ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alejan...@apache.org
Subject ambari git commit: AMBARI-17952. Add nimbus.impersontation.acl on upgrade (Sriharsha Chintalapani via alejandro) [Forced Update!]
Date Fri, 05 Aug 2016 22:05:37 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk f9a4580b9 -> c0dd9681d (forced update)


AMBARI-17952. Add nimbus.impersontation.acl on upgrade (Sriharsha Chintalapani via alejandro)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c0dd9681
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c0dd9681
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c0dd9681

Branch: refs/heads/trunk
Commit: c0dd9681d0a9c8b204747bf50f08c791f8292c52
Parents: 268f5cb
Author: Alejandro Fernandez <afernandez@hortonworks.com>
Authored: Fri Aug 5 15:08:02 2016 -0700
Committer: Alejandro Fernandez <afernandez@hortonworks.com>
Committed: Fri Aug 5 15:08:19 2016 -0700

----------------------------------------------------------------------
 .../stacks/HDP/2.3/upgrades/config-upgrade.xml   | 17 +++++++++++++++++
 .../HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml  |  3 +++
 .../stacks/HDP/2.3/upgrades/upgrade-2.5.xml      |  1 +
 .../stacks/HDP/2.4/upgrades/config-upgrade.xml   | 19 +++++++++++++++++++
 .../HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml  |  2 ++
 .../stacks/HDP/2.4/upgrades/upgrade-2.5.xml      |  1 +
 .../stacks/HDP/2.5/services/stack_advisor.py     |  8 +++++---
 7 files changed, 48 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
index 9b4ef8c..50f2011 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml
@@ -494,6 +494,23 @@
                      replace-with="org.apache.storm.security.auth.KerberosPrincipalToLocal"
/>
             <set key="client.jartransformer.class" value="org.apache.storm.hack.StormShadeTransformer"
/>
           </definition>
+          <definition xsi:type="configure" id="hdp_2_5_0_0_add_storm_security_configs">
+            <condition type="cluster-env" key="security_enabled" value="true">
+              <type>storm-site</type>
+              <key>nimbus.impersonation.authorizer</key>
+              <value>org.apache.storm.security.auth.authorizer.ImpersonationAuthorizer</value>
+            </condition>
+            <condition type="cluster-env" key="security_enabled" value="true">
+              <type>storm-site</type>
+              <key>nimbus.impersonation.acl</key>
+              <value>"{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}}"</value>
+            </condition>
+            <condition type="cluster-env" key="security_enabled" value="true">
+              <type>storm-site</type>
+              <key>nimbus.admins</key>
+              <value>"['{{storm_bare_jaas_principal}}', '{{ambari_bare_jaas_principal}}']"</value>
+            </condition>
+          </definition>
 
           <!-- All of these configs are present in Atlas' application.properties file
instead and then copied to the hook's atlas-application.properties file. -->
           <definition xsi:type="configure" id="hdp_2_5_0_0_remove_storm_atlas_configs">

http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
index 4c09f43..0d15c14 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.5.xml
@@ -1,3 +1,4 @@
+
 <?xml version="1.0"?>
 <!--
    Licensed to the Apache Software Foundation (ASF) under one or more
@@ -431,6 +432,8 @@
       <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for
Storm">
         <!-- Remove Atlas configs that were incorrectly added to storm-site instead of
Atlas' application.properties. -->
         <task xsi:type="configure" id="hdp_2_5_0_0_remove_storm_atlas_configs"/>
+        <!-- Add nimbus.impersonation acls . -->
+        <task xsi:type="configure" id="hdp_2_5_0_0_add_storm_security_configs" />
       </execute-stage>
     </group>
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
index c4f7a4e..b36bd25 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.5.xml
@@ -1010,6 +1010,7 @@
             <script>scripts/storm_upgrade.py</script>
             <function>delete_storm_local_data</function>
           </task>
+          <task xsi:type="configure" id="hdp_2_5_0_0_add_storm_security_configs" />
         </pre-upgrade>
 
         <pre-downgrade>

http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
index 29134a3..abd8b1f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml
@@ -269,6 +269,7 @@
             <transfer operation="delete" delete-key="xasecure.audit.credential.provider.file"
/>
             <transfer operation="delete" delete-key="xasecure.audit.destination.db.batch.filespool.dir"
/>
           </definition>
+
           
