Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 65D97200C10 for ; Fri, 3 Feb 2017 22:30:18 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 6465B160B43; Fri, 3 Feb 2017 21:30:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 85A7E160B3F for ; Fri, 3 Feb 2017 22:30:17 +0100 (CET) Received: (qmail 62793 invoked by uid 500); 3 Feb 2017 21:30:15 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 62784 invoked by uid 99); 3 Feb 2017 21:30:15 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2017 21:30:15 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id B48F3DFB95; Fri, 3 Feb 2017 21:30:15 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: smohanty@apache.org To: commits@ambari.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty) Date: Fri, 3 Feb 2017 21:30:15 +0000 (UTC) archived-at: Fri, 03 Feb 2017 21:30:18 -0000 Repository: ambari Updated Branches: refs/heads/branch-2.5 c6663312e -> caa69171b AMBARI-19594. configure kerberos authentication for Druid UIs (Nishant Bangarwa via smohanty) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/caa69171 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/caa69171 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/caa69171 Branch: refs/heads/branch-2.5 Commit: caa69171b163a547341da5f4341ba6d0df66ceb5 Parents: c666331 Author: Sumit Mohanty Authored: Fri Feb 3 13:24:24 2017 -0800 Committer: Sumit Mohanty Committed: Fri Feb 3 13:30:06 2017 -0800 ---------------------------------------------------------------------- .../DRUID/0.9.2/configuration/druid-common.xml | 6 ++++++ .../DRUID/0.9.2/package/scripts/druid.py | 2 ++ .../DRUID/0.9.2/package/scripts/params.py | 5 ++++- .../stacks/HDP/2.6/services/DRUID/kerberos.json | 19 ++++++++++++++++++- .../test/python/stacks/2.6/DRUID/test_druid.py | 2 ++ .../test/python/stacks/2.6/configs/default.json | 3 ++- 6 files changed, 34 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/caa69171/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml index e00480e..a494750 100644 --- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml +++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/configuration/druid-common.xml @@ -46,6 +46,12 @@ + druid.security.extensions.loadList + [] + A comma-separated list of one or more druid security extensions to load. This property will be set via the kerberos wizard and User will not be allowed to modify this when security is enabled. + + + druid.zk.service.host localhost:2181 http://git-wip-us.apache.org/repos/asf/ambari/blob/caa69171/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py index 20eda92..18febeb 100644 --- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py +++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/druid.py @@ -48,6 +48,8 @@ def druid(upgrade_type=None, nodeType=None): 'druid.service'] druid_common_config['druid.selectors.coordinator.serviceName'] = \ params.config['configurations']['druid-coordinator']['druid.service'] + druid_common_config['druid.extensions.loadList'] = json.dumps(eval(params.druid_extensions_load_list) + + eval(params.druid_security_extensions_load_list)) # delete the password and user if empty otherwiswe derby will fail. if 'derby' == druid_common_config['druid.metadata.storage.type']: http://git-wip-us.apache.org/repos/asf/ambari/blob/caa69171/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py index 558087d..aed4043 100644 --- a/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/DRUID/0.9.2/package/scripts/params.py @@ -74,6 +74,9 @@ druid_log_dir = config['configurations']['druid-env']['druid_log_dir'] druid_classpath = config['configurations']['druid-env']['druid_classpath'] druid_extensions = config['configurations']['druid-common']['druid.extensions.pullList'] druid_repo_list = config['configurations']['druid-common']['druid.extensions.repositoryList'] +druid_extensions_load_list = config['configurations']['druid-common']['druid.extensions.loadList'] +druid_security_extensions_load_list = config['configurations']['druid-common']['druid.security.extensions.loadList'] + # status params druid_pid_dir = status_params.druid_pid_dir @@ -121,7 +124,7 @@ hdfs_site = config['configurations']['hdfs-site'] default_fs = config['configurations']['core-site']['fs.defaultFS'] dfs_type = default("/commandParams/dfs_type", "") -# Kerberose +# Kerberos druid_principal_name = default('/configurations/druid-common/druid.hadoop.security.kerberos.principal', 'missing_principal') druid_user_keytab = default('/configurations/druid-common/druid.hadoop.security.kerberos.keytab', 'missing_keytab') http://git-wip-us.apache.org/repos/asf/ambari/blob/caa69171/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json index 1661285..251975b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/DRUID/kerberos.json @@ -4,7 +4,13 @@ "name": "DRUID", "identities": [ { - "name": "/spnego" + "name": "/spnego", + "principal": { + "configuration": "druid-common/druid.hadoop.security.spnego.principal" + }, + "keytab": { + "configuration": "druid-common/druid.hadoop.security.spnego.keytab" + } }, { "name": "druid", @@ -72,6 +78,17 @@ } ] } + ], + "configurations": [ + { + "druid-common": { + "druid.hadoop.security.spnego.excludedPaths": "[\"/status\"]", + "druid.security.extensions.loadList" : "[\"druid-kerberos\"]" + } + } + ], + "auth_to_local_properties" : [ + "druid-common/druid.hadoop.security.spnego.authToLocal|new_lines_escaped" ] } ] http://git-wip-us.apache.org/repos/asf/ambari/blob/caa69171/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py index 0a143ae..422e9ba 100644 --- a/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py +++ b/ambari-server/src/test/python/stacks/2.6/DRUID/test_druid.py @@ -445,6 +445,8 @@ class TestDruid(RMFTestCase): druid_common_config['druid.extensions.hadoopDependenciesDir'] = format('/usr/hdp/current/{role}/hadoop-dependencies') druid_common_config['druid.selectors.indexing.serviceName'] = 'druid/overlord' druid_common_config['druid.selectors.coordinator.serviceName'] = 'druid/coordinator' + druid_common_config['druid.extensions.loadList'] = '["mysql-metadata-storage", "druid-datasketches", "druid-kerberos"]' + self.assertResourceCalled('PropertiesFile', 'common.runtime.properties', dir=format("/usr/hdp/current/{role}/conf/_common"), http://git-wip-us.apache.org/repos/asf/ambari/blob/caa69171/ambari-server/src/test/python/stacks/2.6/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.6/configs/default.json b/ambari-server/src/test/python/stacks/2.6/configs/default.json index 963c4a4..4d9f98c 100644 --- a/ambari-server/src/test/python/stacks/2.6/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.6/configs/default.json @@ -430,7 +430,8 @@ "druid.indexer.logs.directory": "/user/druid/logs", "druid.extensions.pullList": "[\"custom-druid-extension\"]", "druid.extensions.repositoryList": "[\"http://custom-mvn-repo/public/release\"]", - "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]" + "druid.extensions.loadList": "[\"mysql-metadata-storage\", \"druid-datasketches\"]", + "druid.security.extensions.loadList": "[\"druid-kerberos\"]" }, "druid-historical" : { "druid.segmentCache.infoDir" : "/apps/druid/segmentCache/info_dir",