Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 154E8200C4E for ; Fri, 21 Apr 2017 16:55:30 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 13CFE160BA2; Fri, 21 Apr 2017 14:55:30 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C3281160BB5 for ; Fri, 21 Apr 2017 16:55:27 +0200 (CEST) Received: (qmail 61964 invoked by uid 500); 21 Apr 2017 14:54:43 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 61135 invoked by uid 99); 21 Apr 2017 14:54:42 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Apr 2017 14:54:42 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E7AF8F49F5; Fri, 21 Apr 2017 14:54:41 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: echekanskiy@apache.org To: commits@ambari.apache.org Date: Fri, 21 Apr 2017 14:54:44 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [4/5] ambari git commit: AMBARI-20733. /var/log/krb5kdc.log is growing rapidly on the KDC server (echekanskiy) archived-at: Fri, 21 Apr 2017 14:55:30 -0000 http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py index 602dad7..a42ca79 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/namenode.py @@ -216,63 +216,6 @@ class NameNodeDefault(NameNode): try_sleep=10 ) - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['dfs.namenode.kerberos.internal.spnego.principal', - 'dfs.namenode.keytab.file', - 'dfs.namenode.kerberos.principal'] - props_read_check = ['dfs.namenode.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'hdfs-site' not in security_params - or 'dfs.namenode.keytab.file' not in security_params['hdfs-site'] - or 'dfs.namenode.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['dfs.namenode.keytab.file'], - security_params['hdfs-site']['dfs.namenode.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def rebalancehdfs(self, env): import params env.set_params(params) http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py index 7ba1f96..602c179 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/nfsgateway.py @@ -77,64 +77,6 @@ class NFSGateway(Script): check_process_status(status_params.nfsgateway_pid_file) - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['nfs.keytab.file', - 'nfs.kerberos.principal'] - props_read_check = ['nfs.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hdfs-site' not in security_params or - 'nfs.keytab.file' not in security_params['hdfs-site'] or - 'nfs.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['nfs.keytab.file'], - security_params['hdfs-site'][ - 'nfs.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.hdfs_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py index 0f1f438..030a470 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/snamenode.py @@ -75,66 +75,6 @@ class SNameNodeDefault(SNameNode): conf_select.select(params.stack_name, "hadoop", params.version) stack_select.select("hadoop-hdfs-secondarynamenode", params.version) - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal', - 'dfs.secondary.namenode.keytab.file', - 'dfs.secondary.namenode.kerberos.principal'] - props_read_check = ['dfs.secondary.namenode.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hdfs-site' not in security_params or - 'dfs.secondary.namenode.keytab.file' not in security_params['hdfs-site'] or - 'dfs.secondary.namenode.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'], - security_params['hdfs-site'][ - 'dfs.secondary.namenode.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.hdfs_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py index 19a78c7..fa948ca 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/zkfc_slave.py @@ -119,49 +119,6 @@ class ZkfcSlaveDefault(ZkfcSlave): env.set_params(status_params) check_process_status(status_params.zkfc_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - if not result_issues: # If all validations passed successfully - if status_params.hdfs_user_principal or status_params.hdfs_user_keytab: - try: - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - status_params.hdfs_user_keytab, - status_params.hdfs_user_principal, - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out( - {"securityIssuesFound": "hdfs principal and/or keytab file is not specified"}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def disable_security(self, env): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py index 8b69e45..2dc6906 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py @@ -113,58 +113,6 @@ class HiveMetastoreDefault(HiveMetastore): check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major): self.upgrade_schema(env) - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.metastore.kerberos.keytab.file", - "hive.metastore.kerberos.principal"] - - props_read_check = ["hive.metastore.kerberos.keytab.file"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \ - or 'hive.metastore.kerberos.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.metastore.kerberos.keytab.file'], - security_params['hive-site']['hive.metastore.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - - def upgrade_schema(self, env): """ Executes the schema upgrade binary. This is its own function because it could http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py index f6251e7..7c3a805 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py @@ -135,67 +135,6 @@ class HiveServerDefault(HiveServer): if resource_created: params.HdfsResource(None, action="execute") - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.kerberos.principal", - "hive.server2.authentication.spnego.principal", - "hive.server2.authentication.spnego.keytab"] - - props_read_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.spnego.keytab"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.kerberos.keytab'], - security_params['hive-site']['hive.server2.