ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nc...@apache.org
Subject [13/16] ambari git commit: AMBARI-20237. After regenerate keytabs post Ambari upgrade yarn.nodemanager.linux-container-executor.cgroups.mount-path property got added with blank value (echekanskiy)
Date Thu, 02 Mar 2017 18:41:58 GMT
AMBARI-20237. After regenerate keytabs post Ambari upgrade yarn.nodemanager.linux-container-executor.cgroups.mount-path
property got added with blank value (echekanskiy)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d481b788
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d481b788
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d481b788

Branch: refs/heads/branch-feature-AMBARI-12556
Commit: d481b788b6f819280b849c015eb42acc2e3d16b3
Parents: f8fe522
Author: Eugene Chekanskiy <echekanskiy@hortonworks.com>
Authored: Thu Mar 2 19:35:45 2017 +0200
Committer: Eugene Chekanskiy <echekanskiy@hortonworks.com>
Committed: Thu Mar 2 19:35:45 2017 +0200

----------------------------------------------------------------------
 .../server/upgrade/UpgradeCatalog250.java       |  14 ++
 .../server/upgrade/UpgradeCatalog250Test.java   |  10 +-
 ...test_kerberos_descriptor_2_5_infra_solr.json | 212 ++++++++++++++++++-
 3 files changed, 226 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/d481b788/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
index d6ff241..ad7490b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog250.java
@@ -51,6 +51,7 @@ import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.Config;
 import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor;
+import org.apache.ambari.server.state.kerberos.KerberosConfigurationDescriptor;
 import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
 import org.apache.ambari.server.state.kerberos.KerberosDescriptorFactory;
 import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
@@ -498,6 +499,19 @@ public class UpgradeCatalog250 extends AbstractUpgradeCatalog {
               }
             }
           }
+          KerberosServiceDescriptor yarnKerberosDescriptor = kerberosDescriptor.getService("YARN");
+          if (yarnKerberosDescriptor != null) {
+            Map<String, KerberosConfigurationDescriptor> configs = yarnKerberosDescriptor.getConfigurations();
+            KerberosConfigurationDescriptor yarnSiteConfigDescriptor = configs.get("yarn-site");
+            if (yarnSiteConfigDescriptor != null) {
+              Map<String, String> properties = yarnSiteConfigDescriptor.getProperties();
+              if (properties != null && properties.containsKey(YARN_LCE_CGROUPS_MOUNT_PATH))
{
+                properties.remove(YARN_LCE_CGROUPS_MOUNT_PATH);
+                artifactEntity.setArtifactData(kerberosDescriptor.toMap());
+                artifactDAO.merge(artifactEntity);
+              }
+            }
+          }
         }
       }
     }

http://git-wip-us.apache.org/repos/asf/ambari/blob/d481b788/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
index 39d8785..7ee66ef 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog250Test.java
@@ -1602,6 +1602,7 @@ public class UpgradeCatalog250Test {
 
   @Test
   public void testUpdateKerberosDescriptorArtifact() throws Exception {
+    final String propertyToRemove = "yarn.nodemanager.linux-container-executor.cgroups.mount-path";
     final KerberosDescriptorFactory kerberosDescriptorFactory = new KerberosDescriptorFactory();
 
     KerberosServiceDescriptor serviceDescriptor;
@@ -1629,8 +1630,7 @@ public class UpgradeCatalog250Test {
     Assert.assertNotNull(serviceDescriptor);
     Assert.assertNotNull(serviceDescriptor.getComponent("NIMBUS"));
 
-    UpgradeCatalog250 upgradeMock = createMockBuilder(UpgradeCatalog250.class).createMock();
-
+    UpgradeCatalog250 upgradeMock = createMockBuilder(UpgradeCatalog250.class).withConstructor(injector).createMock();
 
     ArtifactEntity artifactEntity = createNiceMock(ArtifactEntity.class);
     expect(artifactEntity.getArtifactData())
@@ -1639,10 +1639,10 @@ public class UpgradeCatalog250Test {
 
     Capture<Map<String, Object>> updateData = Capture.newInstance(CaptureType.ALL);
     artifactEntity.setArtifactData(capture(updateData));
-    expectLastCall().times(3);
+    expectLastCall().times(4);
 
     ArtifactDAO artifactDAO = createNiceMock(ArtifactDAO.class);
-    expect(artifactDAO.merge(anyObject(ArtifactEntity.class))).andReturn(artifactEntity).times(3);
+    expect(artifactDAO.merge(anyObject(ArtifactEntity.class))).andReturn(artifactEntity).times(4);
 
     replay(artifactEntity, artifactDAO, upgradeMock);
     upgradeMock.updateKerberosDescriptorArtifact(artifactDAO, artifactEntity);
@@ -1651,6 +1651,7 @@ public class UpgradeCatalog250Test {
     KerberosDescriptor atlasKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(0));
     KerberosDescriptor rangerKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(1));
     KerberosDescriptor stormKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(2));
+    KerberosDescriptor yarnKerberosDescriptorUpdated = new KerberosDescriptorFactory().createInstance(updateData.getValues().get(3));
 
