incubator-ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jiten...@apache.org
Subject svn commit: r1362633 [2/2] - in /incubator/ambari/trunk: ./ hmc/db/ hmc/package/rpm/ hmc/package/rpm/SPECS/ hmc/php/conf/ hmc/php/db/ hmc/php/orchestrator/ hmc/php/puppet/ hmc/php/puppet/genmanifest/ hmc/puppet/modules/hdp-hadoop/manifests/ hmc/puppet/...
Date Tue, 17 Jul 2012 20:16:40 GMT
Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/adminclient.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/adminclient.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/adminclient.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/adminclient.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,140 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+
+class hdp-kerberos::adminclient(
+  $service_state = $hdp::params::cluster_service_state
+) inherits hdp-kerberos::params
+{
+  import 'hdp'
+
+  $kadmin_pw = "bla123"
+  $kadmin_admin = "kadmin/admin"
+  $realm = $kerberos_domain
+  $krb_realm = $kerberos_domain
+  $hdp::params::service_exists['hdp-kerberos::adminclient'] = true
+  $krbContext = {}
+  $krbContext['kadmin_pw'] = $kadmin_pw
+  $krbContext['kadmin_admin'] = $kadmin_admin
+  $krbContext['realm' ] = $kerberos_domain
+  $krbContext['local_or_remote'] = 'remote'
+  $krbContext['principals_to_create'] = $principals_to_create
+  $krbContext['keytabs_to_create'] = $keytabs_to_create
+  $krbContext['principals_in_keytabs'] = $principals_in_keytabs
+
+  $kdc_server = $kdc_host
+
+  package { $package_name_client:
+    ensure => installed,
+  }
+  if ($hdp::params::service_exists['hdp-kerberos::server'] != true) {
+    file { "/etc/krb5.conf":
+      content => template('hdp-kerberos/krb5.conf'),
+      owner => "root",
+      group => "root",
+      mode => "0644",
+      require => Package[$package_name_client],
+    }
+  }
+ 
+  if ($create_principals_keytabs == "yes") {
+    notice("Creating principals and keytabs..")
+    hdp-kerberos::principals_and_keytabs::services { 'alphabeta': 
+      krb_context => $krbContext
+    }
+  }
+}
+
+
+define hdp-kerberos::principals_and_keytabs::services(
+  $krb_context
+)
+{
+  include hdp-kerberos::params
+  $principals_to_create = $krb_context[principals_to_create]
+  $keytabs_to_create = $krb_context[keytabs_to_create]
+
+  hdp-kerberos::principal {$principals_to_create:
+    krb_context => $krb_context,
+  }
+  
+  hdp-kerberos::keytab { $keytabs_to_create :
+    krb_context => $krb_context,
+    require => Hdp-kerberos::Principal[$principals_to_create]
+  }
+}
+
+define hdp-kerberos::keytab(
+  $krb_context,
+  $keytable_file_owner = undef,
+  $keytable_file_mode  = undef
+)
+{
+  include hdp-kerberos::params
+  $keytab = $name
+  $realm = $krb_context['realm']
+  $local_or_remote = $krb_context['local_or_remote']
+  $kadmin_pw = $krb_context['kadmin_pw']
+  $kadmin_admin = $krb_context['kadmin_admin']
+  $kadmin_cmd = "kadmin -w ${kadmin_pw} -p ${kadmin_admin}"
+  if ($local_or_remote == 'local') {
+    $kadmin_cmd = 'kadmin.local'
+  }
+  $principals_in_keytabs = $krb_context['principals_in_keytabs']
+
+  $principals = $principals_in_keytabs[$keytab]
+  $principals_list = inline_template("<%= principals.join(' ')%>")
+  $keytab_filename = $keytab
+
+  exec { "xst ${keytab}":
+    command => "rm -rf ${keytab_filename}; ${kadmin_cmd} -q 'xst -k ${keytab_filename} ${principals_list}'; chown puppet:apache ${keytab_filename}",
+    unless  => "klist -kt ${keytab_filename} 2>/dev/null | grep -q ' ${principals[0]}'", #TODO may make more robust test
+    path   => $hdp-kerberos::params::exec_path,
+  }
+
+  if (($keytable_file_owner != undef) or ($keytable_file_mode != undef)) {
+    file { $keytab_filename:
+      owner => $keytable_file_owner,
+      mode  => $keytable_file_mode,
+      require => Exec["xst ${keytab}"]
+    }
+  }
+}
+
+define hdp-kerberos::principal(
+  $krb_context
+)
+{
+  include hdp-kerberos::params
+  $realm = $krb_context['realm']
+  $local_or_remote = $krb_context['local_or_remote']
+  $kadmin_pw = $krb_context['kadmin_pw']
+  $kadmin_admin = $krb_context['kadmin_admin']
+  $kadmin_cmd =  "kadmin -w ${kadmin_pw} -p ${kadmin_admin}"
+  if ($local_or_remote == 'local') {
+    $kadmin_cmd = 'kadmin.local'
+  }
+  $principal = $name
+  exec { "addprinc ${principal}":
+    command => "${kadmin_cmd} -q 'addprinc -randkey ${principal}'",
+    unless => "${kadmin_cmd} -q listprincs | grep -q '^${principal}$'",
+    path => $hdp-kerberos::params::exec_path
+  }
+}