           <definition xsi:type="configure" id="hdp_2_5_0_0_upgrade_storm_1.0">
             <type>storm-site</type>
@@ -296,6 +297,24 @@
                      replace-with="org.apache.storm.security.auth.KerberosPrincipalToLocal"
/>
             <set key="client.jartransformer.class" value="org.apache.storm.hack.StormShadeTransformer"
/>
           </definition>
+          
+          <definition xsi:type="configure" id="hdp_2_5_0_0_add_storm_security_configs">
+            <condition type="cluster-env" key="security_enabled" value="true">
+              <type>storm-site</type>
+              <key>nimbus.impersonation.authorizer</key>
+              <value>org.apache.storm.security.auth.authorizer.ImpersonationAuthorizer</value>
+            </condition>
+            <condition type="cluster-env" key="security_enabled" value="true">
+              <type>storm-site</type>
+              <key>nimbus.impersonation.acl</key>
+              <value>"{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}}"</value>
+            </condition>
+            <condition type="cluster-env" key="security_enabled" value="true">
+              <type>storm-site</type>
+              <key>nimbus.admins</key>
+              <value>"['{{storm_bare_jaas_principal}}', '{{ambari_bare_jaas_principal}}']"</value>
+            </condition>
+          </definition>
 
           <!-- All of these configs are present in Atlas' application.properties file
instead and then copied to the hook's atlas-application.properties file. -->
           <definition xsi:type="configure" id="hdp_2_5_0_0_remove_storm_atlas_configs">

http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
index 698d0dc..0733f03 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.5.xml
@@ -377,6 +377,8 @@
       <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for
Storm">
         <!-- Remove Atlas configs that were incorrectly added to storm-site instead of
Atlas' application.properties. -->
         <task xsi:type="configure" id="hdp_2_5_0_0_remove_storm_atlas_configs"/>
+        <!-- Add nimbus.impersonation acls . -->
+        <task xsi:type="configure" id="hdp_2_5_0_0_add_storm_security_configs" />
       </execute-stage>
 
       <!-- KAFKA -->

http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
index 5eec929..cc15bbd 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.5.xml
@@ -966,6 +966,7 @@
             <script>scripts/storm_upgrade.py</script>
             <function>delete_storm_local_data</function>
           </task>
+          <task xsi:type="configure" id="hdp_2_5_0_0_add_storm_security_configs" />
         </pre-upgrade>
 
         <pre-downgrade>

http://git-wip-us.apache.org/repos/asf/ambari/blob/c0dd9681/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
index eddccdb..92a378b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/stack_advisor.py
@@ -425,12 +425,14 @@ class HDP25StackAdvisor(HDP24StackAdvisor):
     putStormSiteProperty = self.putProperty(configurations, "storm-site", services)
     putStormSiteAttributes = self.putPropertyAttribute(configurations, "storm-site")
     security_enabled = (storm_site is not None and "storm.zookeeper.superACL" in storm_site)
+    
     if security_enabled:
       _storm_principal_name = services['configurations']['storm-env']['properties']['storm_principal_name']
       storm_bare_jaas_principal = get_bare_principal(_storm_principal_name)
-      storm_nimbus_impersonation_acl = storm_site["nimbus.impersonation.acl"]
-      storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}', storm_bare_jaas_principal)
-      putStormSiteProperty('nimbus.impersonation.acl', storm_nimbus_impersonation_acl)
+      if 'nimbus.impersonation.acl' in storm_site:  
+        storm_nimbus_impersonation_acl = storm_site["nimbus.impersonation.acl"]
+        storm_nimbus_impersonation_acl.replace('{{storm_bare_jaas_principal}}', storm_bare_jaas_principal)
+        putStormSiteProperty('nimbus.impersonation.acl', storm_nimbus_impersonation_acl)
     rangerPluginEnabled = ''
     if 'ranger-storm-plugin-properties' in configurations and 'ranger-storm-plugin-enabled'
in  configurations['ranger-storm-plugin-properties']['properties']:
       rangerPluginEnabled = configurations['ranger-storm-plugin-properties']['properties']['ranger-storm-plugin-enabled']


Mime
View raw message