ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [07/31] ambari git commit: AMBARI-18829. Allow Ambari to manage Kafka's Custom JAAS Config (smohanty)
Date Wed, 16 Nov 2016 14:39:37 GMT
AMBARI-18829. Allow Ambari to manage Kafka's Custom JAAS Config (smohanty)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5a32eda8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5a32eda8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5a32eda8

Branch: refs/heads/branch-feature-AMBARI-18634
Commit: 5a32eda86a01c558dc191d5516d4d7b4e8051d57
Parents: ce46060
Author: Sumit Mohanty <smohanty@hortonworks.com>
Authored: Mon Nov 14 21:04:41 2016 -0800
Committer: Sumit Mohanty <smohanty@hortonworks.com>
Committed: Mon Nov 14 21:05:32 2016 -0800

----------------------------------------------------------------------
 .../configuration/kafka_client_jaas_conf.xml    | 41 ++++++++++++++
 .../0.8.1/configuration/kafka_jaas_conf.xml     | 59 ++++++++++++++++++++
 .../common-services/KAFKA/0.8.1/metainfo.xml    |  2 +
 .../KAFKA/0.8.1/package/scripts/kafka.py        | 12 ++++
 .../KAFKA/0.8.1/package/scripts/params.py       |  2 +
 5 files changed, 116 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml
b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml
new file mode 100644
index 0000000..164d91e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_client_jaas_conf.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false" supports_adding_forbidden="true">
+  <property>
+    <name>content</name>
+    <display-name>kafka_client_jaas template</display-name>
+    <description>Kafka client jaas config</description>
+    <value>
+KafkaClient {
+com.sun.security.auth.module.Krb5LoginModule required
+useTicketCache=true
+renewTicket=true
+serviceName="{{kafka_bare_jaas_principal}}";
+};
+   </value>
+    <value-attributes>
+      <type>content</type>
+      <show-property-name>false</show-property-name>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
new file mode 100644
index 0000000..fdde8f2
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/configuration/kafka_jaas_conf.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false" supports_adding_forbidden="true">
+  <property>
+    <name>content</name>
+    <display-name>kafka_jaas template</display-name>
+    <description>Kafka jaas config</description>
+    <value>
+KafkaServer {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=true
+keyTab="{{kafka_keytab_path}}"
+storeKey=true
+useTicketCache=false
+serviceName="{{kafka_bare_jaas_principal}}"
+principal="{{kafka_jaas_principal}}";
+};
+KafkaClient {
+com.sun.security.auth.module.Krb5LoginModule required
+useTicketCache=true
+renewTicket=true
+serviceName="{{kafka_bare_jaas_principal}}";
+};
+Client {
+com.sun.security.auth.module.Krb5LoginModule required
+useKeyTab=true
+keyTab="{{kafka_keytab_path}}"
+storeKey=true
+useTicketCache=false
+serviceName="zookeeper"
+principal="{{kafka_jaas_principal}}";
+};
+   </value>
+    <value-attributes>
+      <type>content</type>
+      <show-property-name>false</show-property-name>
+    </value-attributes>
+    <on-ambari-upgrade add="true"/>
+  </property>
+</configuration>

http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml
index 8630c87..049705d 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/metainfo.xml
@@ -83,6 +83,8 @@
         <config-type>zookeeper-env</config-type>
         <config-type>zoo.cfg</config-type>
         <config-type>ams-ssl-client</config-type>
+        <config-type>kafka_jaas_conf</config-type>
+        <config-type>kafka_client_jaas_conf</config-type>
       </configuration-dependencies>
       <osSpecifics>
         <osSpecific>

http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py
b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py
index a53a547..3f7104a 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py
@@ -133,9 +133,21 @@ def kafka(upgrade_type=None):
          )
 
     if params.security_enabled and params.kafka_kerberos_enabled:
+      if params.kafka_jaas_conf_template:
+        File(format("{conf_dir}/kafka_jaas.conf"),
+             owner=params.kafka_user,
+             content=InlineTemplate(params.kafka_jaas_conf_template)
+        )
+      else:
         TemplateConfig(format("{conf_dir}/kafka_jaas.conf"),
                          owner=params.kafka_user)
 
+      if params.kafka_client_jaas_conf_template:
+        File(format("{conf_dir}/kafka_client_jaas.conf"),
+             owner=params.kafka_user,
+             content=InlineTemplate(params.kafka_client_jaas_conf_template)
+        )
+      else:
         TemplateConfig(format("{conf_dir}/kafka_client_jaas.conf"),
                        owner=params.kafka_user)
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/5a32eda8/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
index 107bf6e..0cb88fe 100644
--- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py
@@ -93,6 +93,8 @@ kafka_managed_log_dir = "/var/log/kafka"
 user_group = config['configurations']['cluster-env']['user_group']
 java64_home = config['hostLevelParams']['java_home']
 kafka_env_sh_template = config['configurations']['kafka-env']['content']
+kafka_jaas_conf_template = default("/configurations/kafka_jaas_conf/content", None)
+kafka_client_jaas_conf_template = default("/configurations/kafka_client_jaas_conf/content",
None)
 kafka_hosts = config['clusterHostInfo']['kafka_broker_hosts']
 kafka_hosts.sort()
 


Mime
View raw message