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.spnego.keytab'], - security_params['hive-site']['hive.server2.authentication.spnego.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def _base_node(self, path): if not path.startswith('/'): path = '/' + path http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py index 46864c0..8f57f1e 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py @@ -152,67 +152,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive): # Recursively check all existing gmetad pid files check_process_status(status_params.hive_interactive_pid) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.kerberos.principal", - "hive.server2.authentication.spnego.principal", - "hive.server2.authentication.spnego.keytab"] - - props_read_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.spnego.keytab"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.kerberos.keytab'], - security_params['hive-site']['hive.server2.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.spnego.keytab'], - security_params['hive-site']['hive.server2.authentication.spnego.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def restart_llap(self, env): """ Custom command to Restart LLAP http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py index 93fa411..18e11ab 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/webhcat_server.py @@ -84,73 +84,6 @@ class WebHCatServerDefault(WebHCatServer): conf_select.select(params.stack_name, "hadoop", params.version) stack_select.select("hive-webhcat", params.version) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations ={} - expectations.update( - build_expectations( - 'webhcat-site', - { - "templeton.kerberos.secret": "secret" - }, - [ - "templeton.kerberos.keytab", - "templeton.kerberos.principal" - ], - [ - "templeton.kerberos.keytab" - ] - ) - ) - expectations.update( - build_expectations( - 'hive-site', - { - "hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true" - }, - None, - None - ) - ) - - security_params = {} - security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir, - {'webhcat-site.xml': FILE_TYPE_XML})) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'webhcat-site' not in security_params \ - or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \ - or 'templeton.kerberos.principal' not in security_params['webhcat-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.webhcat_user, - security_params['webhcat-site']['templeton.kerberos.keytab'], - security_params['webhcat-site']['templeton.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.hcat_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py index 8b69e45..2dc6906 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py @@ -113,58 +113,6 @@ class HiveMetastoreDefault(HiveMetastore): check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major): self.upgrade_schema(env) - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.metastore.kerberos.keytab.file", - "hive.metastore.kerberos.principal"] - - props_read_check = ["hive.metastore.kerberos.keytab.file"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \ - or 'hive.metastore.kerberos.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.metastore.kerberos.keytab.file'], - security_params['hive-site']['hive.metastore.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - - def upgrade_schema(self, env): """ Executes the schema upgrade binary. This is its own function because it could http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py index f6251e7..7c3a805 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server.py @@ -135,67 +135,6 @@ class HiveServerDefault(HiveServer): if resource_created: params.HdfsResource(None, action="execute") - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.kerberos.principal", - "hive.server2.authentication.spnego.principal", - "hive.server2.authentication.spnego.keytab"] - - props_read_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.spnego.keytab"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.kerberos.keytab'], - security_params['hive-site']['hive.server2.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.spnego.keytab'], - security_params['hive-site']['hive.server2.authentication.spnego.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def _base_node(self, path): if not path.startswith('/'): path = '/' + path http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py index 46864c0..8f57f1e 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_server_interactive.py @@ -152,67 +152,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive): # Recursively check all existing gmetad pid files check_process_status(status_params.hive_interactive_pid) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.kerberos.principal", - "hive.server2.authentication.spnego.principal", - "hive.server2.authentication.spnego.keytab"] - - props_read_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.spnego.keytab"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.kerberos.keytab'], - security_params['hive-site']['hive.server2.