ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject [2/2] ambari git commit: AMBARI-17522. Handle Ranger Kms upgrade in kerberos env(Mugdha Varadkar via gautam)
Date Mon, 04 Jul 2016 05:30:34 GMT
AMBARI-17522. Handle Ranger Kms upgrade in kerberos env(Mugdha Varadkar via gautam)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a0970a76
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a0970a76
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a0970a76

Branch: refs/heads/branch-2.4
Commit: a0970a76e3c2dcd3705639cb2f6e73b09250adf6
Parents: 0b4e131
Author: Gautam Borad <gautam@apache.org>
Authored: Mon Jul 4 08:08:00 2016 +0530
Committer: Gautam Borad <gautam@apache.org>
Committed: Mon Jul 4 11:00:16 2016 +0530

----------------------------------------------------------------------
 .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py     | 16 +++++++++++-----
 .../RANGER_KMS/0.5.0.2.3/package/scripts/params.py  | 16 ++++++++++------
 2 files changed, 21 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/a0970a76/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
index 4d24893..0a8c7d3 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py
@@ -31,6 +31,7 @@ from resource_management.libraries.resources.modify_properties_file import
Modif
 from resource_management.core.source import DownloadSource, InlineTemplate
 from resource_management.core.exceptions import Fail
 from resource_management.core.logger import Logger
+from resource_management.libraries.functions.is_empty import is_empty
 from resource_management.libraries.functions.format import format
 from resource_management.libraries.functions.ranger_functions import Rangeradmin
 from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2
@@ -377,8 +378,13 @@ def enable_kms_plugin():
 
   if params.has_ranger_admin:
 
+    ranger_flag = False
+
     if params.stack_supports_ranger_kerberos and params.security_enabled:
-      ranger_flag = check_ranger_service_support_kerberos()
+      if not is_empty(params.rangerkms_principal) and params.rangerkms_principal != '':
+        ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.rangerkms_keytab,
params.rangerkms_principal)
+      else:
+        ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.spengo_keytab,
params.spnego_principal)
     else:
       ranger_flag = check_ranger_service()
 
@@ -560,22 +566,22 @@ def get_repo(url, name, usernamepassword):
   except socket.timeout as e:
     raise Fail("Error creating service. Reason - {0}".format(e))
 
-def check_ranger_service_support_kerberos():
+def check_ranger_service_support_kerberos(user, keytab, principal):
   import params
 
   policymgr_mgr_url = params.policymgr_mgr_url
   if policymgr_mgr_url.endswith('/'):
     policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
   ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url)
-  response_code = ranger_adm_obj.check_ranger_login_curl(params.kms_user, params.rangerkms_keytab,
params.rangerkms_principal, policymgr_mgr_url, True)
+  response_code = ranger_adm_obj.check_ranger_login_curl(user, keytab, principal, policymgr_mgr_url,
True)
 
   if response_code is not None and response_code[0] == 200:
-    get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(params.kms_user,
params.rangerkms_keytab, params.rangerkms_principal, params.repo_name, 'kms', 'true', is_keyadmin
= True)
+    get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(user, keytab, principal,
params.repo_name, 'kms', 'true', is_keyadmin = True)
     if get_repo_name_response is not None:
       Logger.info('KMS repository {0} exist'.format(get_repo_name_response['name']))
       return True
     else:
-      create_repo_response = ranger_adm_obj.create_repository_curl(params.kms_user, params.rangerkms_keytab,
params.rangerkms_principal, params.repo_name, json.dumps(params.kms_ranger_plugin_repo), None,
is_keyadmin = True)
+      create_repo_response = ranger_adm_obj.create_repository_curl(user, keytab, principal,
params.repo_name, json.dumps(params.kms_ranger_plugin_repo), None, is_keyadmin = True)
       if create_repo_response is not None and len(create_repo_response) > 0:
         return True
       else:

http://git-wip-us.apache.org/repos/asf/ambari/blob/a0970a76/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
index f887cc9..dfcad32 100755
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py
@@ -26,6 +26,7 @@ from resource_management.libraries.functions.default import default
 from resource_management.libraries.functions.stack_features import check_stack_feature
 from resource_management.libraries.functions import StackFeature
 from resource_management.libraries.functions.get_bare_principal import get_bare_principal
+from resource_management.libraries.functions.is_empty import is_empty
 
 config  = Script.get_config()
 tmp_dir = Script.get_tmp_dir()
@@ -236,13 +237,11 @@ rangerkms_bare_principal = 'rangerkms'
 
 if stack_supports_ranger_kerberos:
   if security_enabled:
-    rangerkms_principal = default("/configurations/dbks-site/ranger.ks.kerberos.principal",
None)
-    if rangerkms_principal is not None:
+    rangerkms_principal = config['configurations']['dbks-site']['ranger.ks.kerberos.principal']
+    if not is_empty(rangerkms_principal) and rangerkms_principal != '':
       rangerkms_bare_principal = get_bare_principal(rangerkms_principal)
       rangerkms_principal = rangerkms_principal.replace('_HOST', kms_host.lower())
-    kms_plugin_config['policy.download.auth.users'] = format('keyadmin,{rangerkms_bare_principal}')
-  else:
-    kms_plugin_config['policy.download.auth.users'] = 'keyadmin'
+  kms_plugin_config['policy.download.auth.users'] = format('keyadmin,{rangerkms_bare_principal}')
 
 kms_ranger_plugin_repo = {
   'isEnabled' : 'true',
@@ -255,4 +254,9 @@ kms_ranger_plugin_repo = {
 # ranger kms pid
 user_group = config['configurations']['cluster-env']['user_group']
 ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
-ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
\ No newline at end of file
+ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
+
+if security_enabled:
+  spengo_keytab = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab']
+  spnego_principal = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal']
+  spnego_principal = spnego_principal.replace('_HOST', current_host.lower())
\ No newline at end of file


Mime
View raw message