ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Onischuk" <aonis...@hortonworks.com>
Subject Review Request 27208: Ambari: Add oozie install user as an Oozie admin user
Date Sun, 26 Oct 2014 15:03:09 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/
-----------------------------------------------------------

Review request for Ambari and Dmytro Sen.


Bugs: AMBARI-7976
    https://issues.apache.org/jira/browse/AMBARI-7976


Repository: ambari


Description
-------

Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users

  * have write access to all jobs
  * have write access to admin operations

When authorization server security is enabled by config property  
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.

Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt

See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration

Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.

We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt

This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.


Diffs
-----

  ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64

  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py
bba2e09 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py
3960904 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2
PRE-CREATION 
  ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml
4a8eab7 
  ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96 

Diff: https://reviews.apache.org/r/27208/diff/


Testing
-------

mvn clean test


Thanks,

Andrew Onischuk


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message