Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id F190F200C55 for ; Wed, 29 Mar 2017 12:27:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id F02A9160B7C; Wed, 29 Mar 2017 10:27:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1BF91160B8A for ; Wed, 29 Mar 2017 12:27:06 +0200 (CEST) Received: (qmail 4640 invoked by uid 500); 29 Mar 2017 10:27:05 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 4623 invoked by uid 99); 29 Mar 2017 10:27:05 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Mar 2017 10:27:05 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 372ABDFF0F; Wed, 29 Mar 2017 10:27:05 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: oleewere@apache.org To: commits@ambari.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-20611. Add disable security option to infra-solr-client (oleewere) Date: Wed, 29 Mar 2017 10:27:05 +0000 (UTC) archived-at: Wed, 29 Mar 2017 10:27:08 -0000 Repository: ambari Updated Branches: refs/heads/trunk 090330943 -> f6972cbde AMBARI-20611. Add disable security option to infra-solr-client (oleewere) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f6972cbd Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f6972cbd Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f6972cbd Branch: refs/heads/trunk Commit: f6972cbde880213496dee6a6d3cfcd8c6396cc19 Parents: 0903309 Author: oleewere Authored: Tue Mar 28 22:10:49 2017 +0200 Committer: oleewere Committed: Wed Mar 29 12:26:36 2017 +0200 ---------------------------------------------------------------------- ambari-infra/ambari-infra-solr-client/pom.xml | 5 +++ .../ambari/infra/solr/AmbariSolrCloudCLI.java | 17 +++++++- .../infra/solr/AmbariSolrCloudClient.java | 9 ++++ .../solr/commands/UnsecureZNodeZkCommand.java | 44 ++++++++++++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/pom.xml b/ambari-infra/ambari-infra-solr-client/pom.xml index 1a3733a..8cb2248 100644 --- a/ambari-infra/ambari-infra-solr-client/pom.xml +++ b/ambari-infra/ambari-infra-solr-client/pom.xml @@ -36,6 +36,11 @@ ${solr.version} + org.apache.zookeeper + zookeeper + 3.4.9 + + commons-cli commons-cli 1.3.1 http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java index 5cde9ea..e3a1e79 100644 --- a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java +++ b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java @@ -49,6 +49,7 @@ public class AmbariSolrCloudCLI { private static final String SETUP_KERBEROS_PLUGIN = "setup-kerberos-plugin"; private static final String CHECK_ZNODE = "check-znode"; private static final String SECURE_ZNODE_COMMAND = "secure-znode"; + private static final String UNSECURE_ZNODE_COMMAND = "unsecure-znode"; private static final String SECURE_SOLR_ZNODE_COMMAND = "secure-solr-znode"; private static final String SECURITY_JSON_LOCATION = "security-json-location"; private static final String CMD_LINE_SYNTAX = @@ -61,6 +62,7 @@ public class AmbariSolrCloudCLI { + "\n./solrCloudCli.sh --check-znode -z host1:2181,host2:2181 -zn /ambari-solr" + "\n./solrCloudCli.sh --cluster-prop -z host1:2181,host2:2181/ambari-solr -cpn urlScheme -cpn http" + "\n./solrCloudCli.sh --secure-znode -z host1:2181,host2:2181 -zn /ambari-solr -su logsearch,atlas,ranger --jaas-file /etc/myconf/jaas_file" + + "\n./solrCloudCli.sh --unsecure-znode -z host1:2181,host2:2181 -zn /ambari-solr --jaas-file /etc/myconf/jaas_file" + "\n./solrCloudCli.sh --secure-solr-znode -z host1:2181,host2:2181 -zn /ambari-solr -su logsearch,atlas,ranger --jaas-file /etc/myconf/jaas_file" + "\n./solrCloudCli.sh --setup-kerberos-plugin -z host1:2181,host2:2181 -zn /ambari-solr --security-json-location /etc/infra-solr/conf/security.json\n"; @@ -130,6 +132,11 @@ public class AmbariSolrCloudCLI { .desc("Set acls for znode") .build(); + final Option unsecureZnodeOption = Option.builder("uz") + .longOpt(UNSECURE_ZNODE_COMMAND) + .desc("Disable security for znode") + .build(); + final Option