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/bigtop/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/bigtop/init.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/bigtop/init.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/bigtop/init.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,217 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class kerberos {
+  class site {
+    # The following is our interface to the world. This is what we allow
+    # users to tweak from the outside (see tests/init.pp for a complete
+    # example) before instantiating target classes.
+    # Once we migrate to Puppet 2.6 we can potentially start using 
+    # parametrized classes instead.
+    $domain     = $kerberos_domain     ? { '' => inline_template('<%= domain %>'),
+                                           default => $kerberos_domain }
+    $realm      = $kerberos_realm      ? { '' => inline_template('<%= domain.upcase %>'),
+                                           default => $kerberos_realm } 
+    $kdc_server = $kerberos_kdc_server ? { '' => 'localhost',
+                                           default => $kerberos_kdc_server }
+    $kdc_port   = $kerberos_kdc_port   ? { '' => '88', 
+                                           default => $kerberos_kdc_port } 
+    $admin_port = 749 /* BUG: linux daemon packaging doesn't let us tweak this */
+
+    $keytab_export_dir = "/var/lib/bigtop_keytabs"
+
+    case $operatingsystem {
+        'ubuntu': {
+            $package_name_kdc    = 'krb5-kdc'
+            $service_name_kdc    = 'krb5-kdc'
+            $package_name_admin  = 'krb5-admin-server'
+            $service_name_admin  = 'krb5-admin-server'
+            $package_name_client = 'krb5-user'
+            $exec_path           = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+            $kdc_etc_path        = '/etc/krb5kdc/'
+        }
+        # default assumes CentOS, Redhat 5 series (just look at how random it all looks :-()
+        default: {
+            $package_name_kdc    = 'krb5-server'
+            $service_name_kdc    = 'krb5kdc'
+            $package_name_admin  = 'krb5-libs'
+            $service_name_admin  = 'kadmin'
+            $package_name_client = 'krb5-workstation'
+            $exec_path           = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/kerberos/sbin:/usr/kerberos/bin'
+            $kdc_etc_path        = '/var/kerberos/krb5kdc/'
+        }
+    }
+
+    file { "/etc/krb5.conf":
+      content => template('kerberos/krb5.conf'),
+      owner => "root",
+      group => "root",
+      mode => "0644",
+    }
+
+    @file { $keytab_export_dir:
+      ensure => directory,
+      owner  => "root",
+      group  => "root",
+    }
+
+    # Required for SPNEGO
+    @principal { "HTTP": 
+
+    }
+  }
+
+  class kdc inherits kerberos::site {
+    package { $package_name_kdc:
+      ensure => installed,
+    }
+
+    file { $kdc_etc_path:
+    	ensure => directory,
+        owner => root,
+        group => root,
+        mode => "0700",
+        require => Package["$package_name_kdc"],
+    }
+    file { "${kdc_etc_path}/kdc.conf":
+      content => template('kerberos/kdc.conf'),
+      require => Package["$package_name_kdc"],
+      owner => "root",
+      group => "root",
+      mode => "0644",
+    }
+    file { "${kdc_etc_path}/kadm5.acl":
+      content => template('kerberos/kadm5.acl'),
+      require => Package["$package_name_kdc"],
+      owner => "root",
+      group => "root",
+      mode => "0644",
+    }
+
+    exec { "kdb5_util":
+      path => $exec_path,
+      command => "rm -f /etc/kadm5.keytab ; kdb5_util -P cthulhu -r ${realm} create -s && kadmin.local -q 'cpw -pw secure kadmin/admin'",
+      
+      creates => "${kdc_etc_path}/stash",
+
+      subscribe => File["${kdc_etc_path}/kdc.conf"],
+      # refreshonly => true, 
+
+      require => [Package["$package_name_kdc"], File["${kdc_etc_path}/kdc.conf"], File["/etc/krb5.conf"]],
+    }
+
+    service { $service_name_kdc:
+      ensure => running,
+      require => [Package["$package_name_kdc"], File["${kdc_etc_path}/kdc.conf"], Exec["kdb5_util"]],
+      subscribe => File["${kdc_etc_path}/kdc.conf"],
+      hasrestart => true,
+    }
+
+
+    class admin_server inherits kerberos::kdc {
+      $se_hack = "setsebool -P kadmind_disable_trans  1 ; setsebool -P krb5kdc_disable_trans 1"
+
+      package { "$package_name_admin":
+        ensure => installed,
+        require => Package["$package_name_kdc"],
+      } 
+  
+      service { "$service_name_admin":
+        ensure => running,
+        require => [Package["$package_name_admin"], Service["$service_name_kdc"]],
+        hasrestart => true,
+        restart => "${se_hack} ; service ${service_name_admin} restart",
+        start => "${se_hack} ; service ${service_name_admin} start",
+      }
+    }
+  }
+
+  class client inherits kerberos::site {
+    package { $package_name_client:
+      ensure => installed,
+    }
+  }
+
+  class server {
+    include kerberos::client
+
+    class { "kerberos::kdc": } 
+    ->
+    Class["kerberos::client"] 
+
+    class { "kerberos::kdc::admin_server": }
+    -> 
+    Class["kerberos::client"]
+  }
+
+  define principal {
+    require "kerberos::client"
+
+    realize(File[$kerberos::site::keytab_export_dir])
+
+    $principal = "$title/$::fqdn"
+    $keytab    = "$kerberos::site::keytab_export_dir/$title.keytab"
+
+    exec { "addprinc.$title":
+      path => $kerberos::site::exec_path,
+      command => "kadmin -w secure -p kadmin/admin -q 'addprinc -randkey $principal'",
+      unless => "kadmin -w secure -p kadmin/admin -q listprincs | grep -q $principal",
+      require => Package[$kerberos::site::package_name_client],
+    } 
+    ->
+    exec { "xst.$title":
+      path    => $kerberos::site::exec_path, 
+      command => "kadmin -w secure -p kadmin/admin -q 'xst -k $keytab $principal'",
+      unless  => "klist -kt $keytab 2>/dev/null | grep -q $principal",
+      require => File[$kerberos::site::keytab_export_dir],
+    }
+  }
+
+  define host_keytab($princs = undef, $spnego = disabled) {
+    $keytab = "/etc/$title.keytab"
+
+    $requested_princs = $princs ? { 
+      undef   => [ $title ],
+      default => $princs,
+    }
+
+    $internal_princs = $spnego ? {
+      /(true|enabled)/ => [ 'HTTP' ],
+      default          => [ ],
+    }
+    realize(Kerberos::Principal[$internal_princs])
+
+    $includes = inline_template("<%=
+      [requested_princs, internal_princs].flatten.map { |x|
+        \"rkt $kerberos::site::keytab_export_dir/#{x}.keytab\"
+      }.join(\"\n\")
+    %>")
+
+    kerberos::principal { $requested_princs:
+    }
+
+    exec { "ktinject.$title":
+      path     => $kerberos::site::exec_path,
+      command  => "/usr/bin/ktutil <<EOF
+        $includes
+        wkt $keytab
+EOF
+        chown $title $keytab",
+      creates => $keytab,
+      require => [ Kerberos::Principal[$requested_princs],
+                   Kerberos::Principal[$internal_princs] ],
+    }
+  }
+}

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/client.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/client.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/client.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/client.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,50 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+
+class hdp-kerberos::client(
+  $service_state = $hdp::params::cluster_service_state
+) inherits hdp-kerberos::params
+{
+  import 'hdp'
+
+  $hdp::params::service_exists['hdp-kerberos::client'] = true
+
+  $kdc_server = $kdc_host
+  $krb_realm = $kerberos_domain
+  $realm = $kerberos_domain
+
+  if ($hdp::params::service_exists['hdp-kerberos::adminclient'] != true)  {
+    package { $package_name_client:
+      ensure => installed,
+    }
+  }
+
+  if (($hdp::params::service_exists['hdp-kerberos::server'] != true) and
+      ($hdp::params::service_exists['hdp-kerberos::adminclient'] != true) ) {
+    file { "/etc/krb5.conf":
+      content => template('hdp-kerberos/krb5.conf'),
+      owner => "root",
+      group => "root",
+      mode => "0644",
+      require => Package[$package_name_client],
+    }
+  }
+}