     Assert.assertNotNull(atlasKerberosDescriptorUpdated.getIdentity("spnego"));
     Assert.assertNotNull(atlasKerberosDescriptorUpdated.getService("LOGSEARCH"));
@@ -1665,6 +1666,7 @@ public class UpgradeCatalog250Test {
     Assert.assertNotNull(stormKerberosDescriptorUpdated.getService("STORM"));
     Assert.assertNotNull(stormKerberosDescriptorUpdated.getService("STORM").getComponent("NIMBUS"));
     Assert.assertNotNull(stormKerberosDescriptorUpdated.getService("STORM").getComponent("NIMBUS").getIdentity("/STORM/storm_components"));
+    Assert.assertFalse(yarnKerberosDescriptorUpdated.getService("YARN").getConfigurations().get("yarn-site").getProperties().containsKey(propertyToRemove));
   }
 
   @Test

http://git-wip-us.apache.org/repos/asf/ambari/blob/d481b788/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
b/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
index 172ad05..0c2723e 100644
--- a/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
+++ b/ambari-server/src/test/resources/kerberos/test_kerberos_descriptor_2_5_infra_solr.json
@@ -39,9 +39,9 @@
               "name": "atlas",
               "principal": {
                 "value": "atlas/_HOST@${realm}",
-                "type" : "service",
+                "type": "service",
                 "configuration": "application-properties/atlas.jaas.KafkaClient.option.principal",
-                "local_username" : "${atlas-env/metadata_user}"
+                "local_username": "${atlas-env/metadata_user}"
               },
               "keytab": {
                 "file": "${keytab_dir}/atlas.service.keytab",
@@ -103,14 +103,214 @@
             },
             {
               "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
-              "when" : {
-                "contains" : ["services", "AMBARI_INFRA"]
+              "when": {
+                "contains": [
+                  "services",
+                  "AMBARI_INFRA"
+                ]
               }
             }
           ]
         }
       ]
     },
+    ,
+    {
+      "components": [
+        {
+          "identities": [
+            {
+              "name": "/HDFS/NAMENODE/hdfs"
+            },
+            {
+              "keytab": {
+                "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.keytab",
+                "file": "${keytab_dir}/spnego.service.keytab"
+              },
+              "name": "/spnego",
+              "principal": {
+                "configuration": "yarn-site/yarn.timeline-service.http-authentication.kerberos.principal",
+                "value": "HTTP/_HOST@${realm}"
+              }
+            },
+            {
+              "keytab": {
+                "configuration": "yarn-site/yarn.timeline-service.keytab",
+                "file": "${keytab_dir}/yarn.service.keytab",
+                "group": {
+                  "access": "",
+                  "name": "${cluster-env/user_group}"
+                },
+                "owner": {
+                  "access": "r",
+                  "name": "${yarn-env/yarn_user}"
+                }
+              },
+              "name": "app_timeline_server_yarn",
+              "principal": {
+                "configuration": "yarn-site/yarn.timeline-service.principal",
+                "local_username": "${yarn-env/yarn_user}",
+                "type": "service",
+                "value": "yarn/_HOST@${realm}"
+              }
+            }
+          ],
+          "name": "APP_TIMELINE_SERVER"
+        },
+        {
+          "configurations": [
+            {
+              "yarn-site": {
+                "yarn.nodemanager.container-executor.class": "org.apache.hadoop.yarn.server.nodemanager.DefaultContainerExecutor"
+              }
+            }
+          ],
+          "identities": [
+            {
+              "keytab": {
+                "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-keytab-file",
+                "file": "${keytab_dir}/spnego.service.keytab"
+              },
+              "name": "/spnego",
+              "principal": {
+                "configuration": "yarn-site/yarn.nodemanager.webapp.spnego-principal",
+                "value": "HTTP/_HOST@${realm}"
+              }
+            },
+            {
+              "keytab": {
+                "configuration": "yarn-site/yarn.nodemanager.keytab",
+                "file": "${keytab_dir}/nm.service.keytab",
+                "group": {
+                  "access": "",
+                  "name": "${cluster-env/user_group}"
+                },
+                "owner": {
+                  "access": "r",
+                  "name": "${yarn-env/yarn_user}"
+                }
+              },
+              "name": "nodemanager_nm",
+              "principal": {
+                "configuration": "yarn-site/yarn.nodemanager.principal",
+                "local_username": "${yarn-env/yarn_user}",
+                "type": "service",
+                "value": "nm/_HOST@${realm}"
+              }
+            }
+          ],
+          "name": "NODEMANAGER"
+        },
+        {
+          "identities": [
+            {
+              "keytab": {
+                "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.keyTab",
