ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oleew...@apache.org
Subject ambari git commit: AMBARI-20725. Use Infra-Solr user to create Solr user-roles (oleewere)
Date Tue, 11 Apr 2017 11:24:15 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 35170850e -> 04be7a199


AMBARI-20725. Use Infra-Solr user to create Solr user-roles (oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/04be7a19
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/04be7a19
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/04be7a19

Branch: refs/heads/branch-2.5
Commit: 04be7a199945d8c17a248fbc344e95be82279b78
Parents: 3517085
Author: oleewere <oleewere@gmail.com>
Authored: Tue Apr 11 13:13:09 2017 +0200
Committer: oleewere <oleewere@gmail.com>
Committed: Tue Apr 11 13:18:39 2017 +0200

----------------------------------------------------------------------
 .../libraries/functions/solr_cloud_util.py                   | 7 ++++---
 .../src/test/python/stacks/2.3/ATLAS/test_metadata_server.py | 6 +++---
 .../src/test/python/stacks/2.5/RANGER/test_ranger_admin.py   | 8 ++++----
 .../src/test/python/stacks/2.6/RANGER/test_ranger_admin.py   | 8 ++++----
 4 files changed, 15 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/04be7a19/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
----------------------------------------------------------------------
diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
b/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
index 1eeb86b..1c5432b 100644
--- a/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
+++ b/ambari-common/src/main/python/resource_management/libraries/functions/solr_cloud_util.py
@@ -294,7 +294,6 @@ def add_solr_roles(config, roles = [], new_service_principals = [], tries
= 30,
   if it is then update the user-roles mapping for Solr (this will upgrade the solr_znode/security.json
file).
   In case of custom security.json is used for infra-solr, this step will be skipped.
   """
-  sudo = AMBARI_SUDO_BINARY
   solr_hosts = default_config(config, "/clusterHostInfo/infra_solr_hosts", [])
   security_enabled = config['configurations']['cluster-env']['security_enabled']
   solr_ssl_enabled = default_config(config, 'configurations/infra-solr-env/infra_solr_ssl_enabled',
False)
@@ -316,10 +315,11 @@ def add_solr_roles(config, roles = [], new_service_principals = [],
tries = 30,
     hostname = config['hostname'].lower()
     solr_host = __get_random_solr_host(hostname, solr_hosts)
     solr_url = format("{solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization")
+    solr_user = config['configurations']['infra-solr-env']['infra_solr_user']
     solr_user_keytab = config['configurations']['infra-solr-env']['infra_solr_kerberos_keytab']
     solr_user_principal = config['configurations']['infra-solr-env']['infra_solr_kerberos_principal'].replace('_HOST',
hostname)
     solr_user_kinit_cmd = format("{kinit_path_local} -kt {solr_user_keytab} {solr_user_principal};")
-    solr_authorization_enabled_cmd=format("{sudo} {solr_user_kinit_cmd} {sudo} curl -k -s
--negotiate -u : {solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization | grep
authorization.enabled")
+    solr_authorization_enabled_cmd=format("{solr_user_kinit_cmd} curl -k -s --negotiate -u
: {solr_protocol}://{solr_host}:{solr_port}/solr/admin/authorization | grep authorization.enabled")
 
     if len(new_service_principals) > 0:
       new_service_users = []
@@ -338,10 +338,11 @@ def add_solr_roles(config, roles = [], new_service_principals = [],
tries = 30,
       set_user_role_map['set-user-role'] = user_role_map
       set_user_role_json = json.dumps(set_user_role_map)
 
-      add_solr_role_cmd = format("{sudo} {solr_user_kinit_cmd} {sudo} curl -H 'Content-type:application/json'
-d '{set_user_role_json}' -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {solr_url}
| grep 200")
+      add_solr_role_cmd = format("{solr_user_kinit_cmd} curl -H 'Content-type:application/json'
-d '{set_user_role_json}' -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {solr_url}
| grep 200")
 