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/init.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/init.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/init.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,25 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+
+class hdp-kerberos()
+{
+}
+

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/params.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/params.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/params.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,70 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+
+class hdp-kerberos::params(
+) inherits hdp::params
+{
+  $domain  = 'hadoop.com'
+  $realm = inline_template('<%= @domain.upcase %>')
+  $kdc_server = $::fqdn
+  $kdc_port = 88
+  $keytab_export_base_dir = '/etc/security/'
+  $keytab_export_dir = "${keytab_export_base_dir}/keytabs"
+
+  $keytab_map = {
+    'hdp-hadoop::namenode' =>  
+      {keytab    => 'nn.service.keytab',
+       primaries => ['nn', 'host', 'HTTP']},
+    'hdp-hadoop::snamenode' =>  
+      {keytab    => 'nn.service.keytab',
+       primaries => ['nn', 'host', 'HTTP']},
+    'hdp-hadoop::datanode' =>  
+      {keytab    => 'dn.service.keytab',
+       primaries => ['dn']},
+    'hdp-hadoop::jobtracker' =>  
+      {keytab    => 'jt.service.keytab',
+       primaries => ['jt']},
+    'hdp-hadoop::tasktracker' =>  
+      {keytab    => 'tt.service.keytab',
+       primaries => ['tt']}
+  }
+
+  case $::operatingsystem {
+    'ubuntu': {
+      $package_name_kdc    = 'krb5-kdc'
+      $service_name_kdc    = 'krb5-kdc'
+      $package_name_admin  = 'krb5-admin-server'
+      $service_name_admin  = 'krb5-admin-server'
+      $package_name_client = 'krb5-user'
+      $exec_path           = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
+      $kdc_etc_path        = '/etc/krb5kdc/'
+     }
+     default: {
+       $package_name_kdc    = 'krb5-server'
+       $service_name_kdc    = 'krb5kdc'
+       $package_name_admin  = 'krb5-libs'
+       $service_name_admin  = 'kadmin'
+       $package_name_client = 'krb5-workstation' 
+       $exec_path           = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/kerberos/sbin:/usr/kerberos/bin'
+       $kdc_etc_path        = '/var/kerberos/krb5kdc/'
+    }
+  }
+}

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/server.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/server.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/server.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/manifests/server.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,116 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+
+class hdp-kerberos::server(
+  $service_state = $hdp::params::cluster_service_state,
+  $opts = {}
+) inherits hdp-kerberos::params
+{ 
+  import 'hdp'
+
+  $hdp::params::service_exists['hdp-kerberos::server'] = true
+
+  $krb_realm = $kerberos_domain
+  $kadmin_pw = "bla123"
+  $kadmin_admin = "kadmin/admin"
+
+  if ($service_state == 'no_op') {
+  } elsif ($service_state in ['running','stopped','installed_and_configured']) {
+    # Install kdc server and client
+    package { $package_name_kdc:
+      ensure => installed
+    }
+
+    # set the realm
+    $realm = $krb_realm
+    # SUHAS: This should be set on all the nodes in addition to kdc server
+    file { "/etc/krb5.conf":
+      content => template('hdp-kerberos/krb5.conf'),
+      owner => "root",
+      group => "root",
+      mode => "0644",
+      require => Package[$package_name_kdc],
+      }
+
+    file { $kdc_etc_path:
+      ensure => directory,
+      owner => root,
+      group => root,
+      mode => "0700",
+      require => Package[$package_name_kdc],
+    }
+
+    file { "${kdc_etc_path}/kdc.conf":
+      content => template('hdp-kerberos/kdc.conf'),
+      require => Package["$package_name_kdc"],
+      owner => "root",
+      group => "root",
+      mode => "0644",
+    }
+
+    # SUHAS: kadm5.acl file template is missing in gsInsaller
+    # SUHAS: gsInstaller stops stopIptables at this point (sequence is not relevant here).
+    file { "${kdc_etc_path}/kadm5.acl":
+      content => template('hdp-kerberos/kadm5.acl'),
+      require => Package["$package_name_kdc"],
+      owner => "root",
+      group => "root",
+      mode => "0644",
+    }
+
+    exec { "kdb5_util":
+      path => $exec_path,
+      command => "rm -f ${kdc_etc_path}/kadm5.keytab; kdb5_util -P x86yzh12 -r ${realm} create -s && kadmin.local -q 'cpw -pw ${kadmin_pw} ${kadmin_admin}'",
+      creates => "${kdc_etc_path}/stash",
+      subscribe => File["${kdc_etc_path}/kdc.conf"],
+      require => [Package[$package_name_kdc], File["${kdc_etc_path}/kdc.conf"], File["/etc/krb5.conf"]]
+    }
+
+    # SUHAS: gsInstaller has checkconfig_on
+    exec { "chkconfig_krb5kdc_on":
+      path => $exec_path,
+      command => "chkconfig krb5kdc on",
+      require => [Package["$package_name_kdc"], File["${kdc_etc_path}/kdc.conf"], Exec["kdb5_util"]],
+    }
+    
+    # Start KDC Server
+    if ($service_state in ['running','stopped']) {
+      service { $service_name_kdc:
+        ensure => $service_state,
+        require => [Exec["chkconfig_krb5kdc_on"]],
+        subscribe => File["${kdc_etc_path}/kdc.conf"],
+        hasrestart => true,
+      }
+
+      # SUHAS: This is to be done on HMC not KDC Server??
+      $se_hack = "setsebool -P kadmind_disable_trans  1 ; setsebool -P krb5kdc_disable_trans 1"
+      service { $service_name_admin:
+        ensure => $service_state,
+        require => Service[$service_name_kdc],
+        hasrestart => true,
+        restart => "${se_hack} ; service ${service_name_admin} restart",
+        start => "${se_hack} ; service ${service_name_admin} start",
+      }
+    }
+  } else {
+    hdp_fail("TODO not implemented yet: service_state = ${service_state}")
+  }
+}

