ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-16801. MAPREDUCE2_SERVICE_CHECK failed on secured cluster (rlevas)
Date Tue, 24 May 2016 18:51:11 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 9b2ac8204 -> e14ee5795


AMBARI-16801. MAPREDUCE2_SERVICE_CHECK failed on secured cluster (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e14ee579
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e14ee579
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e14ee579

Branch: refs/heads/trunk
Commit: e14ee579587917e129a758316320783a0055228b
Parents: 9b2ac82
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Tue May 24 14:50:58 2016 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Tue May 24 14:51:05 2016 -0400

----------------------------------------------------------------------
 .../libraries/functions/security_commons.py          |  4 ++++
 .../package/scripts/mapred_service_check.py          | 11 +++++------
 .../2.0.6/YARN/test_mapreduce2_service_check.py      | 15 +++++++--------
 3 files changed, 16 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/e14ee579/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
index 4ce2a5a..8282dc5 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/security_commons.py
@@ -222,6 +222,10 @@ def new_cached_exec(key, file_path, kinit_path, temp_dir, exec_user,
keytab_file
   os.close(temp_kinit_cache_fd)
 
   try:
+    # Ensure the proper user owns this file
+    File(temp_kinit_cache_filename, owner=exec_user, mode=0600)
+
+    # Execute the kinit
     Execute(command, user=exec_user)
 
     with open(file_path, 'w+') as cache_file:

http://git-wip-us.apache.org/repos/asf/ambari/blob/e14ee579/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py
b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py
index 02fa57a..13172ee 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/mapred_service_check.py
@@ -23,7 +23,6 @@ import sys
 from resource_management import *
 from ambari_commons import OSConst
 from ambari_commons.os_family_impl import OsFamilyImpl
-from resource_management.libraries.functions.security_commons import cached_kinit_executor
 
 
 class MapReduce2ServiceCheck(Script):
@@ -136,8 +135,8 @@ class MapReduce2ServiceCheckDefault(MapReduce2ServiceCheck):
 
     # initialize the ticket
     if params.security_enabled:
-      cached_kinit_executor(params.kinit_path_local, params.smokeuser, params.smoke_user_keytab,
-                            params.smokeuser_principal, params.hostname, params.tmp_dir)
+      kinit_cmd = format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal};")
+      Execute(kinit_cmd, user=params.smokeuser)
 
     ExecuteHadoop(run_wordcount_job,
                   tries=1,
@@ -147,10 +146,10 @@ class MapReduce2ServiceCheckDefault(MapReduce2ServiceCheck):
                   conf_dir=params.hadoop_conf_dir,
                   logoutput=True)
 
-    # the ticket may have expired, so re-initialize if needed
+    # the ticket may have expired, so re-initialize
     if params.security_enabled:
-      cached_kinit_executor(params.kinit_path_local, params.smokeuser, params.smoke_user_keytab,
-                            params.smokeuser_principal, params.hostname, params.tmp_dir)
+      kinit_cmd = format("{kinit_path_local} -kt {smoke_user_keytab} {smokeuser_principal};")
+      Execute(kinit_cmd, user=params.smokeuser)
 
     ExecuteHadoop(test_cmd,
                   user=params.smokeuser,

http://git-wip-us.apache.org/repos/asf/ambari/blob/e14ee579/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_service_check.py
b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_service_check.py
index eef0faf..5f97efe 100644
--- a/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_service_check.py
+++ b/ambari-server/src/test/python/stacks/2.0.6/YARN/test_mapreduce2_service_check.py
@@ -91,8 +91,7 @@ class TestServiceCheck(RMFTestCase):
     )
     self.assertNoMoreResources()
 
-  @patch("resource_management.libraries.functions.security_commons.cached_kinit_executor")
-  def test_service_check_secured(self, cached_kinit_mock):
+  def test_service_check_secured(self):
 
     self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/mapred_service_check.py",
                       classname="MapReduce2ServiceCheck",
@@ -137,12 +136,9 @@ class TestServiceCheck(RMFTestCase):
         action = ['execute'], hdfs_resource_ignore_file='/var/lib/ambari-agent/data/.hdfs_resource_ignore',
hdfs_site=self.getConfig()['configurations']['hdfs-site'], principal_name='hdfs', default_fs='hdfs://c6401.ambari.apache.org:8020',
         hadoop_conf_dir = '/etc/hadoop/conf',
     )
-
-    self.assertTrue(2, cached_kinit_mock.call_count)
-    cached_kinit_mock.assert_called_with('/usr/bin/kinit', 'ambari-qa',
-                                         '/etc/security/keytabs/smokeuser.headless.keytab',
-                                         'ambari-qa@EXAMPLE.COM', 'c6401.ambari.apache.org',
'/tmp')
-
+    self.assertResourceCalled('Execute', '/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab
ambari-qa@EXAMPLE.COM;',
+        user = 'ambari-qa',
+    )
     self.assertResourceCalled('ExecuteHadoop', 'jar /usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples-2.*.jar
wordcount /user/ambari-qa/mapredsmokeinput /user/ambari-qa/mapredsmokeoutput',
                       logoutput = True,
                       try_sleep = 5,
@@ -151,6 +147,9 @@ class TestServiceCheck(RMFTestCase):
                       user = 'ambari-qa',
                       conf_dir = '/etc/hadoop/conf',
     )
+    self.assertResourceCalled('Execute', '/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab
ambari-qa@EXAMPLE.COM;',
+                              user = 'ambari-qa',
+                              )
     self.assertResourceCalled('ExecuteHadoop', 'fs -test -e /user/ambari-qa/mapredsmokeoutput',
                       user = 'ambari-qa',
                       bin_dir = "/bin:/usr/bin:/usr/lib/hadoop-yarn/bin",


Mime
View raw message