.com>
Authored: Wed May 25 22:54:37 2016 -0700
Committer: Jayush Luniya <jluniya@hortonworks.com>
Committed: Wed May 25 22:55:45 2016 -0700

----------------------------------------------------------------------
 .../KAFKA/0.8.1/package/scripts/params.py       |  2 +-
 .../RANGER/0.4.0/package/scripts/params.py      | 33 +++++++++++++++++++-
 .../0.4.0/package/scripts/setup_ranger_xml.py   | 14 +++++----
 .../STORM/0.9.1/package/scripts/params_linux.py |  2 +-
 .../RANGER_KMS/configuration/dbks-site.xml      |  2 +-
 5 files changed, 43 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/14d8e72d/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
index 7a68a32..09878ba 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
@@ -261,7 +261,7 @@ if has_ranger_admin and is_supported_kafka_ranger:
   ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
   if xml_configurations_supported and stack_supports_ranger_audit_db:
     xa_audit_db_is_enabled = config['configurations']['ranger-kafka-audit']['xasecure.audit.destination.db']
-  xa_audit_hdfs_is_enabled = config['configurations']['ranger-kafka-audit']['xasecure.audit.destination.hdfs']
if xml_configurations_supported else None
+  xa_audit_hdfs_is_enabled = default('/configurations/ranger-kafka-audit/xasecure.audit.destination.hdfs',
False)
   ssl_keystore_password = unicode(config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
if xml_configurations_supported else None
   ssl_truststore_password = unicode(config['configurations']['ranger-kafka-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
if xml_configurations_supported else None
   credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported
else None

http://git-wip-us.apache.org/repos/asf/ambari/blob/14d8e72d/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 3bd3b49..c1da351 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -27,6 +27,7 @@ from resource_management.libraries.functions.is_empty import is_empty
 from resource_management.libraries.functions.constants import Direction
 from resource_management.libraries.functions.stack_features import check_stack_feature
 from resource_management.libraries.functions import StackFeature
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
 
 # a map of the Ambari role to the component name
 # for use with <stack-root>/current/<component>
@@ -265,4 +266,34 @@ logsearch_solr_znode = config['configurations']['logsearch-solr-env']['logsearch
 ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
 logsearch_solr_hosts = default("/clusterHostInfo/logsearch_solr_hosts", [])
 replication_factor = 2 if len(logsearch_solr_hosts) > 1 else 1
-has_logsearch = len(logsearch_solr_hosts) > 0
\ No newline at end of file
+has_logsearch = len(logsearch_solr_hosts) > 0
+
+# logic to create core-site.xml if hdfs not installed
+if stack_supports_ranger_kerberos and not has_namenode:
+  core_site_property = {
+    'hadoop.security.authentication': 'kerberos' if security_enabled else 'simple'
+  }
+
+  if security_enabled:
+    ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
+    ranger_usersync_principal = config['configurations']['ranger-ugsync-site']['ranger.usersync.kerberos.principal']
+    ranger_admin_bare_principal = get_bare_principal(ranger_admin_principal)
+    ranger_usersync_bare_principal = get_bare_principal(ranger_usersync_principal)
+
+    rule_dict = [
+      {'principal': ranger_admin_bare_principal, 'user': unix_user},
+      {'principal': ranger_usersync_bare_principal, 'user': 'rangerusersync'},
+    ]
+
+    if has_ranger_tagsync:
+      ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
+      ranger_tagsync_bare_principal = get_bare_principal(ranger_tagsync_principal)
+      rule_dict.append({'principal': ranger_tagsync_bare_principal, 'user': 'rangertagsync'})
+
+    core_site_auth_to_local_property = ''
+    for item in range(len(rule_dict)):
+      rule_line = 'RULE:[2:$1@$0]({0}@EXAMPLE.COM)s/.*/{1}/\n'.format(rule_dict[item]['principal'],
rule_dict[item]['user'])
+      core_site_auth_to_local_property = rule_line + core_site_auth_to_local_property
+
+    core_site_auth_to_local_property = core_site_auth_to_local_property + 'DEFAULT'
+    core_site_property['hadoop.security.auth_to_local'] = core_site_auth_to_local_property

http://git-wip-us.apache.org/repos/asf/ambari/blob/14d8e72d/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index 0046e84..f06f58a 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -519,12 +519,14 @@ def create_core_site_xml(conf_dir):
                 mode=0644
       )
     else:
-      Logger.warning('HDFS service not installed. Creating blank core-site.xml file.')
-      File(format('{conf_dir}/core-site.xml'),
-           content = '<configuration></configuration>',
-           owner = params.unix_user,
-           group = params.unix_group,
-           mode=0644
+      Logger.warning('HDFS service not installed. Creating core-site.xml file.')
+      XmlConfig("core-site.xml",
+        conf_dir=conf_dir,
+        configurations=params.core_site_property,
+        configuration_attributes={},
+        owner=params.unix_user,
+        group=params.unix_group,
+        mode=0644
       )
 
 def setup_ranger_audit_solr():

http://git-wip-us.apache.org/repos/asf/ambari/blob/14d8e72d/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
index 87dfaf1..978ad92 100644
--- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py
@@ -321,7 +321,7 @@ if has_ranger_admin:
   ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
   if xml_configurations_supported and stack_supports_ranger_audit_db:
     xa_audit_db_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.db']
-  xa_audit_hdfs_is_enabled = config['configurations']['ranger-storm-audit']['xasecure.audit.destination.hdfs']
if xml_configurations_supported else None
+  xa_audit_hdfs_is_enabled = default('/configurations/ranger-storm-audit/xasecure.audit.destination.hdfs',
False)
   ssl_keystore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
if xml_configurations_supported else None
   ssl_truststore_password = unicode(config['configurations']['ranger-storm-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
if xml_configurations_supported else None
   credential_file = format('/etc/ranger/{repo_name}/cred.jceks') if xml_configurations_supported
else None

http://git-wip-us.apache.org/repos/asf/ambari/blob/14d8e72d/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
index fca42b3..c2f34e0 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml
@@ -53,7 +53,7 @@
 
   <property>
     <name>ranger.ks.hsm.partition.name</name>
-    <display-name>HSM partition name</display-name>
+    <display-name>HSM partition name. In case of HSM HA enter the group name</display-name>
     <value>par19</value>
     <description></description>
   </property>


Mime
View raw message