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kadm5.acl
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kadm5.acl?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kadm5.acl (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kadm5.acl Tue Jul 17 20:16:37 2012
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file Is the access control list for krb5 administration.
+# When this file is edited run /etc/init.d/krb5-admin-server restart to activate
+# One common way to set up Kerberos administration is to allow any principal 
+# ending in /admin  is given full administrative rights.
+# To enable this, uncomment the following line:
+*/admin *

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kdc.conf
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kdc.conf?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kdc.conf (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/kdc.conf Tue Jul 17 20:16:37 2012
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+default_realm = <%= realm %>
+
+[kdcdefaults]
+    v4_mode = nopreauth
+    kdc_ports = 0
+    kdc_tcp_ports = 88 
+
+[realms]
+    <%= realm %> = {
+        acl_file = <%= kdc_etc_path %>/kadm5.acl
+        dict_file = /usr/share/dict/words
+        admin_keytab = <%= kdc_etc_path %>/kadm5.keytab
+        supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
+        kdc_ports = <%= kdc_port %>
+        database_name = <%= kdc_etc_path %>/principal
+        key_stash_file = <%= kdc_etc_path %>/stash
+        max_life = 10h 0m 0s
+        max_renewable_life = 7d 0h 0m 0s
+        master_key_type = des3-hmac-sha1
+        default_principal_flags = +preauth
+    }

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/krb5.conf
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/krb5.conf?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/krb5.conf (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/templates/krb5.conf Tue Jul 17 20:16:37 2012
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[libdefaults]
+    default_realm = <%= realm %>
+    dns_lookup_realm = false
+    dns_lookup_kdc = false
+    ticket_lifetime = 24h
+    forwardable = yes
+    udp_preference_limit = 1
+
+[realms]
+    <%= realm %> = {
+        kdc = <%= kdc_server %>:<%= kdc_port %>
+        admin_server = <%= kdc_server %>:749
+        default_domain = <%= domain %>
+    }
+
+[appdefaults] 
+    pam = {
+        debug = false 
+        ticket_lifetime = 36000 
+        renew_lifetime = 36000 
+        forwardable = true 
+        krb4_convert = false 
+    }
+
+[domain_realm]
+    .<%= domain %> = <%= realm %>
+     <%= domain %> = <%= realm %>
+
+[logging]
+    default = FILE:/var/log/krb5libs.log
+    kdc = FILE:/var/log/krb5kdc.log
+    admin_server = FILE:/var/log/kadmind.log

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/tests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/tests/init.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/tests/init.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-kerberos/tests/init.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+$kerberos_domain = "krb.test.com"
+$kerberos_realm = "KRB.TEST.COM"
+$kerberos_kdc_server = "localhost"
+$kerberos_kdc_port = 88
+# the following turns a node into a fully functional KDC 
+include kerberos::kdc
+# the following opens up KDC principle datbase for remote
+# administration (it really should be optional, but it is
+# required for now in order to make kerberos::client::host_keytab
+# work)
+include kerberos::kdc::admin_server
+
+# the following turns a node into a Kerberos client hosts with.. 
+include kerberos::client
+# ...an optional host_keytab for as many services as you want:
+kerberos::client::host_keytab { ["host", "hdfs", "mapred"]: }

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_hive_metastore_status.sh
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_hive_metastore_status.sh?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_hive_metastore_status.sh (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_hive_metastore_status.sh Tue Jul 17 20:16:37 2012
@@ -22,9 +22,21 @@
 #The uri is of the form thrift://<hostname>:<port>
 HOST=$1
 PORT=$2
+JAVA_HOME=$3
+SEC_ENABLED=$4
+if [[ "$SEC_ENABLED" == "true" ]]; then
+  NAGIOS_KEYTAB=$5
+  NAGIOS_USER=$6
+  out1=`/usr/kerberos/bin/kinit -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
+  if [[ "$?" -ne 0 ]]; then
+    echo "CRITICAL: Error doing kinit for nagios [$out1]";
+    exit 2;
+  fi
+fi
 HCAT_URL=-Dhive.metastore.uris="thrift://$HOST:$PORT"
+export JAVA_HOME=$JAVA_HOME
 out=`hcat $HCAT_URL -e "show databases" 2>&1`
-if [[ "$?" -ne 0 ]]; then 
+if [[ "$?" -ne 0 ]]; then
   echo "CRITICAL: Error accessing hive-metaserver status [$out]";
   exit 2;
 fi

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_oozie_status.sh
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_oozie_status.sh?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_oozie_status.sh (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_oozie_status.sh Tue Jul 17 20:16:37 2012
@@ -23,6 +23,16 @@
 HOST=$1
 PORT=$2
 JAVA_HOME=$3
+SEC_ENABLED=$4
+if [[ "$SEC_ENABLED" == "true" ]]; then
+  NAGIOS_KEYTAB=$5
+  NAGIOS_USER=$6
+  out1=`/usr/kerberos/bin/kinit -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
+  if [[ "$?" -ne 0 ]]; then
+    echo "CRITICAL: Error doing kinit for nagios [$out1]";
+    exit 2;
+  fi
+fi
 OOZIE_URL="http://$HOST:$PORT/oozie"
 export JAVA_HOME=$JAVA_HOME
 out=`oozie admin -oozie ${OOZIE_URL} -status 2>&1`

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_templeton_status.sh
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_templeton_status.sh?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_templeton_status.sh (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/files/check_templeton_status.sh Tue Jul 17 20:16:37 2012
@@ -23,8 +23,18 @@
 HOST=$1
 PORT=$2
 VERSION=$3
+SEC_ENABLED=$4
+if [[ "$SEC_ENABLED" == "true" ]]; then 
+  NAGIOS_KEYTAB=$5
+  NAGIOS_USER=$6
+  out1=`/usr/kerberos/bin/kinit -kt ${NAGIOS_KEYTAB} ${NAGIOS_USER} 2>&1`
+  if [[ "$?" -ne 0 ]]; then
+    echo "CRITICAL: Error doing kinit for nagios [$out1]";
+    exit 2;
+  fi
+fi
 regex="^.*\"status\":\"ok\".*<status_code:200>$"
-out=`curl http://$HOST:$PORT/templeton/$VERSION/status -w '<status_code:%{http_code}>' 2>&1`
+out=`curl --negotiate -u : -s -w '<status_code:%{http_code}>' http://$HOST:$PORT/templeton/$VERSION/status 2>&1`
 if [[ $out =~ $regex ]]; then 
   echo "OK: Templeton server status [$out]";
   exit 0;

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/manifests/params.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/manifests/params.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/manifests/params.pp Tue Jul 17 20:16:37 2012
@@ -22,7 +22,7 @@ class hdp-nagios::params() inherits hdp:
 {   
  