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.spnego.keytab'], - security_params['hive-site']['hive.server2.authentication.spnego.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def restart_llap(self, env): """ Custom command to Restart LLAP http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py index 93fa411..18e11ab 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/webhcat_server.py @@ -84,73 +84,6 @@ class WebHCatServerDefault(WebHCatServer): conf_select.select(params.stack_name, "hadoop", params.version) stack_select.select("hive-webhcat", params.version) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations ={} - expectations.update( - build_expectations( - 'webhcat-site', - { - "templeton.kerberos.secret": "secret" - }, - [ - "templeton.kerberos.keytab", - "templeton.kerberos.principal" - ], - [ - "templeton.kerberos.keytab" - ] - ) - ) - expectations.update( - build_expectations( - 'hive-site', - { - "hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true" - }, - None, - None - ) - ) - - security_params = {} - security_params.update(get_params_from_filesystem(status_params.webhcat_conf_dir, - {'webhcat-site.xml': FILE_TYPE_XML})) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'webhcat-site' not in security_params \ - or 'templeton.kerberos.keytab' not in security_params['webhcat-site'] \ - or 'templeton.kerberos.principal' not in security_params['webhcat-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.webhcat_user, - security_params['webhcat-site']['templeton.kerberos.keytab'], - security_params['webhcat-site']['templeton.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.hcat_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py index c50c67b..39fdcf5 100644 --- a/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py +++ b/ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_client.py @@ -43,27 +43,6 @@ class KerberosClient(KerberosScript): def status(self, env): raise ClientComponentHasNoStatus() - def security_status(self, env): - import status_params - if status_params.security_enabled: - if status_params.smoke_user and status_params.smoke_user_keytab: - try: - cached_kinit_executor(status_params.kinit_path_local, - status_params.smoke_user, - status_params.smoke_user_keytab, - status_params.smoke_user_principal, - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNKNOWN"}) - self.put_structured_out({"securityStateErrorInfo": "Missing smoke user credentials"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def set_keytab(self, env): self.write_keytab_file() http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py index 31e54e5..8996d23 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py @@ -202,67 +202,6 @@ class KnoxGatewayDefault(KnoxGateway): File(params.ldap_pid_file, action = "delete" ) - - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations = {} - expectations.update(build_expectations( - 'krb5JAASLogin', - None, - ['keytab', 'principal'], - None - )) - expectations.update(build_expectations( - 'gateway-site', - { - "gateway.hadoop.kerberos.secured" : "true" - }, - None, - None - )) - - security_params = { - "krb5JAASLogin": - { - 'keytab': status_params.knox_keytab_path, - 'principal': status_params.knox_principal_name - } - } - security_params.update(get_params_from_filesystem(status_params.knox_conf_dir, - {"gateway-site.xml" : FILE_TYPE_XML})) - - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'krb5JAASLogin' not in security_params - or 'keytab' not in security_params['krb5JAASLogin'] - or 'principal' not in security_params['krb5JAASLogin']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file and principal are not set."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.knox_user, - security_params['krb5JAASLogin']['keytab'], - security_params['krb5JAASLogin']['principal'], - status_params.hostname, - status_params.temp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py index a8b2cf4..9320bc3 100644 --- a/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py +++ b/ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie_server.py @@ -105,69 +105,6 @@ class OozieServer(Script): @OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT) class OozieServerDefault(OozieServer): - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - expectations = { - "oozie-site": - build_expectations('oozie-site', - { - "oozie.authentication.type": "kerberos", - "oozie.service.AuthorizationService.security.enabled": "true", - "oozie.service.HadoopAccessorService.kerberos.enabled": "true" - }, - [ - "local.realm", - "oozie.authentication.kerberos.principal", - "oozie.authentication.kerberos.keytab", - "oozie.service.HadoopAccessorService.kerberos.principal", - "oozie.service.HadoopAccessorService.keytab.file" - ], - None) - } - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'oozie-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('oozie-site' not in security_params - or 'oozie.authentication.kerberos.principal' not in security_params['oozie-site'] - or 'oozie.authentication.kerberos.keytab' not in security_params['oozie-site'] - or 'oozie.service.HadoopAccessorService.kerberos.principal' not in security_params['oozie-site'] - or 'oozie.service.HadoopAccessorService.keytab.file' not in security_params['oozie-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.oozie_user, - security_params['oozie-site']['oozie.authentication.kerberos.keytab'], - security_params['oozie-site']['oozie.