Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 83865200BC5 for ; Mon, 7 Nov 2016 14:05:24 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 82386160B1F; Mon, 7 Nov 2016 13:05:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id EF8FE160B10 for ; Mon, 7 Nov 2016 14:05:22 +0100 (CET) Received: (qmail 520 invoked by uid 500); 7 Nov 2016 13:05:20 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 99747 invoked by uid 99); 7 Nov 2016 13:05:20 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Nov 2016 13:05:20 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 091E7EC22D; Mon, 7 Nov 2016 13:05:20 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jonathanhurley@apache.org To: commits@ambari.apache.org Date: Mon, 07 Nov 2016 13:06:00 -0000 Message-Id: <59d812b39a77467a8ec8ec758052309a@git.apache.org> In-Reply-To: <461452b9403a44a7aad35c447defd190@git.apache.org> References: <461452b9403a44a7aad35c447defd190@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [43/60] [abbrv] ambari git commit: AMBARI-18510. Use logsearch truststore to look for credential in case of external authentication (Miklos Gergely via oleewere) archived-at: Mon, 07 Nov 2016 13:05:24 -0000 http://git-wip-us.apache.org/repos/asf/ambari/blob/fb70f1b9/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh index 2ad7055..2c2d056 100644 --- a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh +++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh @@ -21,7 +21,7 @@ export LOGSEARCH_PORT=61888 # path containing LogSearch.jar file export LOGSEARCH_PATH=/root/ambari/ambari-logsearch/ambari-logsearch-portal/target/package -export LOGSEARCH_CONF_DIR=/root/test-config/logsearch +export LOGSEARCH_CONF_DIR=/root/config/logsearch export LOGFILE=/var/log/ambari-logsearch-portal/logsearch.log @@ -33,4 +33,12 @@ LOGSEARCH_JAVA_MEM=${LOGSEARCH_JAVA_MEM:-"-Xmx1024m"} export LOGSEARCH_DEBUG=true -export LOGSEARCH_DEBUG_PORT=5005 \ No newline at end of file +export LOGSEARCH_DEBUG_PORT=5005 + +export LOGSEARCH_SSL="true" +export LOGSEARCH_KEYSTORE_LOCATION=/root/config/ssl/logsearch.keyStore.jks +export LOGSEARCH_KEYSTORE_PASSWORD=bigdata +export LOGSEARCH_KEYSTORE_TYPE=jks +export LOGSEARCH_TRUSTSTORE_LOCATION=/root/config/ssl/logsearch.trustStore.jks +export LOGSEARCH_TRUSTSTORE_PASSWORD=bigdata +export LOGSEARCH_TRUSTSTORE_TYPE=jks http://git-wip-us.apache.org/repos/asf/ambari/blob/fb70f1b9/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties b/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties new file mode 100644 index 0000000..1bd8c70 --- /dev/null +++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-https.properties @@ -0,0 +1,55 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +logsearch.solr.zk_connect_string=localhost:9983 + +# Service Logs +logsearch.solr.collection.service.logs=hadoop_logs + +logsearch.service.logs.split.interval.mins=15 +logsearch.collection.service.logs.numshards=3 +logsearch.collection.service.logs.replication.factor=2 + +# Audit logs +logsearch.solr.audit.logs.zk_connect_string=localhost:9983 +logsearch.solr.collection.audit.logs=audit_logs +logsearch.solr.audit.logs.url= + +logsearch.audit.logs.split.interval.mins=15 +logsearch.collection.audit.logs.numshards=3 +logsearch.collection.audit.logs.replication.factor=2 + +# History logs +logsearch.solr.collection.history=history +logsearch.solr.history.config.name=history +logsearch.collection.history.replication.factor=1 + +# Metrics +logsearch.solr.metrics.collector.hosts= +logsearch.solr.jmx.port=18886 + +# Logfeeder Settings + +logsearch.logfeeder.include.default.level=FATAL,ERROR,WARN,INFO,DEBUG,TRACE,UNKNOWN + +# logsearch-admin.json +logsearch.auth.file.enable=true +logsearch.login.credentials.file=user_pass.json + +logsearch.auth.ldap.enable=false +logsearch.auth.simple.enable=false +logsearch.auth.external_auth.enable=false + +logsearch.protocol=https http://git-wip-us.apache.org/repos/asf/ambari/blob/fb70f1b9/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh b/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh new file mode 100644 index 0000000..faaa6ff --- /dev/null +++ b/ambari-logsearch/docker/test-config/solr/solr-env-ssl.sh @@ -0,0 +1,101 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# By default the script will use JAVA_HOME to determine which java +# to use, but you can set a specific path for Solr to use without +# affecting other Java applications on your server/workstation. +SOLR_JAVA_HOME=/usr/java/default + +# Increase Java Min/Max Heap as needed to support your indexing / query needs +SOLR_JAVA_MEM="-Xms1024m -Xmx2048m" + +# Enable verbose GC logging +GC_LOG_OPTS="-verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails \ +-XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime" + +# These GC settings have shown to work well for a number of common Solr workloads +GC_TUNE="-XX:NewRatio=3 \ +-XX:SurvivorRatio=4 \ +-XX:TargetSurvivorRatio=90 \ +-XX:MaxTenuringThreshold=8 \ +-XX:+UseConcMarkSweepGC \ +-XX:+UseParNewGC \ +-XX:ConcGCThreads=4 -XX:ParallelGCThreads=4 \ +-XX:+CMSScavengeBeforeRemark \ +-XX:PretenureSizeThreshold=64m \ +-XX:+UseCMSInitiatingOccupancyOnly \ +-XX:CMSInitiatingOccupancyFraction=50 \ +-XX:CMSMaxAbortablePrecleanTime=6000 \ +-XX:+CMSParallelRemarkEnabled \ +-XX:+ParallelRefProcEnabled" + +# Set the ZooKeeper connection string if using an external ZooKeeper ensemble +# e.g. host1:2181,host2:2181/chroot +# Leave empty if not using SolrCloud +#ZK_HOST="localhost:9983/ambari-solr" + +# Set the ZooKeeper client timeout (for SolrCloud mode) +ZK_CLIENT_TIMEOUT="60000" + +# By default the start script uses "localhost"; override the hostname here +# for production SolrCloud environments to control the hostname exposed to cluster state +#SOLR_HOST="192.168.1.1" + +# By default the start script uses UTC; override the timezone if needed +#SOLR_TIMEZONE="UTC" + +# Set to true to activate the JMX RMI connector to allow remote JMX client applications +# to monitor the JVM hosting Solr; set to "false" to disable that behavior +# (false is recommended in production environments) +ENABLE_REMOTE_JMX_OPTS="true" + +# The script will use SOLR_PORT+10000 for the RMI_PORT or you can set it here +RMI_PORT=18886 + +# Anything you add to the SOLR_OPTS variable will be included in the java +# start command line as-is, in ADDITION to other options. If you specify the +# -a option on start script, those options will be appended as well. Examples: +#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoSoftCommit.maxTime=3000" +#SOLR_OPTS="$SOLR_OPTS -Dsolr.autoCommit.maxTime=60000" +#SOLR_OPTS="$SOLR_OPTS -Dsolr.clustering.enabled=true" + +# Location where the bin/solr script will save PID files for running instances +# If not set, the script will create PID files in $SOLR_TIP/bin +SOLR_PID_DIR=/var/run/ambari-logsearch-solr + +# Path to a directory where Solr creates index files, the specified directory +# must contain a solr.xml; by default, Solr will use server/solr +SOLR_HOME=/root/logsearch_solr_index/data + +# Solr provides a default Log4J configuration properties file in server/resources +# however, you may want to customize the log settings and file appender location +# so you can point the script to use a different log4j.properties file +LOG4J_PROPS=/root/config/solr/log4j.properties + +# Location where Solr should write logs to; should agree with the file appender +# settings in server/resources/log4j.properties +SOLR_LOGS_DIR=/var/log/ambari-logsearch-solr + +# Sets the port Solr binds to, default is 8983 +SOLR_PORT=8886 + +SOLR_SSL_KEY_STORE=/root/config/ssl/logsearch.keyStore.jks +SOLR_SSL_KEY_STORE_PASSWORD=bigdata +SOLR_SSL_TRUST_STORE=/root/config/ssl/logsearch.trustStore.jks +SOLR_SSL_TRUST_STORE_PASSWORD=bigdata +SOLR_SSL_NEED_CLIENT_AUTH=false +SOLR_SSL_WANT_CLIENT_AUTH=false + http://git-wip-us.apache.org/repos/asf/ambari/blob/fb70f1b9/ambari-logsearch/docker/test-config/solr/solr-env.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/test-config/solr/solr-env.sh b/ambari-logsearch/docker/test-config/solr/solr-env.sh index 92fa354..11b9fe0 100644 --- a/ambari-logsearch/docker/test-config/solr/solr-env.sh +++ b/ambari-logsearch/docker/test-config/solr/solr-env.sh @@ -83,11 +83,11 @@ SOLR_HOME=/root/logsearch_solr_index/data # Solr provides a default Log4J configuration properties file in server/resources # however, you may want to customize the log settings and file appender location # so you can point the script to use a different log4j.properties file -LOG4J_PROPS=/root/test-config/solr/log4j.properties +LOG4J_PROPS=/root/config/solr/log4j.properties # Location where Solr should write logs to; should agree with the file appender # settings in server/resources/log4j.properties SOLR_LOGS_DIR=/var/log/ambari-logsearch-solr # Sets the port Solr binds to, default is 8983 -SOLR_PORT=8886 \ No newline at end of file +SOLR_PORT=8886 http://git-wip-us.apache.org/repos/asf/ambari/blob/fb70f1b9/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 index d1c1ef9..8c24fa4 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 +++ b/ambari-server/src/main/resources/common-services/AMBARI_INFRA/0.1.0/properties/infra-solr-env.sh.j2 @@ -96,8 +96,8 @@ SOLR_PORT={{infra_solr_port}} {% if infra_solr_ssl_enabled %} SOLR_SSL_KEY_STORE={{infra_solr_keystore_location}} SOLR_SSL_KEY_STORE_PASSWORD={{infra_solr_keystore_password}} -SOLR_SSL_TRUST_STORE={{infra_solr_keystore_location}} -SOLR_SSL_TRUST_STORE_PASSWORD={{infra_solr_keystore_password}} +SOLR_SSL_TRUST_STORE={{infra_solr_truststore_location}} +SOLR_SSL_TRUST_STORE_PASSWORD={{infra_solr_truststore_password}} SOLR_SSL_NEED_CLIENT_AUTH=false SOLR_SSL_WANT_CLIENT_AUTH=false {% endif %} http://git-wip-us.apache.org/repos/asf/ambari/blob/fb70f1b9/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2 b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2 index 501603a..eb7306c 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2 +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/properties/logsearch-env.sh.j2 @@ -38,7 +38,7 @@ export LOGSEARCH_DEBUG={{logsearch_debug_enabled}} export LOGSEARCH_DEBUG_PORT={{logsearch_debug_port}} -{% if infra_solr_ssl_enabled or logsearch_ui_protocol == 'https' %} +{% if infra_solr_ssl_enabled or logsearch_ui_protocol == 'https' or ambari_server_use_ssl %} export LOGSEARCH_SSL="true" export LOGSEARCH_KEYSTORE_LOCATION={{logsearch_keystore_location}} export LOGSEARCH_KEYSTORE_PASSWORD={{logsearch_keystore_password}}