   $nagios_user = "nagios"
-  $nagios_group = "nagios"
+  $nagios_group = hdp_default("smoke_user_group","nagios")
   
   $conf_dir = hdp_default("nagios_conf_dir","/etc/nagios")
 

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb Tue Jul 17 20:16:37 2012
@@ -74,15 +74,15 @@ define command{
 
 define command{
         command_name    check_oozie_status
-        command_line    $USER1$/check_oozie_status.sh $HOSTADDRESS$ $ARG1$ $ARG2$
+        command_line    $USER1$/check_oozie_status.sh $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
        }
 
 define command{
         command_name    check_templeton_status
-        command_line    $USER1$/check_templeton_status.sh $HOSTADDRESS$ $ARG1$ $ARG2$ 
+        command_line    $USER1$/check_templeton_status.sh $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
        }
 
 define command{
         command_name    check_hive_metastore_status
-        command_line    $USER1$/check_hive_metastore_status.sh $HOSTADDRESS$ $ARG1$
+        command_line    $USER1$/check_hive_metastore_status.sh $HOSTADDRESS$ $ARG1$ $ARG2$ $ARG3$ $ARG4$ $ARG5$
        }

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb Tue Jul 17 20:16:37 2012
@@ -334,7 +334,7 @@ define service {
         use                     hadoop-service
         service_description     DATANODE::Process down
         servicegroups           HDFS
-        check_command           check_tcp!50010!-w 1 -c 1
+        check_command           check_tcp!<%=scope.function_hdp_template_var("dfs_datanode_address")%>!-w 1 -c 1
         normal_check_interval   1
         retry_check_interval    0.5
         max_check_attempts      3
@@ -345,7 +345,7 @@ define service {
         use                     hadoop-service
         service_description     DATANODE::Storage full
         servicegroups           HDFS
-        check_command           check_datanode_storage!50075!90%!90%
+        check_command           check_datanode_storage!<%=scope.function_hdp_template_var("dfs_datanode_http_address")%>!90%!90%
         normal_check_interval   5
         retry_check_interval    1
         max_check_attempts      2
@@ -433,7 +433,11 @@ define service {
         use                     hadoop-service
         service_description     HIVE-METASTORE::HIVE-METASTORE status check
         servicegroups           HIVE-METASTORE
-        check_command           check_hive_metastore_status!9083
+        <%if scope.function_hdp_template_var("security_enabled")-%>
+        check_command           check_hive_metastore_status!9083!<%=scope.function_hdp_template_var("java32_home")%>!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>
+        <%else-%>
+        check_command           check_hive_metastore_status!9083!<%=scope.function_hdp_template_var("java32_home")%>!false
+        <%end-%>
         normal_check_interval   0.5
         retry_check_interval    0.5
         max_check_attempts      3
@@ -446,7 +450,11 @@ define service {
         use                     hadoop-service
         service_description     OOZIE::Oozie status check
         servicegroups           OOZIE
-        check_command           check_oozie_status!11000!<%=scope.function_hdp_template_var("java32_home") %>
+        <%if scope.function_hdp_template_var("security_enabled")-%>
+        check_command           check_oozie_status!11000!<%=scope.function_hdp_template_var("java32_home")%>!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>
+        <%else-%>
+        check_command           check_oozie_status!11000!<%=scope.function_hdp_template_var("java32_home")%>!false
+        <%end-%>
         normal_check_interval   1
         retry_check_interval    1
         max_check_attempts      3
@@ -459,7 +467,11 @@ define service {
         use                     hadoop-service
         service_description     TEMPLETON::Templeton status check
         servicegroups           TEMPLETON
-        check_command           check_templeton_status!50111!v1
+        <%if scope.function_hdp_template_var("security_enabled")-%>
+        check_command           check_templeton_status!50111!v1!true!<%=scope.function_hdp_template_var("keytab_path")%>/<%=scope.function_hdp_template_var("nagios_user")%>.headless.keytab!<%=scope.function_hdp_template_var("nagios_user")%>
+        <%else-%>
+        check_command           check_templeton_status!50111!v1!false
+        <%end-%>
         normal_check_interval   1
         retry_check_interval    0.5
         max_check_attempts      3

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/nagios.cfg.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/nagios.cfg.erb?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/nagios.cfg.erb (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-nagios/templates/nagios.cfg.erb Tue Jul 17 20:16:37 2012
@@ -155,7 +155,7 @@ nagios_user=nagios
 # This determines the effective group that Nagios should run as.  
 # You can either supply a group name or a GID.
 
-nagios_group=nagios
+nagios_group=<%=scope.function_hdp_template_var("nagios_group")%>
 
 
 

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/files/oozieSmoke.sh
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/files/oozieSmoke.sh?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/files/oozieSmoke.sh (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/files/oozieSmoke.sh Tue Jul 17 20:16:37 2012
@@ -56,6 +56,12 @@ function checkOozieJobStatus {
 export oozie_conf_dir=$1
 export hadoop_conf_dir=$2
 export smoke_test_user=$3
+export security_enabled=$4
+export smoke_user_keytab=$5
+export realm=$6
+export JTHOST=$7
+export NNHOST=$8
+
 export OOZIE_EXIT_CODE=0
 export JOBTRACKER=`getValueFromField ${hadoop_conf_dir}/mapred-site.xml mapred.job.tracker`
 export NAMENODE=`getValueFromField ${hadoop_conf_dir}/core-site.xml fs.default.name`
@@ -69,12 +75,21 @@ sed -i "s|nameNode=hdfs://localhost:9000
 sed -i "s|jobTracker=localhost:8021|jobTracker=$JOBTRACKER|g" examples/apps/map-reduce/job.properties
 sed -i "s|jobTracker=localhost:9001|jobTracker=$JOBTRACKER|g" examples/apps/map-reduce/job.properties
 sed -i "s|oozie.wf.application.path=hdfs://localhost:9000|oozie.wf.application.path=$NAMENODE|g" examples/apps/map-reduce/job.properties
+
+if [[ $security_enabled == "true" ]]; then
+  kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+  echo "dfs.namenode.kerberos.principal=nn/`echo ${NNHOST} | tr '[:upper:]' '[:lower:]'`@${realm}" >> examples/apps/map-reduce/job.properties
+  echo "mapreduce.jobtracker.kerberos.principal=jt/`echo ${JTHOST} | tr '[:upper:]' '[:lower:]'`@${realm}" >> examples/apps/map-reduce/job.properties
+else 
+  kinitcmd=""
+fi
+
 su - ${smoke_test_user} -c "hadoop dfs -rmr examples"
 su - ${smoke_test_user} -c "hadoop dfs -rmr input-data"
 su - ${smoke_test_user} -c "hadoop dfs -copyFromLocal $OOZIE_EXAMPLES_DIR/examples examples"
 su - ${smoke_test_user} -c "hadoop dfs -copyFromLocal $OOZIE_EXAMPLES_DIR/examples/input-data input-data"
 
