incubator-bigtop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject svn commit: r1303053 - in /incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet: manifests/ modules/hadoop-zookeeper/files/ modules/hadoop-zookeeper/manifests/ modules/hadoop-zookeeper/templates/
Date Tue, 20 Mar 2012 17:58:10 GMT
Author: rvs
Date: Tue Mar 20 17:58:10 2012
New Revision: 1303053

URL: http://svn.apache.org/viewvc?rev=1303053&view=rev
Log:
BIGTOP-466. Secure zookeeper support missing from puppet (Patrick Taylor Ramsey via rvs)

Added:
    incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/files/
    incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/files/java.env
    incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/jaas.conf
Modified:
    incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/manifests/cluster.pp
    incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/manifests/init.pp
    incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/zoo.cfg

Modified: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/manifests/cluster.pp
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/manifests/cluster.pp?rev=1303053&r1=1303052&r2=1303053&view=diff
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/manifests/cluster.pp (original)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/manifests/cluster.pp Tue Mar
20 17:58:10 2012
@@ -158,6 +158,7 @@ class hadoop_head_node inherits hadoop_c
   hadoop-zookeeper::server { "zookeeper":
         myid => "0",
         ensemble => $hadoop_zookeeper_ensemble,
+        kerberos_realm => $kerberos_realm, 
   }
 
   hadoop::create_hdfs_dirs { [ "/mapred", "/tmp", "/system", "/user", "/hbase", "/benchmarks",
"/user/jenkins", "/user/hive", "/user/root", "/user/history" ]:

Added: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/files/java.env
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/files/java.env?rev=1303053&view=auto
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/files/java.env
(added)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/files/java.env
Tue Mar 20 17:58:10 2012
@@ -0,0 +1 @@
+export SERVER_JVMFLAGS="-Djava.security.auth.login.config=/etc/zookeeper/conf/jaas.conf"

Modified: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/manifests/init.pp
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/manifests/init.pp?rev=1303053&r1=1303052&r2=1303053&view=diff
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/manifests/init.pp
(original)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/manifests/init.pp
Tue Mar 20 17:58:10 2012
@@ -20,7 +20,9 @@ class hadoop-zookeeper {
     } 
   }
 
-  define server($myid, $ensemble = ["localhost:2888:3888"]) {
+  define server($myid, $ensemble = ["localhost:2888:3888"],
+                $kerberos_realm = "") 
+  {
     package { "zookeeper-server":
       ensure => latest,
     }
@@ -42,5 +44,25 @@ class hadoop-zookeeper {
       content => inline_template("<%= myid %>"),
       require => Package["zookeeper-server"],
     }
+
+    if ($kerberos_realm) {
+      require kerberos::client
+
+      kerberos::host_keytab { "zookeeper":
+        notify => Service["zookeeper-server"],
+      }
+
+      file { "/etc/zookeeper/conf/java.env":
+        source  => "puppet:///modules/hadoop-zookeeper/java.env",
+        require => Package["zookeeper-server"],
+        notify  => Service["zookeeper-server"],
+      }
+
+      file { "/etc/zookeeper/conf/jaas.conf":
+        content => template("hadoop-zookeeper/jaas.conf"),
+        require => Package["zookeeper-server"],
+        notify  => Service["zookeeper-server"],
+      }
+    }
   }
 }

Added: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/jaas.conf
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/jaas.conf?rev=1303053&view=auto
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/jaas.conf
(added)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/jaas.conf
Tue Mar 20 17:58:10 2012
@@ -0,0 +1,8 @@
+Server {
+      com.sun.security.auth.module.Krb5LoginModule required
+      useKeyTab=true
+      keyTab="/etc/zookeeper.keytab"
+      storeKey=true
+      useTicketCache=false
+      principal="zookeeper/<%= fqdn %>@<%= kerberos_realm %>";
+};

Modified: incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/zoo.cfg
URL: http://svn.apache.org/viewvc/incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/zoo.cfg?rev=1303053&r1=1303052&r2=1303053&view=diff
==============================================================================
--- incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/zoo.cfg
(original)
+++ incubator/bigtop/branches/hadoop-0.23/bigtop-deploy/puppet/modules/hadoop-zookeeper/templates/zoo.cfg
Tue Mar 20 17:58:10 2012
@@ -29,3 +29,14 @@ clientPort=2181
 <% ensemble.each_with_index do |server,idx| %>
 server.<%= idx %>=<%= server %>
 <% end %>
+
+<% if kerberos_realm != "" -%>
+authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
+jaasLoginRenew=3600000
+
+# HBase needs these configs so that different hbase daemons 
+# (master, regionservers), which run on different hosts, can 
+# read from and write to znodes that others create
+kerberos.removeHostFromPrincipal=true
+kerberos.removeRealmFromPrincipal=true
+<% end -%>



Mime
View raw message