ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smn...@apache.org
Subject ambari git commit: AMBARI-19545: Ambari-agent - In HIVE and OOZIE stack scripts, copy JCEKS file to desired location
Date Tue, 17 Jan 2017 04:03:25 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 326cc1b2a -> ded8ee71c


AMBARI-19545: Ambari-agent - In HIVE and OOZIE stack scripts, copy JCEKS file to desired location


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/ded8ee71
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/ded8ee71
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/ded8ee71

Branch: refs/heads/trunk
Commit: ded8ee71c1c50ac76bc70ad8df8c39c7654d3fe9
Parents: 326cc1b
Author: Nahappan Somasundaram <nsomasundaram@hortonworks.com>
Authored: Mon Jan 16 07:54:30 2017 -0800
Committer: Nahappan Somasundaram <nsomasundaram@hortonworks.com>
Committed: Mon Jan 16 20:03:15 2017 -0800

----------------------------------------------------------------------
 .../HIVE/0.12.0.2.0/package/scripts/hive.py     | 31 ++++++++++++++++-
 .../OOZIE/4.0.0.2.0/package/scripts/oozie.py    | 36 ++++++++++++++++++--
 2 files changed, 64 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/ded8ee71/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
index f825982..51e3b9f 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py
@@ -20,6 +20,7 @@ limitations under the License.
 
 import os
 import glob
+
 from urlparse import urlparse
 
 from resource_management.libraries.script.script import Script
@@ -46,6 +47,33 @@ from ambari_commons.constants import SERVICE
 from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
 from ambari_commons import OSConst
 
+# The property name used by the hadoop credential provider
+HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME = 'hadoop.security.credential.provider.path'
+
+# Move JCEKS provider to service specific location and update the ACL
+def update_credential_provider_path(config_type, dest_provider_path):
+  import params
+
+  # Get the path to the provider <config_type>.jceks
+  if HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME in params.config['configurations'][config_type]:
+    provider_paths = params.config['configurations'][config_type][HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME].split(',')
+    for path_index in range(len(provider_paths)):
+      provider_path = provider_paths[path_index]
+      if config_type == os.path.splitext(os.path.basename(provider_path))[0]:
+        src_provider_path = provider_path[len('jceks://file'):]
+        File(dest_provider_path,
+          owner = params.hive_user,
+          group = params.user_group,
+          mode = 0640,
+          content = StaticFile(src_provider_path)
+        )
+        provider_paths[path_index] = 'jceks://file{0}'.format(dest_provider_path)
+        # make a copy of the config dictionary since it is read-only
+        config = params.config['configurations'][config_type].copy()
+        config[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
+        return config
+    return params.config['configurations'][config_type]
+
 @OsFamilyFuncImpl(os_family=OsFamilyImpl.DEFAULT)
 def hive(name=None):
   import params
@@ -64,9 +92,10 @@ def hive(name=None):
   for conf_dir in params.hive_conf_dirs_list:
     fill_conf_dir(conf_dir)
 
+  hive_site_config = update_credential_provider_path('hive-site', os.path.join(params.hive_conf_dir,
'hive-site.jceks'))
   XmlConfig("hive-site.xml",
             conf_dir=params.hive_config_dir,
-            configurations=params.hive_site_config,
+            configurations=hive_site_config,
             configuration_attributes=params.config['configuration_attributes']['hive-site'],
             owner=params.hive_user,
             group=params.user_group,

http://git-wip-us.apache.org/repos/asf/ambari/blob/ded8ee71/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
index 14a0b23..252f60e 100644
--- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
+++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
@@ -27,6 +27,7 @@ from resource_management.core.resources.system import Directory, Execute,
File
 from resource_management.core.source import DownloadSource
 from resource_management.core.source import InlineTemplate
 from resource_management.core.source import Template
+from resource_management.core.source import StaticFile
 from resource_management.libraries.functions.format import format
 from resource_management.libraries.functions.default import default
 from resource_management.libraries.functions import StackFeature
@@ -50,6 +51,33 @@ from ambari_commons.inet_utils import download_file
 
 from resource_management.core import Logger
 
+# The property name used by the hadoop credential provider
+HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME = 'hadoop.security.credential.provider.path'
+
+# Move JCEKS provider to service specific locationa and update the ACL
+def update_credential_provider_path(config_type, dest_provider_path):
+  import params
+
+  # Get the path to the provider <config_type>.jceks
+  if HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME in params.config['configurations'][config_type]:
+    provider_paths = params.config['configurations'][config_type][HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME].split(',')
+    for path_index in range(len(provider_paths)):
+      provider_path = provider_paths[path_index]
+      if config_type == os.path.splitext(os.path.basename(provider_path))[0]:
+        src_provider_path = provider_path[len('jceks://file'):]
+        Logger.info('src_provider_path={0}, dest_provider_path{1}'.format(src_provider_path,
dest_provider_path))
+        File(dest_provider_path,
+          owner = params.oozie_user,
+          group = params.user_group,
+          mode = 0640,
+          content = StaticFile(src_provider_path)
+        )
+        provider_paths[path_index] = 'jceks://file{0}'.format(dest_provider_path)
+        # make a copy of the config dictionary since it cannot be modified
+        config = params.config['configurations'][config_type].copy()
+        config[HADOOP_CREDENTIAL_PROVIDER_PROPERTY_NAME] = ','.join(provider_paths)
+        return config
+    return params.config['configurations'][config_type]
 
 @OsFamilyFuncImpl(os_family=OSConst.WINSRV_FAMILY)
 def oozie(is_server=False):
@@ -115,9 +143,12 @@ def oozie(is_server=False):
              owner = params.oozie_user,
              group = params.user_group
   )
+
+  oozie_site_config = update_credential_provider_path('oozie-site', os.path.join(params.conf_dir,
'oozie-site.jceks'))
+
   XmlConfig("oozie-site.xml",
     conf_dir = params.conf_dir,
-    configurations = params.oozie_site,
+    configurations = oozie_site_config,
     configuration_attributes=params.config['configuration_attributes']['oozie-site'],
     owner = params.oozie_user,
     group = params.user_group,
@@ -289,9 +320,10 @@ def oozie_server_specific():
         group = params.user_group
     )
     if 'hive-site' in params.config['configurations']:
+      hive_site_config = update_credential_provider_path('hive-site', os.path.join(params.hive_conf_dir,
'hive-site.jceks'))
       XmlConfig("hive-site.xml",
         conf_dir=params.hive_conf_dir,
-        configurations=params.config['configurations']['hive-site'],
+        configurations=hive_site_config,
         configuration_attributes=params.config['configuration_attributes']['hive-site'],
         owner=params.oozie_user,
         group=params.user_group,


Mime
View raw message