ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [22/50] [abbrv] ambari git commit: Revert "AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)"
Date Mon, 28 Nov 2016 19:23:16 GMT
Revert "AMBARI-18836. Remove group readable from hdfs headless keytab (Shi Wang via rlevas)"

This reverts commit 38076327525986b780942f33eff01d2de4a70ce2.


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4551c9f9
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4551c9f9
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4551c9f9

Branch: refs/heads/branch-dev-patch-upgrade
Commit: 4551c9f9cbc3e1723a331b038dfee954098f3b44
Parents: 29db227
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Wed Nov 23 09:32:37 2016 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Wed Nov 23 09:32:37 2016 -0500

----------------------------------------------------------------------
 .../common-services/HDFS/2.1.0.2.0/kerberos.json          |  2 +-
 .../HIVE/0.12.0.2.0/package/scripts/webhcat.py            | 10 ++++++++++
 .../resources/stacks/HDP/2.5/services/HDFS/kerberos.json  |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
index f30c9e4..e8c96cb 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json
@@ -56,7 +56,7 @@
                 },
                 "group": {
                   "name": "${cluster-env/user_group}",
-                  "access": ""
+                  "access": "r"
                 },
                 "configuration": "hadoop-env/hdfs_user_keytab"
               }

http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
index 00b057c..a7feb60 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat.py
@@ -70,6 +70,16 @@ def webhcat():
             group=params.user_group,
             cd_access="a")
 
+  if params.security_enabled:
+    kinit_if_needed = format("{kinit_path_local} -kt {hdfs_user_keytab} {hdfs_principal_name};")
+  else:
+    kinit_if_needed = ""
+
+  if kinit_if_needed:
+    Execute(kinit_if_needed,
+            user=params.webhcat_user,
+            path='/bin'
+    )
 
   # Replace _HOST with hostname in relevant principal-related properties
   webhcat_site = params.config['configurations']['webhcat-site'].copy()

http://git-wip-us.apache.org/repos/asf/ambari/blob/4551c9f9/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
index 9000e95..974a69c 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HDFS/kerberos.json
@@ -66,7 +66,7 @@
                 },
                 "group": {
                   "name": "${cluster-env/user_group}",
-                  "access": ""
+                  "access": "r"
                 },
                 "configuration": "hadoop-env/hdfs_user_keytab"
               }


Mime
View raw message