       Logger.info(format("Check authorization enabled command: {solr_authorization_enabled_cmd}
\nSet user-role settings command: {add_solr_role_cmd}"))
       Execute(solr_authorization_enabled_cmd + " && "+ add_solr_role_cmd,
               tries=tries,
               try_sleep=try_sleep,
+              user=solr_user,
               logoutput=True)

http://git-wip-us.apache.org/repos/asf/ambari/blob/04be7a19/ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py b/ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py
index 388aa57..d1d8b7f 100644
--- a/ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py
+++ b/ambari-server/src/test/python/stacks/2.3/ATLAS/test_metadata_server.py
@@ -304,9 +304,9 @@ class TestMetadataServer(RMFTestCase):
                                     action=['delete'],
                                     create_parents=True)
     kinit_path_local = get_kinit_path()
-    self.assertResourceCalled('Execute', "ambari-sudo.sh " + kinit_path_local + " -kt /etc/security/keytabs/ambari-infra-solr.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -k -s --negotiate -u :
http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep authorization.enabled
&& ambari-sudo.sh "
-                              + kinit_path_local +" -kt /etc/security/keytabs/ambari-infra-solr.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -H 'Content-type:application/json'
-d '{\"set-user-role\": {\"atlas@EXAMPLE.COM\": [\"atlas_user\", \"ranger_audit_user\", \"dev\"]}}'
-s -o /dev/null -w'%{http_code}' --negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep 200",
-                              logoutput = True, tries = 30, try_sleep = 10)
+    self.assertResourceCalled('Execute', kinit_path_local + " -kt /etc/security/keytabs/ambari-infra-solr.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -k -s --negotiate -u : http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep authorization.enabled && "
+                              + kinit_path_local +" -kt /etc/security/keytabs/ambari-infra-solr.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -H 'Content-type:application/json' -d
'{\"set-user-role\": {\"atlas@EXAMPLE.COM\": [\"atlas_user\", \"ranger_audit_user\", \"dev\"]}}'
-s -o /dev/null -w'%{http_code}' --negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep 200",
+                              logoutput = True, tries = 30, try_sleep = 10, user='solr')
 
     self.assertResourceCalledRegexp('^Execute$', '^ambari-sudo.sh JAVA_HOME=/usr/jdk64/jdk1.7.0_45
/usr/lib/ambari-infra-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/infra-solr
--create-collection --collection vertex_index --config-set atlas_configs --shards 1 --replication
1 --max-shards 1 --retry 5 --interval 10')
     self.assertResourceCalledRegexp('^Execute$', '^ambari-sudo.sh JAVA_HOME=/usr/jdk64/jdk1.7.0_45
/usr/lib/ambari-infra-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/infra-solr
--create-collection --collection edge_index --config-set atlas_configs --shards 1 --replication
1 --max-shards 1 --retry 5 --interval 10')

http://git-wip-us.apache.org/repos/asf/ambari/blob/04be7a19/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
index 0d38876..8f2bd2e 100644
--- a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
+++ b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py
@@ -167,11 +167,11 @@ class TestRangerAdmin(RMFTestCase):
                                     action=['delete'],
                                     create_parents=True)
 
-    self.assertResourceCalled('Execute', "ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -k -s --negotiate -u :
http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep authorization.enabled
&& ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -H 'Content-type:application/json'
-d '{\"set-user-role\": {\"rangeradmin@EXAMPLE.COM\": [\"ranger_user\", \"ranger_audit_user\",
\"dev\"]}}' -s -o /dev/null -w'%{http_code}' --negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep 200",
-                              logoutput = True, tries = 30, try_sleep = 10)
-    self.assertResourceCalled('Execute', "ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -k -s --negotiate -u :
http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep authorization.enabled
&& ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -H \'Content-type:application/json\'
-d "
+    self.assertResourceCalled('Execute', "/usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -k -s --negotiate -u : http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep authorization.enabled && /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -H 'Content-type:application/json' -d
'{\"set-user-role\": {\"rangeradmin@EXAMPLE.COM\": [\"ranger_user\", \"ranger_audit_user\",
\"dev\"]}}' -s -o /dev/null -w'%{http_code}' --negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep 200",
+                              logoutput = True, tries = 30, try_sleep = 10, user='infra-solr')
+    self.assertResourceCalled('Execute', "/usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -k -s --negotiate -u : http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep authorization.enabled && /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -H \'Content-type:application/json\'
-d "
                                          "\'{\"set-user-role\": {\"hbase@EXAMPLE.COM\": [\"ranger_audit_user\",
\"dev\"], \"nn@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"], \"knox@EXAMPLE.COM\": [\"ranger_audit_user\",
\"dev\"], \"rangerkms@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"], \"kafka@EXAMPLE.COM\":
[\"ranger_audit_user\", \"dev\"], \"hive@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"],
\"nifi@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"], \"storm@EXAMPLE.COM\": [\"ranger_audit_user\",
\"dev\"], \"yarn@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"]}}\' -s -o /dev/null -w\'%{http_code}\'
--negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep 200",
-                              logoutput = True, tries = 30, try_sleep = 10)
+                              logoutput = True, tries = 30, try_sleep = 10, user='infra-solr')
 
