Return-Path: X-Original-To: apmail-incubator-ambari-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-ambari-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9BEB1CBF0 for ; Thu, 20 Jun 2013 01:02:57 +0000 (UTC) Received: (qmail 1647 invoked by uid 500); 20 Jun 2013 01:02:57 -0000 Delivered-To: apmail-incubator-ambari-commits-archive@incubator.apache.org Received: (qmail 1627 invoked by uid 500); 20 Jun 2013 01:02:57 -0000 Mailing-List: contact ambari-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@incubator.apache.org Delivered-To: mailing list ambari-commits@incubator.apache.org Received: (qmail 1619 invoked by uid 99); 20 Jun 2013 01:02:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jun 2013 01:02:57 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jun 2013 01:02:53 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 10535238897F; Thu, 20 Jun 2013 01:02:33 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1494828 - in /incubator/ambari/trunk/ambari-server/src: main/python/ambari-server.py test/python/TestAmbaryServer.py Date: Thu, 20 Jun 2013 01:02:32 -0000 To: ambari-commits@incubator.apache.org From: swagle@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130620010233.10535238897F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: swagle Date: Thu Jun 20 01:02:32 2013 New Revision: 1494828 URL: http://svn.apache.org/r1494828 Log: AMBARI-2441. Ambari server start fails with reconfigured user. (swagle) Modified: incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py Modified: incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py?rev=1494828&r1=1494827&r2=1494828&view=diff ============================================================================== --- incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py (original) +++ incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py Thu Jun 20 01:02:32 2013 @@ -86,8 +86,10 @@ NR_USERADD_CMD = 'useradd -M -g {0} --co NR_SET_USER_COMMENT_CMD = 'usermod -c "{0}" {1}' NR_GROUPADD_CMD = 'groupadd {0}' NR_ADD_USER_TO_GROUP = 'usermod -G {0} {0}' -NR_CHMOD_CMD = 'chmod {0} {1}' -NR_CHOWN_CMD = 'chown {0}:{1} {2}' +NR_CHMOD_CMD = 'chmod {0} {1} {2}' +NR_CHOWN_CMD = 'chown {0} {1}:{2} {3}' + +RECURSIVE_RM_CMD = 'rm -rf {0}' # openssl command EXPRT_KSTR_CMD = "openssl pkcs12 -export -in {0} -inkey {1} -certfile {0} -out {3} -password pass:{2} -passin pass:{2}" @@ -170,6 +172,7 @@ AMBARI_CONF_VAR="AMBARI_CONF_DIR" AMBARI_SERVER_LIB="AMBARI_SERVER_LIB" JAVA_HOME="JAVA_HOME" PID_DIR="/var/run/ambari-server" +BOOTSTRAP_DIR_PROPERTY="bootstrap.dir" PID_NAME="ambari-server.pid" AMBARI_PROPERTIES_FILE="ambari.properties" AMBARI_PROPERTIES_RPMSAVE_FILE="ambari.properties.rpmsave" @@ -357,24 +360,28 @@ def update_ambari_properties(): return 0 +NR_CONF_DIR = get_conf_dir() # ownership/permissions mapping -# path - permissions - user - group +# path - permissions - user - group - recursive +# Rules are executed in the same order as they are listed # {0} in user/group will be replaced by customized ambari-server username -NR_CONF_DIR = get_conf_dir() NR_ADJUST_OWNERSHIP_LIST =[ - ( "/etc/ambari-server/conf", "755", "{0}", "{0}" ), - ( "/etc/ambari-server/conf/ambari.properties", "644", "{0}", "{0}" ), - ( "/etc/ambari-server/conf/log4j.properties", "644", "root", "root" ), - ( "/var/lib/ambari-server/keys", "700", "{0}", "{0}" ), - ( "/var/lib/ambari-server/keys/db", "700", "{0}", "{0}" ), - ( "/var/lib/ambari-server/keys/db/index.txt", "700", "{0}", "{0}" ), - ( "/var/lib/ambari-server/keys/db/serial", "700", "{0}", "{0}" ), - ( "/var/lib/ambari-server/keys/db/newcerts", "700", "{0}", "{0}" ), - ( "/var/run/ambari-server", "755", "{0}", "{0}" ), - ( "/var/run/ambari-server/bootstrap", "755", "{0}", "{0}" ), - ( "/var/log/ambari-server", "755", "{0}", "{0}" ), - ( "/var/lib/ambari-server/ambari-env.sh", "770", "{0}", "root" ), + + ( "/var/log/ambari-server", "644", "{0}", "{0}", True ), + ( "/var/log/ambari-server", "755", "{0}", "{0}", False ), + ( "/var/run/ambari-server", "644", "{0}", "{0}" , True), + ( "/var/run/ambari-server", "755", "{0}", "{0}" , False), + ( "/var/run/ambari-server/bootstrap", "755", "{0}", "{0}", False ), + ( "/var/lib/ambari-server/keys", "600", "{0}", "{0}", True ), + ( "/var/lib/ambari-server/keys", "700", "{0}", "{0}", False ), + ( "/var/lib/ambari-server/keys/db", "700", "{0}", "{0}", False ), + ( "/var/lib/ambari-server/keys/db/newcerts", "700", "{0}", "{0}", False ), + ( "/var/lib/ambari-server/keys/.ssh", "700", "{0}", "{0}", False ), + ( "/etc/ambari-server/conf", "644", "{0}", "{0}", True ), + ( "/etc/ambari-server/conf", "755", "{0}", "{0}", False ), + ( "/etc/ambari-server/conf/password.dat", "640", "{0}", "{0}", False ), + # Also, /etc/ambari-server/conf/password.dat # is generated later at store_password_file ] @@ -547,28 +554,39 @@ def read_ambari_user(): def adjust_directory_permissions(ambari_user): - print "adjusting directory permissions..." + properties = get_ambari_properties() + bootstrap_dir = get_value_from_properties(properties, BOOTSTRAP_DIR_PROPERTY) + print "Wiping bootstrap dir ({0}) contents...".format(bootstrap_dir) + cmd = RECURSIVE_RM_CMD.format(bootstrap_dir) + run_os_command(cmd) + os.mkdir(bootstrap_dir) + print "adjusting permissions and ownership..." for pack in NR_ADJUST_OWNERSHIP_LIST: file = pack[0] mod = pack[1] user = pack[2].format(ambari_user) group = pack[3].format(ambari_user) - set_file_permissions(file, mod, user, group) + recursive = pack[4] + set_file_permissions(file, mod, user, group, recursive) -def set_file_permissions(file, mod, user, group): +def set_file_permissions(file, mod, user, group, recursive): WARN_MSG = "Command {0} returned exit code {1} with message: {2}" + if recursive: + params = " -R " + else: + params = "" if os.path.exists(file): - command = NR_CHMOD_CMD.format(mod, file) + command = NR_CHMOD_CMD.format(params, mod, file) retcode, out, err = run_os_command(command) if retcode != 0 : print_warning_msg(WARN_MSG.format(command, file, err)) - command = NR_CHOWN_CMD.format(user, group, file) + command = NR_CHOWN_CMD.format(params, user, group, file) retcode, out, err = run_os_command(command) if retcode != 0 : print_warning_msg(WARN_MSG.format(command, file, err)) else: - print_warning_msg("File %s does not exist" % file) + print_info_msg("File %s does not exist" % file) def create_custom_user(): @@ -795,7 +813,7 @@ def store_password_file(password, filena passFile.write(password) print_info_msg("Adjusting filesystem permissions") ambari_user = read_ambari_user() - set_file_permissions(passFilePath, "660", ambari_user, "root") + set_file_permissions(passFilePath, "660", ambari_user, "root", False) return passFilePath @@ -2585,11 +2603,11 @@ def import_cert_and_key(security_server_ if retcode == 0: print 'Successfully imported trusted cerificate and private key' - set_file_permissions(keystoreFilePath, "660", read_ambari_user(), "root") + set_file_permissions(keystoreFilePath, "660", read_ambari_user(), "root", False) with open(passFilePath, 'w+') as passFile: passFile.write(pem_password) pass - set_file_permissions(passFilePath, "660", read_ambari_user(), "root") + set_file_permissions(passFilePath, "660", read_ambari_user(), "root", False) import_file_to_keystore(import_cert_path, os.path.join(\ security_server_keys_dir, SSL_CERT_FILE_NAME)) import_file_to_keystore(import_key_path, os.path.join(\ @@ -2602,7 +2620,7 @@ def import_cert_and_key(security_server_ def import_file_to_keystore(source, destination): shutil.copy(source, destination) - set_file_permissions(destination, "660", read_ambari_user(), "root") + set_file_permissions(destination, "660", read_ambari_user(), "root", False) def get_validated_filepath_input(prompt, description, default=None): Modified: incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py?rev=1494828&r1=1494827&r2=1494828&view=diff ============================================================================== --- incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py (original) +++ incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py Thu Jun 20 01:02:32 2013 @@ -582,25 +582,52 @@ class TestAmbariServer(TestCase): user = ambari_server.read_ambari_user() self.assertEquals(user, None) + @patch.object(ambari_server, "set_file_permissions") - def test_adjust_directory_permissions(self, set_file_permissions_mock): + @patch.object(ambari_server, "run_os_command") + @patch.object(ambari_server, "get_ambari_properties") + @patch.object(ambari_server, "get_value_from_properties") + @patch.object(ambari_server, "os.mkdir") + def