ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-7976) Ambari: Add oozie install user as an Oozie admin user
Date Sun, 26 Oct 2014 17:10:33 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-7976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14184549#comment-14184549
] 

Hudson commented on AMBARI-7976:
--------------------------------

SUCCESS: Integrated in Ambari-trunk-Commit #712 (See [https://builds.apache.org/job/Ambari-trunk-Commit/712/])
AMBARI-7976. Ambari: Add oozie install user as an Oozie admin user (aonishuk) (aonishuk: http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=42cf9b21c593f64bf13d53b8272b62bc73e28c85)
* ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/oozie.py
* ambari-server/src/main/resources/stacks/HDP/2.2/services/OOZIE/configuration/oozie-site.xml
* ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/metainfo.xml
* ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/templates/adminusers.txt.j2
* ambari-server/src/main/resources/stacks/HDP/2.0.6/services/OOZIE/package/scripts/params.py
* ambari-common/src/main/python/resource_management/libraries/functions/__init__.py
* ambari-server/src/test/python/stacks/2.0.6/OOZIE/test_oozie_client.py


> Ambari: Add oozie install user as an Oozie admin user
> -----------------------------------------------------
>
>                 Key: AMBARI-7976
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7976
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 1.6.0
>
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
>   * have write access to all jobs
>   * have write access to admin operations
> When authorization server security is enabled by config property  
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message