ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smoha...@apache.org
Subject ambari git commit: AMBARI-20275. Credential Store should be enabled by default on fresh installs (Madhuvanthi Radhakrishnan via smohanty)
Date Sun, 05 Mar 2017 18:42:55 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 0ba42cf6c -> df3b028db


AMBARI-20275. Credential Store should be enabled by default on fresh installs (Madhuvanthi
Radhakrishnan via smohanty)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/df3b028d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/df3b028d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/df3b028d

Branch: refs/heads/branch-2.5
Commit: df3b028db23418d788361d54c0924354af783867
Parents: 0ba42cf
Author: Sumit Mohanty <smohanty@hortonworks.com>
Authored: Sun Mar 5 10:42:40 2017 -0800
Committer: Sumit Mohanty <smohanty@hortonworks.com>
Committed: Sun Mar 5 10:42:40 2017 -0800

----------------------------------------------------------------------
 .../0.12.0.2.0/package/scripts/hive_interactive.py   |  7 +++++++
 .../common-services/LOGSEARCH/0.5.0/metainfo.xml     |  1 +
 .../stacks/HDP/2.5/services/HIVE/metainfo.xml        |  2 +-
 .../stacks/HDP/2.5/services/OOZIE/metainfo.xml       |  2 +-
 .../python/stacks/2.5/HIVE/test_hive_server_int.py   | 15 ++++++++++++---
 .../stacks/2.5/configs/hsi_default_for_restart.json  |  1 +
 6 files changed, 23 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/df3b028d/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py
index 1ca65fe..eba3f3a 100644
--- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py
+++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py
@@ -43,6 +43,7 @@ from resource_management.core.shell import quote_bash_args
 from resource_management.core.logger import Logger
 from resource_management.core import utils
 from resource_management.libraries.functions.setup_atlas_hook import has_atlas_in_cluster,
setup_atlas_hook
+from resource_management.libraries.functions.security_commons import update_credential_provider_path
 from ambari_commons.constants import SERVICE
 
 from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl
@@ -200,6 +201,12 @@ def hive_interactive(name=None):
                   group=params.user_group,
                   mode=0644)
       else:
+        merged_hive_interactive_site = update_credential_provider_path(merged_hive_interactive_site,
+                                                                  'hive-site',
+                                                                  os.path.join(conf_dir,
'hive-site.jceks'),
+                                                                  params.hive_user,
+                                                                  params.user_group
+        )
         XmlConfig("hive-site.xml",
                   conf_dir=conf_dir,
                   configurations=merged_hive_interactive_site,

http://git-wip-us.apache.org/repos/asf/ambari/blob/df3b028d/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml
b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml
index 245a94d..fa9548b 100644
--- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml
+++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml
@@ -28,6 +28,7 @@
       <credential-store>
         <supported>true</supported>
         <enabled>true</enabled>
+        <required>true</required>
       </credential-store>
 
       <components>

http://git-wip-us.apache.org/repos/asf/ambari/blob/df3b028d/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml
index 4230dd4..f2a1161 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml
@@ -23,7 +23,7 @@
       <version>1.2.1.2.5</version>
       <credential-store>
         <supported>true</supported>
-        <enabled>false</enabled>
+        <enabled>true</enabled>
       </credential-store>
       <components>
         <component>

http://git-wip-us.apache.org/repos/asf/ambari/blob/df3b028d/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml
index 75aa9d9..05b1543 100644
--- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml
@@ -22,7 +22,7 @@
       <name>OOZIE</name>
       <credential-store>
         <supported>true</supported>
-        <enabled>false</enabled>
+        <enabled>true</enabled>
       </credential-store>
       <extends>common-services/OOZIE/4.2.0.2.5</extends>
     </service>

http://git-wip-us.apache.org/repos/asf/ambari/blob/df3b028d/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py b/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py
index 6f017bc..d76ffaa 100644
--- a/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py
+++ b/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py
@@ -292,7 +292,7 @@ class TestHiveServerInteractive(RMFTestCase):
                               action=['delete'],
                               )
 
-    self.assert_configure_default()
+    self.assert_configure_default(with_cs_enabled=True)
 
     self.assertResourceCalled('Execute',
                               '/home/hive/llap-slider-05Apr2016/run.sh',
@@ -416,7 +416,7 @@ class TestHiveServerInteractive(RMFTestCase):
     self.assertNoMoreResources()
 
 
-  def assert_configure_default(self, no_tmp=False, default_fs_default=u'hdfs://c6401.ambari.apache.org:8020'):
+  def assert_configure_default(self, no_tmp=False, default_fs_default=u'hdfs://c6401.ambari.apache.org:8020',
with_cs_enabled=False):
 
     self.assertResourceCalled('HdfsResource', '/user/hive',
                               immutable_paths = self.DEFAULT_IMMUTABLE_PATHS,
@@ -533,6 +533,15 @@ class TestHiveServerInteractive(RMFTestCase):
                                     configurations=hive_site_conf_for_client,
           )
         else:
+          if with_cs_enabled:
+            self.assertResourceCalled('File', '/usr/hdp/current/hive-server2-hive2/conf/conf.server/hive-site.jceks',
+                                      content=StaticFile('/var/lib/ambari-agent/data/abc.jceks'),
+                                      owner='hive',
+                                      group='hadoop',
+                                      mode = 0640,
+                                      )
+            self.assertTrue('hadoop.security.credential.provider.path' in hive_site_conf)
+            hive_site_conf['hadoop.security.credential.provider.path'] = 'jceks://file/usr/hdp/current/hive-server2-hive2/conf/conf.server/hive-site.jceks'
           self.assertResourceCalled('XmlConfig', 'hive-site.xml',
                                     group='hadoop',
                                     conf_dir=conf_dir,
@@ -542,7 +551,7 @@ class TestHiveServerInteractive(RMFTestCase):
                                                                          u'javax.jdo.option.ConnectionPassword':
u'true'}},
                                     owner='hive',
                                     configurations=hive_site_conf,
-          )
+                                    )
 
         if conf_dir == '/usr/hdp/current/hive-server2-hive2/conf/conf.server':
           self.assertResourceCalled('XmlConfig', 'hiveserver2-site.xml',

http://git-wip-us.apache.org/repos/asf/ambari/blob/df3b028d/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json
b/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json
index 52b3983..f6de1c4 100644
--- a/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json
+++ b/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json
@@ -372,6 +372,7 @@
             "a" : "e"
         },
         "hive-site": {
+            "hadoop.security.credential.provider.path": "jceks://file/var/lib/ambari-agent/data/abc.jceks",
             "hive.enforce.sorting": "true",
             "javax.jdo.option.ConnectionPassword": "!`\"' 1",
             "javax.jdo.option.ConnectionDriverName": "com.mysql.jdbc.Driver",


Mime
View raw message