+                "file": "${keytab_dir}/rm.service.keytab"
+              },
+              "name": "/YARN/RESOURCEMANAGER/resource_manager_rm",
+              "principal": {
+                "configuration": "ranger-yarn-audit/xasecure.audit.jaas.Client.option.principal",
+                "value": "rm/_HOST@${realm}"
+              }
+            },
+            {
+              "keytab": {
+                "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-keytab-file",
+                "file": "${keytab_dir}/spnego.service.keytab"
+              },
+              "name": "/spnego",
+              "principal": {
+                "configuration": "yarn-site/yarn.resourcemanager.webapp.spnego-principal",
+                "value": "HTTP/_HOST@${realm}"
+              }
+            },
+            {
+              "keytab": {
+                "configuration": "yarn-site/yarn.resourcemanager.keytab",
+                "file": "${keytab_dir}/rm.service.keytab",
+                "group": {
+                  "access": "",
+                  "name": "${cluster-env/user_group}"
+                },
+                "owner": {
+                  "access": "r",
+                  "name": "${yarn-env/yarn_user}"
+                }
+              },
+              "name": "resource_manager_rm",
+              "principal": {
+                "configuration": "yarn-site/yarn.resourcemanager.principal",
+                "local_username": "${yarn-env/yarn_user}",
+                "type": "service",
+                "value": "rm/_HOST@${realm}"
+              }
+            }
+          ],
+          "name": "RESOURCEMANAGER"
+        }
+      ],
+      "configurations": [
+        {
+          "capacity-scheduler": {
+            "yarn.scheduler.capacity.root.acl_administer_jobs": "${yarn-env/yarn_user}",
+            "yarn.scheduler.capacity.root.acl_administer_queue": "${yarn-env/yarn_user}",
+            "yarn.scheduler.capacity.root.default.acl_administer_jobs": "${yarn-env/yarn_user}",
+            "yarn.scheduler.capacity.root.default.acl_administer_queue": "${yarn-env/yarn_user}",
+            "yarn.scheduler.capacity.root.default.acl_submit_applications": "${yarn-env/yarn_user}"
+          }
+        },
+        {
+          "core-site": {
+            "hadoop.proxyuser.${yarn-env/yarn_user}.groups": "*",
+            "hadoop.proxyuser.${yarn-env/yarn_user}.hosts": "${clusterHostInfo/rm_host}"
+          }
+        },
+        {
+          "ranger-yarn-audit": {
+            "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true",
+            "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+            "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+            "xasecure.audit.jaas.Client.option.serviceName": "solr",
+            "xasecure.audit.jaas.Client.option.storeKey": "false",
+            "xasecure.audit.jaas.Client.option.useKeyTab": "true"
+          }
+        },
+        {
+          "yarn-site": {
+            "yarn.acl.enable": "true",
+            "yarn.admin.acl": "${yarn-env/yarn_user},dr.who",
+            "yarn.nodemanager.linux-container-executor.cgroups.mount-path": "",
+            "yarn.resourcemanager.proxy-user-privileges.enabled": "false",
+            "yarn.resourcemanager.proxyusers.*.groups": "",
+            "yarn.resourcemanager.proxyusers.*.hosts": "",
+            "yarn.resourcemanager.proxyusers.*.users": "",
+            "yarn.timeline-service.enabled": "true",
+            "yarn.timeline-service.http-authentication.cookie.domain": "",
+            "yarn.timeline-service.http-authentication.cookie.path": "",
+            "yarn.timeline-service.http-authentication.kerberos.name.rules": "",
+            "yarn.timeline-service.http-authentication.proxyusers.*.groups": "",
+            "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "",
+            "yarn.timeline-service.http-authentication.proxyusers.*.users": "",
+            "yarn.timeline-service.http-authentication.signature.secret": "",
+            "yarn.timeline-service.http-authentication.signature.secret.file": "",
+            "yarn.timeline-service.http-authentication.signer.secret.provider": "",
+            "yarn.timeline-service.http-authentication.signer.secret.provider.object": "",
+            "yarn.timeline-service.http-authentication.token.validity": "",
+            "yarn.timeline-service.http-authentication.type": "kerberos"
+          }
+        }
+      ],
+      "identities": [
+        {
+          "name": "/smokeuser"
+        },
+        {
+          "name": "/spnego"
+        }
+      ],
+      "name": "YARN"
+    },
     {
       "name": "RANGER",
       "identities": [
@@ -126,9 +326,9 @@
               "name": "rangeradmin",
               "principal": {
                 "value": "rangeradmin/_HOST@${realm}",
-                "type" : "service",
+                "type": "service",
                 "configuration": "ranger-admin-site/ranger.admin.kerberos.principal",
-                "local_username" : "${ranger-env/ranger_user}"
+                "local_username": "${ranger-env/ranger_user}"
               },
               "keytab": {
                 "file": "${keytab_dir}/rangeradmin.service.keytab",


Mime
View raw message