ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower" <tbeerbo...@hortonworks.com>
Subject Re: Review Request 35730: Ambari creation of oozie/conf/adminusers.txt breaks oozie role seperation for Kerberos
Date Mon, 22 Jun 2015 17:51:52 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/35730/#review88818
-----------------------------------------------------------

Ship it!


Ship It!

- Tom Beerbower


On June 22, 2015, 5:37 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/35730/
> -----------------------------------------------------------
> 
> (Updated June 22, 2015, 5:37 p.m.)
> 
> 
> Review request for Ambari, Andrew Onischuk, Emil Anca, and Tom Beerbower.
> 
> 
> Bugs: AMBARI-11780
>     https://issues.apache.org/jira/browse/AMBARI-11780
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Oozie restart from Ambari rewrites oozie/conf/adminusers.txt
> 
> To support role separation for Kerberos, we need an additional line added to the end
of this file.
> 
> The new line is:
> {noformat}
> oozie-admin
> {noformat}
> 
> The new file should be generated as:
> ```
> #
> # Licensed to the Apache Software Foundation (ASF) under one
> # or more contributor license agreements.  See the NOTICE file
> # distributed with this work for additional information
> # regarding copyright ownership.  The ASF licenses this file
> # to you under the Apache License, Version 2.0 (the
> # "License"); you may not use this file except in compliance
> # with the License.  You may obtain a copy of the License at
> #
> #   http://www.apache.org/licenses/LICENSE-2.0
> #
> # Unless required by applicable law or agreed to in writing, software
> # distributed under the License is distributed on an "AS IS" BASIS,
> # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> # See the License for the specific language governing permissions and
> # limitations under the License.
> #
> 
> # Users should be set using following rules:
> #
> #     One user name per line
> #     Empty lines and lines starting with '#' are ignored
> 
> oozie
> oozie-admin
> ```
> 
> #Solution
> 1. Replace
> _common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2_
> ```
> {{oozie_user}}
> ```
> with 
> _common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2_
> ```
> {% if oozie_admin_users %}
> {% for oozie_admin_user in oozie_admin_users.split(',') %}
> {{oozie_admin_user}}
> {% endfor %}
> {% endif %}
> ```
> 
> 
> 2. Add new property
> _common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml_
> ```
>   <property>
>     <name>oozie_admin_users</name>
>     <value>oozie, oozie-admin</value>
>     <description>Oozie admin users.</description>
>   </property>
> ```
> 
> 3. If the admin user list needs to change when enabling Kerberos, oozie-env/oozie_admin_users
can be set in Oozie's Kerberos descriptor (kerberos.json).
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/configuration/oozie-env.xml
6439bc6 
>   ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/oozie.py
83b5715 
>   ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/scripts/params_linux.py
e5c3367 
>   ambari-server/src/main/resources/common-services/OOZIE/4.0.0.2.0/package/templates/adminusers.txt.j2
9feae39 
>   ambari-server/src/test/python/stacks/2.0.6/configs/default.json b40c44a 
>   ambari-server/src/test/python/stacks/2.0.6/configs/default_oozie_mysql.json 6a93e85

>   ambari-server/src/test/python/stacks/2.0.6/configs/secured.json 1d40121 
>   ambari-server/src/test/python/stacks/2.2/configs/oozie-downgrade.json 5e71ad7 
>   ambari-server/src/test/python/stacks/2.2/configs/oozie-upgrade.json 036b821 
> 
> Diff: https://reviews.apache.org/r/35730/diff/
> 
> 
> Testing
> -------
> 
> Manually tested using HDP 2.3 and HDP 2.2 to make sure the adminusers.txt file was built
properly.
> 
> Local Unit tests passed.
> 
> 
> Thanks,
> 
> Robert Levas
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message