test_adjust_directory_permissions(self, mkdir_mock, get_value_from_properties_mock, get_ambari_properties_mock, + run_os_command_mock, set_file_permissions_mock): + # Testing boostrap dir wipe + properties_mock = MagicMock() + get_value_from_properties_mock.return_value = "dummy_bootstrap_dir" + ambari_server.adjust_directory_permissions("user") + self.assertEquals(run_os_command_mock.call_args_list[0][0][0], "rm -rf dummy_bootstrap_dir/*") + self.assertTrue(mkdir_mock.called) + + set_file_permissions_mock.reset_mock() + # Test recursive calls + old_list = ambari_server.NR_ADJUST_OWNERSHIP_LIST + + ambari_server.NR_ADJUST_OWNERSHIP_LIST = [ + ( "/etc/ambari-server/conf", "755", "{0}", "{0}", True ), + ( "/etc/ambari-server/conf/ambari.properties", "644", "{0}", "{0}", False ) + ] + ambari_server.adjust_directory_permissions("user") self.assertTrue(len(set_file_permissions_mock.call_args_list) == len(ambari_server.NR_ADJUST_OWNERSHIP_LIST)) + self.assertEquals(set_file_permissions_mock.call_args_list[0][0][4], True) + self.assertEquals(set_file_permissions_mock.call_args_list[1][0][4], False) + + ambari_server.NR_ADJUST_OWNERSHIP_LIST = old_list @patch("os.path.exists") @patch.object(ambari_server, "run_os_command") @patch.object(ambari_server, "print_warning_msg") - def test_set_file_permissions(self, print_warning_msg_mock, + @patch.object(ambari_server, "print_info_msg") + def test_set_file_permissions(self, print_info_msg_mock, print_warning_msg_mock, run_os_command_mock, exists_mock): # Testing not existent file scenario exists_mock.return_value = False ambari_server.set_file_permissions("dummy-file", "dummy-mod", - "dummy-user", "dummy-group") + "dummy-user", "dummy-group", False) self.assertFalse(run_os_command_mock.called) - self.assertTrue(print_warning_msg_mock.called) + self.assertTrue(print_info_msg_mock.called) run_os_command_mock.reset_mock() print_warning_msg_mock.reset_mock() @@ -609,7 +636,7 @@ class TestAmbariServer(TestCase): exists_mock.return_value = True run_os_command_mock.side_effect = [(0, "", ""), (0, "", "")] ambari_server.set_file_permissions("dummy-file", "dummy-mod", - "dummy-user", "dummy-group") + "dummy-user", "dummy-group", False) self.assertTrue(len(run_os_command_mock.call_args_list) == 2) self.assertFalse(print_warning_msg_mock.called) @@ -619,7 +646,7 @@ class TestAmbariServer(TestCase): # Testing first command fail run_os_command_mock.side_effect = [(1, "", ""), (0, "", "")] ambari_server.set_file_permissions("dummy-file", "dummy-mod", - "dummy-user", "dummy-group") + "dummy-user", "dummy-group", False) self.assertTrue(len(run_os_command_mock.call_args_list) == 2) self.assertTrue(print_warning_msg_mock.called) @@ -629,13 +656,42 @@ class TestAmbariServer(TestCase): # Testing second command fail run_os_command_mock.side_effect = [(0, "", ""), (1, "", "")] ambari_server.set_file_permissions("dummy-file", "dummy-mod", - "dummy-user", "dummy-group") + "dummy-user", "dummy-group", False) self.assertTrue(len(run_os_command_mock.call_args_list) == 2) self.assertTrue(print_warning_msg_mock.called) run_os_command_mock.reset_mock() print_warning_msg_mock.reset_mock() + # Testing recursive operation + + exists_mock.return_value = True + run_os_command_mock.side_effect = [(0, "", ""), (0, "", "")] + ambari_server.set_file_permissions("dummy-file", "dummy-mod", + "dummy-user", "dummy-group", True) + self.assertTrue(len(run_os_command_mock.call_args_list) == 2) + self.assertTrue("-R" in run_os_command_mock.call_args_list[0][0][0]) + self.assertTrue("-R" in run_os_command_mock.call_args_list[1][0][0]) + self.assertFalse(print_warning_msg_mock.called) + + run_os_command_mock.reset_mock() + print_warning_msg_mock.reset_mock() + + # Testing non-recursive operation + + exists_mock.return_value = True + run_os_command_mock.side_effect = [(0, "", ""), (0, "", "")] + ambari_server.set_file_permissions("dummy-file", "dummy-mod", + "dummy-user", "dummy-group", False) + self.assertTrue(len(run_os_command_mock.call_args_list) == 2) + self.assertFalse("-R" in run_os_command_mock.call_args_list[0][0][0]) + self.assertFalse("-R" in run_os_command_mock.call_args_list[1][0][0]) + self.assertFalse(print_warning_msg_mock.called) + + run_os_command_mock.reset_mock() + print_warning_msg_mock.reset_mock() + + @patch.object(ambari_server, "get_validated_string_input") @patch.object(ambari_server, "print_info_msg")