ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [34/50] [abbrv] ambari git commit: AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty)
Date Mon, 13 Feb 2017 21:04:08 GMT
AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4f39bdf8
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4f39bdf8
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4f39bdf8

Branch: refs/heads/branch-dev-patch-upgrade
Commit: 4f39bdf8cc5aa58d05647725078aaa0223b7021d
Parents: ed92827
Author: Sumit Mohanty <smohanty@hortonworks.com>
Authored: Fri Feb 3 13:24:24 2017 -0800
Committer: Nate Cole <ncole@hortonworks.com>
Committed: Mon Feb 13 15:45:35 2017 -0500

----------------------------------------------------------------------
 .../DRUID/0.9.2/configuration/druid-common.xml   |  6 ++++++
 .../DRUID/0.9.2/package/scripts/druid.py         |  2 ++
 .../DRUID/0.9.2/package/scripts/params.py        |  5 ++++-
 .../stacks/HDP/2.6/services/DRUID/kerberos.json  | 19 ++++++++++++++++++-
 .../test/python/stacks/2.6/DRUID/test_druid.py   |  2 ++
 .../test/python/stacks/2.6/configs/default.json  |  3 ++-
 6 files changed, 34 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4f39bdf8/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
index e00480e..a494750 100644
--- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
+++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml
@@ -46,6 +46,12 @@
     <on-ambari-upgrade add="false"/>
   </property>
   <property>
+    <name>druid.security.extensions.loadList</name>
+    <value>[]</value>
+    <description>A comma-separated list of one or more druid security extensions to
load. This property will be set via the kerberos wizard and User will not be allowed to modify
this when security is enabled.</description>
+    <on-ambari-upgrade add="false"/>
+  </property>
+  <property>
     <name>druid.zk.service.host</name>
     <value>localhost:2181</value>
     <description>

http://git-wip-us.apache.org/repos/asf/ambari/blob/4f39bdf8/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
index 20eda92..18febeb 100644
--- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
+++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py
@@ -48,6 +48,8 @@ def druid(upgrade_type=None, nodeType=None):
     'druid.service']
   druid_common_config['druid.selectors.coordinator.serviceName'] = \
     params.config['configurations']['druid-coordinator']['druid.service']
+  druid_common_config['druid.extensions.loadList'] = json.dumps(eval(params.druid_extensions_load_list)
+
+                                                     eval(params.druid_security_extensions_load_list))
 
   # delete the password and user if empty otherwiswe derby will fail.
   if 'derby' == druid_common_config['druid.metadata.storage.type']:

http://git-wip-us.apache.org/repos/asf/ambari/blob/4f39bdf8/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
index 558087d..aed4043 100644
--- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py
@@ -74,6 +74,9 @@ druid_log_dir = config['configurations']['druid-env']['druid_log_dir']
 druid_classpath = config['configurations']['druid-env']['druid_classpath']
 druid_extensions = config['configurations']['druid-common']['druid.extensions.pullList']
 druid_repo_list = config['configurations']['druid-common']['druid.extensions.repositoryList']
+druid_extensions_load_list = config['configurations']['druid-common']['druid.extensions.loadList']
+druid_security_extensions_load_list = config['configurations']['druid-common']['druid.security.extensions.loadList']
+
 
 # status params
 druid_pid_dir = status_params.druid_pid_dir
@@ -121,7 +124,7 @@ hdfs_site = config['configurations']['hdfs-site']
 default_fs = config['configurations']['core-site']['fs.defaultFS']
 dfs_type = default("/commandParams/dfs_type", "")
 
-# Kerberose
+# Kerberos
 druid_principal_name = default('/configurations/druid-common/druid.hadoop.security.kerberos.principal',
                                'missing_principal')
 druid_user_keytab = default('/configurations/druid-common/druid.hadoop.security.kerberos.keytab',
'missing_keytab')

http://git-wip-us.apache.org/repos/asf/ambari/blob/4f39bdf8/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
index 1661285..251975b 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json
@@ -4,7 +4,13 @@
       "name": "DRUID",
       "identities": [
         {
-          "name": "/spnego"
+          "name": "/spnego",
+          "principal": {
+            "configuration": "druid-common/druid.hadoop.security.spnego.principal"
+          },
+          "keytab": {
+            "configuration": "druid-common/druid.hadoop.security.spnego.keytab"
+          }
         },
         {
           "name": "druid",
@@ -72,6 +78,17 @@
             }
           ]
         }
+      ],
+      "configurations": [
+        {
+          "druid-common": {
+            "druid.hadoop.security.spnego.excludedPaths": "[\"/status\"]",
+            "druid.security.extensions.loadList" : "[\"druid-kerberos\"]"
+          }
+        }
+      ],
+      "auth_to_local_properties" : [
+        "druid-common/druid.hadoop.security.spnego.authToLocal|new_lines_escaped"
       ]
     }
   ]

http://git-wip-us.apache.org/repos/asf/ambari/blob/4f39bdf8/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
index 0a143ae..422e9ba 100644
--- a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
+++ b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py
@@ -445,6 +445,8 @@ class TestDruid(RMFTestCase):
     druid_common_config['druid.extensions.hadoopDependenciesDir'] = format('/usr/hdp/current/{role}/hadoop-dependencies')
     druid_common_config['druid.selectors.indexing.serviceName'] = 'druid/overlord'
     druid_common_config['druid.selectors.coordinator.serviceName'] = 'druid/coordinator'
+    druid_common_config['druid.extensions.loadList'] = '["mysql-metadata-storage", "druid-datasketches",
"druid-kerberos"]'
+
 
     self.assertResourceCalled('PropertiesFile', 'common.runtime.properties',
                               dir=format("/usr/hdp/current/{role}/conf/_common"),

http://git-wip-us.apache.org/repos/asf/ambari/blob/4f39bdf8/ambari-server/src/test/python/stacks/2.6/configs/default.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/configs/default.json b/ambari-server/src/test/python/stacks/2.6/configs/default.json
index 963c4a4..4d9f98c 100644
--- a/ambari-server/src/test/python/stacks/2.6/configs/default.json
+++ b/ambari-server/src/test/python/stacks/2.6/configs/default.json
@@ -430,7 +430,8 @@
       "druid.indexer.logs.directory": "/user/druid/logs",
       "druid.extensions.pullList": "[\"custom-druid-extension\"]",
       "druid.extensions.repositoryList": "[\"http://custom-mvn-repo/public/release\"]",
-      "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]"
+      "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]",
+      "druid.security.extensions.loadList": "[\"druid-kerberos\"]"
     },
     "druid-historical" : {
       "druid.segmentCache.infoDir" : "/apps/druid/segmentCache/info_dir",


Mime
View raw message