ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jai...@apache.org
Subject ambari git commit: AMBARI-17763 Populating Ranger Tagsync principal/keytab using stack advisor. (Mugdha via Jaimin)
Date Mon, 18 Jul 2016 16:43:58 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.4 eed73ae35 -> b2f422f40


AMBARI-17763 Populating Ranger Tagsync principal/keytab using stack advisor. (Mugdha via Jaimin)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b2f422f4
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b2f422f4
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b2f422f4

Branch: refs/heads/branch-2.4
Commit: b2f422f40892ee08b2e7ef0cac86e8da01f6b16b
Parents: eed73ae
Author: Jaimin Jetly <jaimin@hortonworks.com>
Authored: Mon Jul 18 09:47:50 2016 -0700
Committer: Jaimin Jetly <jaimin@hortonworks.com>
Committed: Mon Jul 18 09:47:50 2016 -0700

----------------------------------------------------------------------
 .../common-services/RANGER/0.6.0/kerberos.json  |  4 +-
 .../stacks/HDP/2.5/services/stack_advisor.py    | 39 ++++++++++++++++++--
 2 files changed, 37 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/b2f422f4/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
index 91a0032..564c57b 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.6.0/kerberos.json
@@ -116,8 +116,8 @@
                 "atlas.jaas.KafkaClient.option.useKeyTab": "true",
                 "atlas.jaas.KafkaClient.option.storeKey": "true",
                 "atlas.jaas.KafkaClient.option.serviceName": "kafka",
-                "atlas.jaas.KafkaClient.option.keyTab": "{{tagsync_keytab_path}}",
-                "atlas.jaas.KafkaClient.option.principal": "{{tagsync_jaas_principal}}",
+                "atlas.jaas.KafkaClient.option.keyTab": "${ranger-tagsync-site/ranger.tagsync.kerberos.keytab}",
+                "atlas.jaas.KafkaClient.option.principal": "${ranger-tagsync-site/ranger.tagsync.kerberos.principal}",
                 "atlas.kafka.sasl.kerberos.service.name": "kafka",
                 "atlas.kafka.security.protocol": "PLAINTEXTSASL"
               }

http://git-wip-us.apache.org/repos/asf/ambari/blob/b2f422f4/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index b84910a..db3614f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -1507,16 +1507,47 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
   def recommendRangerConfigurations(self, configurations, clusterData, services, hosts):
     super(HDP25StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData,
services, hosts)
     servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+    has_ranger_tagsync = False
+    security_enabled = self.isSecurityEnabled(services)
+    ranger_tagsync_site = getServicesSiteProperties(services, "ranger-tagsync-site")
 
     putTagsyncAppProperty = self.putProperty(configurations, "tagsync-application-properties",
services)
+    putTagsyncAppPropertyAttributes = self.putPropertyAttribute(configurations, "tagsync-application-properties")
     putTagsyncSiteProperty = self.putProperty(configurations, "ranger-tagsync-site", services)
     putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
     putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
 
-    has_ranger_tagsync = False
-    if 'RANGER' in servicesList:
-      ranger_tagsync_host = self.__getHostsForComponent(services, "RANGER", "RANGER_TAGSYNC")
-      has_ranger_tagsync = len(ranger_tagsync_host) > 0
+    ranger_tagsync_host = self.__getHostsForComponent(services, "RANGER", "RANGER_TAGSYNC")
+    has_ranger_tagsync = len(ranger_tagsync_host) > 0
+
+    if has_ranger_tagsync:
+      tagsync_keytab_path = ''
+      tagsync_principal = ''
+      if ranger_tagsync_site is not None:
+        tagsync_keytab_path = ranger_tagsync_site.get('ranger.tagsync.kerberos.keytab')
+        tagsync_principal = ranger_tagsync_site.get('ranger.tagsync.kerberos.principal')
+        tagsync_principal = tagsync_principal.replace('_HOST', ranger_tagsync_host[0].lower())
+
+      if security_enabled:
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.loginModuleName', 'com.sun.security.auth.module.Krb5LoginModule')
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.loginModuleControlFlag', 'required')
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.useKeyTab', 'true')
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.storeKey', 'true')
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.serviceName', 'kafka')
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.keyTab', tagsync_keytab_path)
+        putTagsyncAppProperty('atlas.jaas.KafkaClient.option.principal', tagsync_principal)
+        putTagsyncAppProperty('atlas.kafka.sasl.kerberos.service.name', 'kafka')
+        putTagsyncAppProperty('atlas.kafka.security.protocol', 'PLAINTEXTSASL')
+      else:
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.loginModuleName', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.loginModuleControlFlag',
'delete', 'true')
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.useKeyTab', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.storeKey', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.serviceName', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.keyTab', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.jaas.KafkaClient.option.principal', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.kafka.sasl.kerberos.service.name', 'delete',
'true')
+        putTagsyncAppPropertyAttributes('atlas.kafka.security.protocol', 'delete', 'true')
 
     if 'ATLAS' in servicesList and has_ranger_tagsync:
       atlas_hosts = self.getHostNamesWithComponent("ATLAS", "ATLAS_SERVER", services)


Mime
View raw message