Return-Path: <commits-return-38304-archive-asf-public=cust-asf.ponee.io@ambari.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 69729200C0E
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  1 Feb 2017 19:14:15 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 680E5160B46; Wed,  1 Feb 2017 18:14:15 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 87A9D160B41
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  1 Feb 2017 19:14:14 +0100 (CET)
Received: (qmail 3948 invoked by uid 500); 1 Feb 2017 18:14:13 -0000
Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@ambari.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@ambari.apache.org>
List-Post: <mailto:commits@ambari.apache.org>
List-Id: <commits.ambari.apache.org>
Reply-To: ambari-dev@ambari.apache.org
Delivered-To: mailing list commits@ambari.apache.org
Received: (qmail 3939 invoked by uid 99); 1 Feb 2017 18:14:13 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2017 18:14:13 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 9FB8ADFBDA; Wed,  1 Feb 2017 18:14:13 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rlevas@apache.org
To: commits@ambari.apache.org
Message-Id: <b7316f90d3b6407e9c2244e798551d41@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: ambari git commit: AMBARI-19331. Setup correct authentication and
 authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)
Date: Wed,  1 Feb 2017 18:14:13 +0000 (UTC)
archived-at: Wed, 01 Feb 2017 18:14:15 -0000

Repository: ambari
Updated Branches:
  refs/heads/trunk 262738084 -> 4026efacc


AMBARI-19331. Setup correct authentication and authorization mechanism between Yarn and Zookeeper (Attila Magyar via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/4026efac
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/4026efac
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/4026efac

Branch: refs/heads/trunk
Commit: 4026efacc398197ddb3b67230641efd7c850e2b8
Parents: 2627380
Author: Attila Magyar <amagyar@hortonworks.com>
Authored: Wed Feb 1 13:14:07 2017 -0500
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Wed Feb 1 13:14:07 2017 -0500

----------------------------------------------------------------------
 .../YARN/2.1.0.2.0/package/scripts/params_linux.py            | 2 ++
 .../YARN/2.1.0.2.0/package/scripts/resourcemanager.py         | 2 ++
 .../resources/common-services/YARN/3.0.0.3.0/kerberos.json    | 7 ++++++-
 .../YARN/3.0.0.3.0/package/scripts/params_linux.py            | 4 +++-
 .../YARN/3.0.0.3.0/package/scripts/resourcemanager.py         | 2 ++
 .../main/resources/stacks/HDP/2.6/services/YARN/kerberos.json | 6 +++++-
 6 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
index aed8abc..335f1ac 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py
@@ -257,6 +257,8 @@ rm_zk_address = config['configurations']['yarn-site']['yarn.resourcemanager.zk-a
 rm_zk_znode = config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
 rm_zk_store_class = config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
 stack_supports_zk_security = check_stack_feature(StackFeature.SECURE_ZOOKEEPER, version_for_stack_feature_checks)
+rm_zk_failover_znode = default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path', '/yarn-leader-election')
+hadoop_registry_zk_root = default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
 
 if security_enabled:
   rm_principal_name = config['configurations']['yarn-site']['yarn.resourcemanager.principal']

http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
index a659dd1..b871b68 100644
--- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/resourcemanager.py
@@ -241,6 +241,8 @@ class ResourcemanagerDefault(Resourcemanager):
       params.yarn_jaas_file, \
       params.yarn_user)
     zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+    zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+    zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
 
   def wait_for_dfs_directories_created(self, *dirs):
     import params

http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
index 29cc00a..ae4db4f 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/kerberos.json
@@ -31,7 +31,12 @@
             "yarn.resourcemanager.proxyuser.*.groups": "",
             "yarn.resourcemanager.proxyuser.*.hosts": "",
             "yarn.resourcemanager.proxyuser.*.users": "",
-            "yarn.resourcemanager.proxy-user-privileges.enabled": "true"
+            "yarn.resourcemanager.proxy-user-privileges.enabled": "true",
+            "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda",
+            "hadoop.registry.secure" : "true",
+            "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm,sasl:hive",
+            "hadoop.registry.client.auth" : "kerberos",
+            "hadoop.registry.jaas.context" : "Client"
           }
         },
         {

http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
index 4d47925..0f6f1fa 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py
@@ -255,6 +255,8 @@ nodemanager_kinit_cmd = ""
 rm_zk_address = config['configurations']['yarn-site']['yarn.resourcemanager.zk-address']
 rm_zk_znode = config['configurations']['yarn-site']['yarn.resourcemanager.zk-state-store.parent-path']
 rm_zk_store_class = config['configurations']['yarn-site']['yarn.resourcemanager.store.class']
+rm_zk_failover_znode = default('/configurations/yarn-site/yarn.resourcemanager.ha.automatic-failover.zk-base-path', '/yarn-leader-election')
+hadoop_registry_zk_root = default('/configurations/yarn-site/hadoop.registry.zk.root', '/registry')
 
 if security_enabled:
   rm_principal_name = config['configurations']['yarn-site']['yarn.resourcemanager.principal']
@@ -490,4 +492,4 @@ if enable_ranger_yarn and is_supported_yarn_ranger:
   if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla':
     xa_audit_db_is_enabled = False
 
-# ranger yarn plugin end section
\ No newline at end of file
+# ranger yarn plugin end section

http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
index 4d8d95e..ba748f1 100644
--- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
+++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/resourcemanager.py
@@ -122,6 +122,8 @@ class ResourcemanagerDefault(Resourcemanager):
       params.yarn_jaas_file, \
       params.yarn_user)
     zkmigrator.set_acls(params.rm_zk_znode, 'world:anyone:crdwa')
+    zkmigrator.set_acls(params.rm_zk_failover_znode, 'world:anyone:crdwa')
+    zkmigrator.set_acls(params.hadoop_registry_zk_root, 'world:anyone:crdwa')
 
   def start(self, env, upgrade_type=None):
     import params

http://git-wip-us.apache.org/repos/asf/ambari/blob/4026efac/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
index eaffec6..ae4db4f 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
+++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/kerberos.json
@@ -32,7 +32,11 @@
             "yarn.resourcemanager.proxyuser.*.hosts": "",
             "yarn.resourcemanager.proxyuser.*.users": "",
             "yarn.resourcemanager.proxy-user-privileges.enabled": "true",
-            "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda"
+            "yarn.resourcemanager.zk-acl" : "sasl:rm:rwcda",
+            "hadoop.registry.secure" : "true",
+            "hadoop.registry.system.accounts" : "sasl:yarn,sasl:mapred,sasl:hadoop,sasl:hdfs,sasl:rm,sasl:hive",
+            "hadoop.registry.client.auth" : "kerberos",
+            "hadoop.registry.jaas.context" : "Client"
           }
         },
         {