shardNameOption = Option.builder("sn") .longOpt("shard-name") .desc("Name of the shard for create-shard command") @@ -327,6 +334,7 @@ public class AmbariSolrCloudCLI { options.addOption(configDirOption); options.addOption(collectionOption); options.addOption(secureZnodeOption); + options.addOption(unsecureZnodeOption); options.addOption(secureSolrZnodeOption); options.addOption(shardsOption); options.addOption(replicationOption); @@ -403,9 +411,12 @@ public class AmbariSolrCloudCLI { } else if (cli.hasOption("ssz")) { command = SECURE_SOLR_ZNODE_COMMAND; validateRequiredOptions(cli, command, zkConnectStringOption, znodeOption, jaasFileOption, saslUsersOption); + } else if (cli.hasOption("uz")) { + command = UNSECURE_ZNODE_COMMAND; + validateRequiredOptions(cli, command, zkConnectStringOption, znodeOption, jaasFileOption); } else { List commands = Arrays.asList(CREATE_COLLECTION_COMMAND, CREATE_SHARD_COMMAND, UPLOAD_CONFIG_COMMAND, - DOWNLOAD_CONFIG_COMMAND, CONFIG_CHECK_COMMAND, SET_CLUSTER_PROP, CREATE_ZNODE, SECURE_ZNODE_COMMAND, + DOWNLOAD_CONFIG_COMMAND, CONFIG_CHECK_COMMAND, SET_CLUSTER_PROP, CREATE_ZNODE, SECURE_ZNODE_COMMAND, UNSECURE_ZNODE_COMMAND, SECURE_SOLR_ZNODE_COMMAND, CHECK_ZNODE, SETUP_KERBEROS_PLUGIN); helpFormatter.printHelp(CMD_LINE_SYNTAX, options); exit(1, String.format("One of the supported commands is required (%s)", StringUtils.join(commands, "|"))); @@ -521,6 +532,10 @@ public class AmbariSolrCloudCLI { solrCloudClient = clientBuilder.build(); solrCloudClient.secureZnode(); break; + case UNSECURE_ZNODE_COMMAND: + solrCloudClient = clientBuilder.build(); + solrCloudClient.unsecureZnode(); + break; case SECURE_SOLR_ZNODE_COMMAND: solrCloudClient = clientBuilder.build(); solrCloudClient.secureSolrZnode(); http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java index ff28664..d5d971c 100644 --- a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java +++ b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java @@ -30,6 +30,7 @@ import org.apache.ambari.infra.solr.commands.ListCollectionCommand; import org.apache.ambari.infra.solr.commands.SecureSolrZNodeZkCommand; import org.apache.ambari.infra.solr.commands.SecureZNodeZkCommand; import org.apache.ambari.infra.solr.commands.SetClusterPropertyZkCommand; +import org.apache.ambari.infra.solr.commands.UnsecureZNodeZkCommand; import org.apache.ambari.infra.solr.commands.UploadConfigZkCommand; import org.apache.ambari.infra.solr.commands.CheckZnodeZkCommand; import org.apache.ambari.infra.solr.util.ShardUtils; @@ -178,6 +179,14 @@ public class AmbariSolrCloudClient { } /** + * Unsecure znode + */ + public void unsecureZnode() throws Exception { + LOG.info("Disable security for znode - ", this.getZnode()); + new UnsecureZNodeZkCommand(getRetryTimes(), getInterval()).run(this); + } + + /** * Upload config set to zookeeper */ public String uploadConfiguration() throws Exception { http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java new file mode 100644 index 0000000..ad61270 --- /dev/null +++ b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.infra.solr.commands; + +import org.apache.ambari.infra.solr.AmbariSolrCloudClient; +import org.apache.ambari.infra.solr.util.AclUtils; +import org.apache.solr.common.cloud.SolrZkClient; +import org.apache.solr.common.cloud.SolrZooKeeper; +import org.apache.zookeeper.ZooDefs; +import org.apache.zookeeper.data.ACL; +import org.apache.zookeeper.data.Id; + +import java.util.ArrayList; +import java.util.List; + +public class UnsecureZNodeZkCommand extends AbstractZookeeperRetryCommand { + + public UnsecureZNodeZkCommand(int maxRetries, int interval) { + super(maxRetries, interval); + } + + @Override + protected Boolean executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { + String zNode = client.getZnode(); + AclUtils.setRecursivelyOn(client.getSolrZkClient().getSolrZooKeeper(), zNode, ZooDefs.Ids.OPEN_ACL_UNSAFE); + return true; + } +}