ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmytro Sen" <d...@hortonworks.com>
Subject Re: Review Request 27208: Ambari: Add oozie install user as an Oozie admin user
Date Sun, 26 Oct 2014 16:24:47 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/27208/#review58560
-----------------------------------------------------------

Ship it!


Ship It!

- Dmytro Sen


On Окт. 26, 2014, 4:06 п.п., Andrew Onischuk wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/27208/
> -----------------------------------------------------------
> 
> (Updated Окт. 26, 2014, 4:06 п.п.)
> 
> 
> Review request for Ambari, Andrew Onischuk and Dmytro Sen.
> 
> 
> Bugs: AMBARI-7976
>     https://issues.apache.org/jira/browse/AMBARI-7976
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
> 
>   * have write access to all jobs
>   * have write access to admin operations
> 
> When authorization server security is enabled by config property  
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
> 
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
> 
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
> 
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
> 
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
> 
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.
> 
> 
> Diffs
> -----
> 
>   ambari-common/src/main/python/resource_management/libraries/functions/__init__.py 3d92d64

>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml 9d4247e

>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py
bba2e09 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py
3960904 
>   ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2
PRE-CREATION 
>   ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml
4a8eab7 
>   ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py 7afbf96 
> 
> Diff: https://reviews.apache.org/r/27208/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Andrew Onischuk
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message