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.oozie_user, - security_params['oozie-site']['oozie.service.HadoopAccessorService.keytab.file'], - security_params['oozie-site']['oozie.service.HadoopAccessorService.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def pre_upgrade_restart(self, env, upgrade_type=None): """ Performs the tasks that should be done before an upgrade of oozie. This includes: http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py index 178c043..f991e71 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/drpc_server.py @@ -74,58 +74,6 @@ class DrpcServer(Script): import status_params env.set_params(status_params) check_process_status(status_params.pid_drpc) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - - try: - props_value_check = None - props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] - props_read_check = ['StormServer/keyTab'] - storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, - props_read_check) - - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) - - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_jaas' not in security_params - or 'StormServer' not in security_params['storm_jaas'] - or 'keyTab' not in security_params['storm_jaas']['StormServer'] - or 'principal' not in security_params['storm_jaas']['StormServer']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_jaas']['StormServer']['keyTab'], - security_params['storm_jaas']['StormServer']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py index a974103..360af5d 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/nimbus.py @@ -82,51 +82,6 @@ class NimbusDefault(Nimbus): env.set_params(status_params) check_process_status(status_params.pid_nimbus) - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - try: - props_value_check = None - props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] - props_read_check = ['StormServer/keyTab'] - storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, props_read_check) - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - security_params = get_params_from_filesystem(status_params.conf_dir, {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_jaas' not in security_params - or 'StormServer' not in security_params['storm_jaas'] - or 'keyTab' not in security_params['storm_jaas']['StormServer'] - or 'principal' not in security_params['storm_jaas']['StormServer']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_jaas']['StormServer']['keyTab'], - security_params['storm_jaas']['StormServer']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py index a56c0cd..fa3112d 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/pacemaker.py @@ -74,58 +74,6 @@ class PaceMaker(Script): env.set_params(status_params) check_process_status(status_params.pid_pacemaker) - def security_status(self, env): - import status_params - - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - - try: - props_value_check = None - props_empty_check = ['StormServer/keyTab', 'StormServer/principal'] - props_read_check = ['StormServer/keyTab'] - storm_env_expectations = build_expectations('storm_jaas', props_value_check, props_empty_check, - props_read_check) - - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'storm_jaas.conf': FILE_TYPE_JAAS_CONF}) - - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_jaas' not in security_params - or 'StormServer' not in security_params['storm_jaas'] - or 'keyTab' not in security_params['storm_jaas']['StormServer'] - or 'principal' not in security_params['storm_jaas']['StormServer']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_jaas']['StormServer']['keyTab'], - security_params['storm_jaas']['StormServer']['principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py index 63acecf..e257ef9 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/ui_server.py @@ -120,59 +120,6 @@ class UiServerDefault(UiServer): import status_params env.set_params(status_params) check_process_status(status_params.pid_ui) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - - if status_params.security_enabled: - # Expect the following files to be available in status_params.config_dir: - # storm_jaas.conf - - try: - props_value_check = None - props_empty_check = ['storm_ui_principal_name', 'storm_ui_keytab'] - props_read_check = ['storm_ui_keytab'] - storm_env_expectations = build_expectations('storm_ui', props_value_check, props_empty_check, - props_read_check) - - storm_expectations = {} - storm_expectations.update(storm_env_expectations) - - security_params = {} - security_params['storm_ui'] = {} - security_params['storm_ui']['storm_ui_principal_name'] = status_params.storm_ui_principal - security_params['storm_ui']['storm_ui_keytab'] = status_params.storm_ui_keytab - - result_issues = validate_security_config_properties(security_params, storm_expectations) - if not result_issues: # If all validations passed successfully - # Double check the dict before calling execute - if ( 'storm_ui' not in security_params - or 'storm_ui_principal_name' not in security_params['storm_ui'] - or 'storm_ui_keytab' not in security_params['storm_ui']): - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.storm_user, - security_params['storm_ui']['storm_ui_keytab'], - security_params['storm_ui']['storm_ui_principal_name'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py