-cmd="source ${oozie_conf_dir}/oozie-env.sh ; /usr/bin/oozie job -oozie $OOZIE_SERVER -config $OOZIE_EXAMPLES_DIR/examples/apps/map-reduce/job.properties  -run"
+cmd="${kinitcmd}source ${oozie_conf_dir}/oozie-env.sh ; /usr/bin/oozie job -oozie $OOZIE_SERVER -config $OOZIE_EXAMPLES_DIR/examples/apps/map-reduce/job.properties  -run"
 job_info=`su - ${smoke_test_user} -c "$cmd" | grep "job:"`
 job_id="`echo $job_info | cut -d':' -f2`"
 checkOozieJobStatus "$job_id"

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/oozie/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/oozie/service_check.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/oozie/service_check.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/oozie/service_check.pp Tue Jul 17 20:16:37 2012
@@ -35,6 +35,16 @@ define hdp-oozie::smoke_shell_file()
   $smoke_test_user = $hdp::params::smokeuser
   $conf_dir = $hdp::params::oozie_conf_dir
   $hadoopconf_dir = $hdp::params::hadoop_conf_dir 
+  $security_enabled=$hdp::params::security_enabled
+  $jt_host=$hdp::params::jtnode_host
+  $nn_host=$hdp::params::namenode_host
+  if ($security_enabled == true) {
+    $security = "true"
+  } else {
+    $security = "false"
+  }
+  $smoke_user_keytab = "${hdp-oozie::params::keytab_path}/${smoke_test_user}.headless.keytab"
+  $realm=$hdp::params::kerberos_domain
 
   file { '/tmp/oozieSmoke.sh':
     ensure => present,
@@ -43,7 +53,7 @@ define hdp-oozie::smoke_shell_file()
   }
 
   exec { '/tmp/oozieSmoke.sh':
-    command   => "sh /tmp/oozieSmoke.sh ${conf_dir} ${hadoopconf_dir} ${smoke_test_user}",
+    command   => "sh /tmp/oozieSmoke.sh ${conf_dir} ${hadoopconf_dir} ${smoke_test_user} ${security} ${smoke_user_keytab} ${realm} $jt_host $nn_host",
     tries     => 3,
     try_sleep => 5,
     require   => File['/tmp/oozieSmoke.sh'],

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/params.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/params.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/manifests/params.pp Tue Jul 17 20:16:37 2012
@@ -42,9 +42,14 @@ class hdp-oozie::params() inherits hdp::
   $oozie_tmp_dir = hdp_default("hadoop/oozie-env/oozie_tmp_dir","/var/tmp/oozie")
 
   $oozie_lib_dir = hdp_default("hadoop/oozie-env/oozie_lib_dir","/var/lib/oozie/")
+
   ### oozie-site
-  $oozie_sasl_enabled = hdp_default("hadoop/oozie-site/oozie_sasl_enabled","false")
-  $oozie_security_type = hdp_default("hadoop/oozie-site/oozie_security_type","simple")
-  $realm = hdp_default("hadoop/oozie-site/realm","EXAMPLE.COM")
-  $keytab_path = hdp_default("hadoop/oozie-site/keytab_path","/etc/security/keytabs/")
+  $keytab_path = hdp_default("keytab_path","/etc/security/keytabs")
+  if ($security_enabled == true) {
+    $oozie_sasl_enabled = "true"
+    $oozie_security_type = "kerberos"
+  } else {
+    $oozie_sasl_enabled = "false"
+    $oozie_security_type = "simple"
+  }
 }

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/templates/oozie-site.xml.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/templates/oozie-site.xml.erb?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/templates/oozie-site.xml.erb (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-oozie/templates/oozie-site.xml.erb Tue Jul 17 20:16:37 2012
@@ -173,7 +173,7 @@
 
    <property>
      <name>local.realm</name>
-     <value><%=scope.function_hdp_template_var("realm")%></value>
+     <value><%=scope.function_hdp_template_var("kerberos_domain")%></value>
      <description>
      Kerberos Realm used by Oozie and Hadoop. Using 'local.realm' to be aligned with Hadoop configuration
      </description>
@@ -189,7 +189,7 @@
 
    <property>
      <name>oozie.service.HadoopAccessorService.kerberos.principal</name>
-     <value>oozie/<%=scope.function_hdp_host("oozie_server")%>@<%=scope.function_hdp_host("realm")%></value>
+     <value>oozie/<%=scope.function_hdp_host("oozie_server")%>@<%=scope.function_hdp_template_var("kerberos_domain")%></value>
      <description>
       Kerberos principal for Oozie service.
      </description>
@@ -212,13 +212,21 @@
     
     <property>
       <name>oozie.authentication.kerberos.principal</name>
-      <value>HTTP/<%=scope.function_hdp_host("oozie_server")%>@<%=scope.function_hdp_host("realm")%></value>
+      <value>HTTP/<%=scope.function_hdp_host("oozie_server")%>@<%=scope.function_hdp_template_var("kerberos_domain")%></value>
       <description>
        Whitelisted job tracker for Oozie service.
       </description>
     </property>
 
     <property>
+     <name>oozie.authentication.kerberos.keytab</name>
+     <value><%=scope.function_hdp_template_var("keytab_path")%>/spnego.service.keytab</value>
+     <description>
+       Location of the Oozie user keytab file.
+     </description>
+    </property>
+
+    <property>
       <name>oozie.service.HadoopAccessorService.nameNode.whitelist</name>
       <value> </value>
       <description>
@@ -245,5 +253,16 @@
       library path are used.
       </description>
     </property>
+    <property>
+      <name>oozie.authentication.kerberos.name.rules</name>
+      <value>
+        RULE:[2:$1@$0]([jt]t@.*<%=scope.function_hdp_template_var("kerberos_domain")%>)s/.*/<%=scope.function_hdp_template_var("mapred_user")%>/
+        RULE:[2:$1@$0]([nd]n@.*<%=scope.function_hdp_template_var("kerberos_domain")%>)s/.*/<%=scope.function_hdp_template_var("hdfs_user")%>/
+        RULE:[2:$1@$0](hm@.*<%=scope.function_hdp_template_var("kerberos_domain")%>)s/.*/<%=scope.function_hdp_template_var("hbase_user")%>/
+        RULE:[2:$1@$0](rs@.*<%=scope.function_hdp_template_var("kerberos_domain")%>)s/.*/<%=scope.function_hdp_template_var("hbase_user")%>/
+        DEFAULT
+        </value>
+      <description>The mapping from kerberos principal names to local OS user names.</description>
+    </property>
 </configuration>
 