     self.assertResourceCalledRegexp('^Execute$', '^ambari-sudo.sh JAVA_HOME=/usr/jdk64/jdk1.7.0_45
/usr/lib/ambari-infra-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/ambari-solr
--create-collection --collection ranger_audits --config-set ranger_audits --shards 1 --replication
1 --max-shards 1 --retry 5 --interval 10')
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/04be7a19/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py
index ea3829e..9167017 100644
--- a/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py
+++ b/ambari-server/src/test/python/stacks/2.6/RANGER/test_ranger_admin.py
@@ -156,11 +156,11 @@ class TestRangerAdmin(RMFTestCase):
     self.assertResourceCalledRegexp('^Directory$', '^/tmp/solr_config_ranger_audits_0.[0-9]*',
                                     action=['delete'],
                                     create_parents=True)
-    self.assertResourceCalled('Execute', "ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -k -s --negotiate -u :
http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep authorization.enabled
&& ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -H 'Content-type:application/json'
-d '{\"set-user-role\": {\"rangeradmin@EXAMPLE.COM\": [\"ranger_user\", \"ranger_audit_user\",
\"dev\"]}}' -s -o /dev/null -w'%{http_code}' --negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep 200",
-                              logoutput = True, tries = 30, try_sleep = 10)
-    self.assertResourceCalled('Execute', "ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -k -s --negotiate -u :
http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep authorization.enabled
&& ambari-sudo.sh /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; ambari-sudo.sh curl -H \'Content-type:application/json\'
-d "
+    self.assertResourceCalled('Execute', "/usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -k -s --negotiate -u : http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep authorization.enabled && /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -H 'Content-type:application/json' -d
'{\"set-user-role\": {\"rangeradmin@EXAMPLE.COM\": [\"ranger_user\", \"ranger_audit_user\",
\"dev\"]}}' -s -o /dev/null -w'%{http_code}' --negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep 200",
+                              logoutput = True, tries = 30, try_sleep = 10, user='infra-solr')
+    self.assertResourceCalled('Execute', "/usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -k -s --negotiate -u : http://c6401.ambari.apache.org:8886/solr/admin/authorization
| grep authorization.enabled && /usr/bin/kinit -kt /etc/security/keytabs/infra-solr.service.keytab
infra-solr/c6401.ambari.apache.org@EXAMPLE.COM; curl -H \'Content-type:application/json\'
-d "
                                          "\'{\"set-user-role\": {\"hbase@EXAMPLE.COM\": [\"ranger_audit_user\",
\"dev\"], \"nn@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"], \"knox@EXAMPLE.COM\": [\"ranger_audit_user\",
\"dev\"], \"rangerkms@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"], \"kafka@EXAMPLE.COM\":
[\"ranger_audit_user\", \"dev\"], \"hive@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"],
\"nifi@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"], \"storm@EXAMPLE.COM\": [\"ranger_audit_user\",
\"dev\"], \"yarn@EXAMPLE.COM\": [\"ranger_audit_user\", \"dev\"]}}\' -s -o /dev/null -w\'%{http_code}\'
--negotiate -u: -k http://c6401.ambari.apache.org:8886/solr/admin/authorization | grep 200",
-                              logoutput = True, tries = 30, try_sleep = 10)
+                              logoutput = True, tries = 30, try_sleep = 10, user='infra-solr')
 
     self.assertResourceCalledRegexp('^Execute$', '^ambari-sudo.sh JAVA_HOME=/usr/jdk64/jdk1.7.0_45
/usr/lib/ambari-infra-solr-client/solrCloudCli.sh --zookeeper-connect-string c6401.ambari.apache.org:2181/infra-solr
--create-collection --collection ranger_audits --config-set ranger_audits --shards 1 --replication
1 --max-shards 1 --retry 5 --interval 10')
 


Mime
View raw message