index 03fff21..b1e0c16 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/application_timeline_server.py @@ -83,67 +83,6 @@ class ApplicationTimelineServerDefault(ApplicationTimelineServer): env.set_params(status_params) check_process_status(status_params.yarn_historyserver_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"yarn.timeline-service.enabled": "true", - "yarn.timeline-service.http-authentication.type": "kerberos", - "yarn.acl.enable": "true"} - props_empty_check = ["yarn.timeline-service.principal", - "yarn.timeline-service.keytab", - "yarn.timeline-service.http-authentication.kerberos.principal", - "yarn.timeline-service.http-authentication.kerberos.keytab"] - - props_read_check = ["yarn.timeline-service.keytab", - "yarn.timeline-service.http-authentication.kerberos.keytab"] - yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check, - props_read_check) - - yarn_expectations ={} - yarn_expectations.update(yarn_site_props) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'yarn-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, yarn_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'yarn-site' not in security_params - or 'yarn.timeline-service.keytab' not in security_params['yarn-site'] - or 'yarn.timeline-service.principal' not in security_params['yarn-site']) \ - or 'yarn.timeline-service.http-authentication.kerberos.keytab' not in security_params['yarn-site'] \ - or 'yarn.timeline-service.http-authentication.kerberos.principal' not in security_params['yarn-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.timeline-service.keytab'], - security_params['yarn-site']['yarn.timeline-service.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.keytab'], - security_params['yarn-site']['yarn.timeline-service.http-authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.yarn_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py index 8f5d380..d886244 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/historyserver.py @@ -120,62 +120,6 @@ class HistoryServerDefault(HistoryServer): env.set_params(status_params) check_process_status(status_params.mapred_historyserver_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - expectations = {} - expectations.update(build_expectations('mapred-site', - None, - [ - 'mapreduce.jobhistory.keytab', - 'mapreduce.jobhistory.principal', - 'mapreduce.jobhistory.webapp.spnego-keytab-file', - 'mapreduce.jobhistory.webapp.spnego-principal' - ], - None)) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'mapred-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'mapred-site' not in security_params or - 'mapreduce.jobhistory.keytab' not in security_params['mapred-site'] or - 'mapreduce.jobhistory.principal' not in security_params['mapred-site'] or - 'mapreduce.jobhistory.webapp.spnego-keytab-file' not in security_params['mapred-site'] or - 'mapreduce.jobhistory.webapp.spnego-principal' not in security_params['mapred-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal not set."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.mapred_user, - security_params['mapred-site']['mapreduce.jobhistory.keytab'], - security_params['mapred-site']['mapreduce.jobhistory.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.mapred_user, - security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-keytab-file'], - security_params['mapred-site']['mapreduce.jobhistory.webapp.spnego-principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.mapred_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/b299641a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py index 133d2e1..5acb20b 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/nodemanager.py @@ -90,66 +90,6 @@ class NodemanagerDefault(Nodemanager): env.set_params(status_params) check_process_status(status_params.nodemanager_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"yarn.timeline-service.http-authentication.type": "kerberos", - "yarn.acl.enable": "true"} - props_empty_check = ["yarn.nodemanager.principal", - "yarn.nodemanager.keytab", - "yarn.nodemanager.webapp.spnego-principal", - "yarn.nodemanager.webapp.spnego-keytab-file"] - - props_read_check = ["yarn.nodemanager.keytab", - "yarn.nodemanager.webapp.spnego-keytab-file"] - yarn_site_props = build_expectations('yarn-site', props_value_check, props_empty_check, - props_read_check) - - yarn_expectations ={} - yarn_expectations.update(yarn_site_props) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'yarn-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, yarn_site_props) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'yarn-site' not in security_params - or 'yarn.nodemanager.keytab' not in security_params['yarn-site'] - or 'yarn.nodemanager.principal' not in security_params['yarn-site']) \ - or 'yarn.nodemanager.webapp.spnego-keytab-file' not in security_params['yarn-site'] \ - or 'yarn.nodemanager.webapp.spnego-principal' not in security_params['yarn-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.nodemanager.keytab'], - security_params['yarn-site']['yarn.nodemanager.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.yarn_user, - security_params['yarn-site']['yarn.nodemanager.webapp.spnego-keytab-file'], - security_params['yarn-site']['yarn.nodemanager.webapp.spnego-principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.yarn_log_dir