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/params.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/params.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/params.pp Tue Jul 17 20:16:37 2012
@@ -26,4 +26,5 @@ class hdp-sqoop::params() inherits hdp::
   $hive_home = hdp_default("hive_home","/usr")
   $zoo_conf_dir = $hdp::params::zk_conf_dir 
   $sqoop_lib = hdp_default("sqoop_lib","/usr/lib/sqoop/lib/") #TODO: should I remove and just use sqoop_dbroot
+  $keytab_path = hdp_default("keytab_path","/etc/security/keytabs")
 }

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/sqoop/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/sqoop/service_check.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/sqoop/service_check.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-sqoop/manifests/sqoop/service_check.pp Tue Jul 17 20:16:37 2012
@@ -20,16 +20,30 @@
 #
 class hdp-sqoop::sqoop::service_check() 
 {
+  include hdp-sqoop::params
   $smoke_test_user = $hdp::params::smokeuser
+
+  # TODO:SUHAS Move this to hdp::params
+  $security_enabled=$hdp::params::security_enabled
+  $smoke_user_keytab = "${hdp-sqoop::params::keytab_path}/${smoke_test_user}.headless.keytab"
+  if ($security_enabled == true) {
+    $smoke_user_kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+  } else {
+    $smoke_user_kinitcmd=""
+  }
+
+  $cmd = "${smoke_user_kinitcmd}su - ${smoke_test_user} -c 'sqoop version'"
   
   anchor { 'hdp-sqoop::sqoop::service_check::begin':}
 
   exec { 'sqoop_smoke':
-    command   => "su - ${smoke_test_user} -c 'sqoop version'",
+    command   => $cmd,
     tries     => 3,
     try_sleep => 5,
     path      => '/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin',
-    logoutput => "true"
+    logoutput => "true",
+    require   => Anchor['hdp-sqoop::sqoop::service_check::begin'],
+    before    => Anchor['hdp-sqoop::sqoop::service_check::end']
   }
 
   anchor{ 'hdp-sqoop::sqoop::service_check::end':}

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/files/templetonSmoke.sh
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/files/templetonSmoke.sh?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/files/templetonSmoke.sh (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/files/templetonSmoke.sh Tue Jul 17 20:16:37 2012
@@ -22,10 +22,17 @@
 
 export ttonhost=$1
 export smoke_test_user=$2
+export smoke_user_keytab=$3
+export security_enabled=$4
 export ttonurl="http://${ttonhost}:50111/templeton/v1"
 
+if [[ $security_enabled == "true" ]]; then
+  kinitcmd="/usr/kerberos/bin/kinit  -kt ${smoke_user_keytab} ${smoke_test_user}; "
+else
+  kinitcmd=""
+fi
 
-cmd="curl -s -w 'http_code <%{http_code}>'    $ttonurl/status 2>&1"
+cmd="${kinitcmd}curl --negotiate -u : -s -w 'http_code <%{http_code}>'    $ttonurl/status 2>&1"
 retVal=`su - ${smoke_test_user} -c "$cmd"`
 httpExitCode=`echo $retVal |sed 's/.*http_code <\([0-9]*\)>.*/\1/'`
 
@@ -39,7 +46,7 @@ exit 0
 
 #try hcat ddl command
 echo "user.name=${smoke_test_user}&exec=show databases;" /tmp/show_db.post.txt
-cmd="curl -s -w 'http_code <%{http_code}>' -d  \@${destdir}/show_db.post.txt  $ttonurl/ddl 2>&1"
+cmd="${kinitcmd}curl --negotiate -u : -s -w 'http_code <%{http_code}>' -d  \@${destdir}/show_db.post.txt  $ttonurl/ddl 2>&1"
 retVal=`su - ${smoke_test_user} -c "$cmd"`
 httpExitCode=`echo $retVal |sed 's/.*http_code <\([0-9]*\)>.*/\1/'`
 
@@ -49,6 +56,12 @@ if [[ "$httpExitCode" -ne "200" ]] ; the
   exit  1
 fi
 
+# NOT SURE?? SUHAS
+if [[ $security_enabled == "true" ]]; then
+  echo "Templeton Pig Smoke Tests not run in secure mode"
+  exit 0
+fi
+
 #try pig query
 outname=${smoke_test_user}.`date +"%M%d%y"`.$$;
 ttonTestOutput="/tmp/idtest.${outname}.out";

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/manifests/templeton/service_check.pp Tue Jul 17 20:16:37 2012
@@ -22,6 +22,13 @@ class hdp-templeton::templeton::service_
 {
   include hdp-templeton::params
   $smoke_test_user = $hdp::params::smokeuser
+  $security_enabled=$hdp::params::security_enabled
+  if ($security_enabled == true) {
+    $security = "true"
+  } else {
+    $security = "false"
+  }
+  $smoke_user_keytab = "${hdp-templeton::params::keytab_path}/${smoke_test_user}.headless.keytab"
 
   $templeton_host = $hdp::params::templeton_server_host
 
@@ -43,7 +50,7 @@ define hdp-templeton::smoke_shell_file()
   }
 
   exec { '/tmp/templetonSmoke.sh':
-    command   => "sh /tmp/templetonSmoke.sh ${templeton_host} ${smoke_test_user}",
+    command   => "sh /tmp/templetonSmoke.sh ${templeton_host} ${smoke_test_user} ${smoke_user_keytab} ${security}",
     tries     => 3,
     try_sleep => 5,
     require   => File['/tmp/templetonSmoke.sh'],

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/templates/templeton-site.xml.erb
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/templates/templeton-site.xml.erb?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/templates/templeton-site.xml.erb (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp-templeton/templates/templeton-site.xml.erb Tue Jul 17 20:16:37 2012
@@ -117,6 +117,20 @@ limitations under the License.
     <name>templeton.streaming.jar</name>
     <value>hdfs:///apps/templeton/hadoop-streaming.jar</value>
     <description>The hdfs path to the Hadoop streaming jar file.</description>
-  </property> 
+ </property> 
 
+ <property>
+   <name>templeton.kerberos.principal</name>
+   <value>HTTP/<%=scope.function_hdp_host("templeton_server_host")%>@<%=scope.function_hdp_template_var("kerberos_domain")%></value>
+ </property>
+
+ <property>
+   <name>templeton.kerberos.keytab</name>
+   <value><%=scope.function_hdp_template_var("keytab_path")%>/spnego.service.keytab</value>
+ </property>
+
+ <property>
+   <name>templeton.kerberos.secret</name>
+   <value>secret</value>
+ </property>
 </configuration>

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/download_keytabs.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/download_keytabs.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/download_keytabs.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/download_keytabs.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,41 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+define hdp::download_keytab(
+  $masterhost,
+  $keytabdst,
+  $keytabfile,
+  $owner,
+  $hostnameInPrincipals = 'yes'
+)
+{
+  $hostname = $::fqdn
+  if ($hostnameInPrincipals == 'yes') {
+    $keytabsrc = "puppet://${masterhost}/modules/keytabs/${hostname}.${keytabfile}"
+  } else {
+    $keytabsrc = "puppet://${masterhost}/modules/keytabs/${keytabfile}"
+  }
+  notice($keytabsrc)
+  file { $keytabdst :
+    ensure => present,
+    source => $keytabsrc,
+    mode => '0700',
+    owner => $owner
+  }
+}

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/init.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/init.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/init.pp Tue Jul 17 20:16:37 2012
@@ -98,6 +98,7 @@ class hdp::create_smoke_user()
 {
   $smoke_group = $hdp::params::smoke_user_group
   $smoke_user = $hdp::params::smokeuser
+  $security_enabled = $hdp::params::security_enabled
 
   group { $smoke_group :
     ensure => present
@@ -111,7 +112,18 @@ class hdp::create_smoke_user()
      command => $cmd,
      unless => $check_group_cmd
   }
- 
+
+  if ($security_enabled == true) {
+    $secure_uid = $hdp::params::smoketest_user_secure_uid
+    $cmd_set_uid = "usermod -u ${secure_uid} ${smoke_user}"
+    $cmd_set_uid_check = "id -u ${smoke_user} | grep ${secure_uid}"
+     hdp::exec{ $cmd_set_uid:
+       command => $cmd_set_uid,
+       unless => $cmd_set_uid_check,
+       require => Hdp::User[$smoke_user]
+     }
+  }
+
   Group[$smoke_group] -> Hdp::User[$smoke_user] -> Hdp::Exec[$cmd] 
 }
 

Added: incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/java/jce/package.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/java/jce/package.pp?rev=1362633&view=auto
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/java/jce/package.pp (added)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/java/jce/package.pp Tue Jul 17 20:16:37 2012
@@ -0,0 +1,55 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+
+define hdp::java::jce::package(
+  $java_home_dir
+)
+{
+  include hdp::params
+
+  $jce_policy_zip = $hdp::params::jce_policy_zip
+  $artifact_dir = $hdp::params::artifact_dir
+  $jce_location = $hdp::params::jce_location
+  $jce_curl_target = "${artifact_dir}/${jce_policy_zip}"
+  
+  #TODO:SUHAS how to avoid redownload and install if correct version already present.
+  # may be check the file sizes for local_policy and export_US policy jars? 
+  # UNLESS  => "test -e ${java_exec}"
+  $curl_cmd = "curl -f --retry 10 ${jce_location}/${jce_policy_zip} -o ${jce_curl_target}"
+  exec{ "jce-download ${name}":
+    command => $curl_cmd,
+    creates => $jce_curl_target,
+    path    => ["/bin","/usr/bin/"],
+  }
+
+  $security_dir = "${java_home_dir}/jre/lib/security"
+  $cmd = "rm -f local_policy.jar; rm -f US_export_policy.jar; unzip -o -j -q ${jce_curl_target}"
+  exec { "jce-install ${name}":
+    command => $cmd,
+    onlyif  => "test -e ${security_dir}",
+    cwd     => $security_dir,
+    path    => ['/bin/','/usr/bin']
+  }
+
+  #TODO: SUHAS add ensure code to check local and us export policy files exist -> File["${java_exec} ${name}"]
+
+  anchor{"hdp::java::jce::package::${name}::begin":} -> Exec["jce-download ${name}"] ->  Exec["jce-install ${name}"] -> anchor{"hdp::java::jce::package::${name}::end":}
+}

Modified: incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/params.pp
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/params.pp?rev=1362633&r1=1362632&r2=1362633&view=diff
==============================================================================
--- incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/params.pp (original)
+++ incubator/ambari/trunk/hmc/puppet/modules/hdp/manifests/params.pp Tue Jul 17 20:16:37 2012
@@ -25,6 +25,12 @@ class hdp::params()
   $cluster_service_state = hdp_default("cluster_service_state","running")
   $cluster_client_state = hdp_default("cluster_client_state","installed_and_configured")
 
+  ##### for secure install
+  $security_enabled = hdp_default("security_enabled",false)
+  $kerberos_domain = hdp_default("kerberos_domain","EXAMPLE.COM")
+  $smoketest_user_secure_uid = hdp_default("smoketest_user_secure_uid",1012)
+  ## $smoketest_user_secure_uid = 1012
+
   ###### hostnames
   $namenode_host = hdp_default("namenode_host")
   $snamenode_host = hdp_default("snamenode_host")
@@ -115,7 +121,11 @@ class hdp::params()
   $smoke_user_group = hdp_default("smoke_user_group","users")
 
   #because of Puppet user resource issue make sure that $hadoop_user is different from hadoop_user_group
-  $hadoop_user = hdp_default("hadoop_user", "hadoop_deploy")
+  if ($security_enabled == true) {
+    $hadoop_user = "root"
+  } else {
+    $hadoop_user = hdp_default("hadoop_user", "hadoop_deploy")
+  }
   $hadoop_user_group = hdp_default("hadoop_user_group","hadoop")
 
   $ganglia_enabled = hdp_default("ganglia_enabled",true) 
@@ -134,7 +144,10 @@ class hdp::params()
     32 => "jdk-6u26-linux-i586.bin",
     64 => "jdk-6u26-linux-x64.bin"
   })
-  
+
+  $jce_policy_zip = "jce_policy-6.zip"
+  $jce_location = hdp_default("jce_location","http://download.oracle.com/otn-pub/java/jce_policy/6")
+
   #####
   $hadoop_home = hdp_default("hadoop_home","/usr")
   $hadoop_lib_home = hdp_default("hadoop_lib_home","/usr/lib/hadoop/lib")



Mime
View raw message