Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7E0DB200B50 for ; Fri, 24 Jun 2016 00:17:33 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 7CC5D160A68; Thu, 23 Jun 2016 22:17:33 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A68D3160A6A for ; Fri, 24 Jun 2016 00:17:32 +0200 (CEST) Received: (qmail 24050 invoked by uid 500); 23 Jun 2016 22:17:31 -0000 Mailing-List: contact commits-help@trafodion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: commits@trafodion.apache.org Delivered-To: mailing list commits@trafodion.apache.org Received: (qmail 23813 invoked by uid 99); 23 Jun 2016 22:17:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jun 2016 22:17:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 9B9D2C017B for ; Thu, 23 Jun 2016 22:17:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.648 X-Spam-Level: X-Spam-Status: No, score=-4.648 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.428] autolearn=disabled Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 0fofhdtbASy0 for ; Thu, 23 Jun 2016 22:17:25 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with SMTP id 7259D5FB9E for ; Thu, 23 Jun 2016 22:17:23 +0000 (UTC) Received: (qmail 23733 invoked by uid 99); 23 Jun 2016 22:17:22 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Jun 2016 22:17:22 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 635D8E9682; Thu, 23 Jun 2016 22:17:22 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: dbirdsall@apache.org To: commits@trafodion.incubator.apache.org Date: Thu, 23 Jun 2016 22:17:27 -0000 Message-Id: <0c0dba4586394de492040cea9261cafd@git.apache.org> In-Reply-To: <7b248c13a0a74e3a902c1f3c71ed7907@git.apache.org> References: <7b248c13a0a74e3a902c1f3c71ed7907@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [6/8] incubator-trafodion git commit: TRAFODION [109] Instrument Trafodion to work with Secure Hadoop (Kerberos) archived-at: Thu, 23 Jun 2016 22:17:33 -0000 TRAFODION [109] Instrument Trafodion to work with Secure Hadoop (Kerberos) The Jenkins environment is not able to setup LDAP. Made the following changes: - Moved configuring LDAP until after sqgen is called - Fixed a bug when copying LDAP conf file for multi-node environment - Displays contents of LDAP conf file when an error occurs to help debugging - Couple minor edits Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/a7f9c83f Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/a7f9c83f Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/a7f9c83f Branch: refs/heads/master Commit: a7f9c83fae1009e997b56bb1aca5d383d28493a5 Parents: 1946255 Author: Roberta Marton Authored: Fri Jun 17 18:19:29 2016 +0000 Committer: Roberta Marton Committed: Fri Jun 17 18:19:29 2016 +0000 ---------------------------------------------------------------------- install/installer/traf_add_kerberos | 2 +- install/installer/traf_add_ldap | 36 ++++++++++++++++--------- install/installer/trafodion_config_default | 4 +-- install/installer/trafodion_install | 24 ++++++++++++----- install/installer/trafodion_uninstaller | 4 +-- 5 files changed, 45 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/traf_add_kerberos ---------------------------------------------------------------------- diff --git a/install/installer/traf_add_kerberos b/install/installer/traf_add_kerberos index e055dd4..0ff1e74 100755 --- a/install/installer/traf_add_kerberos +++ b/install/installer/traf_add_kerberos @@ -183,7 +183,7 @@ if [[ $? -ne 0 ]]; then rm $LOCAL_WORKDIR/kerberos.tmp fi -# Grant all privileges to the Trafodion principle in HBase +# Grant all privileges to the Trafodion principal in HBase echo "***INFO: Grant HBase privileges to $TRAF_USER user" sudo -u $HBASE_USER kinit -kt $HBASE_KEYTAB $HBASE_PRINCIPAL if [[ $? -ne 0 ]]; then http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/traf_add_ldap ---------------------------------------------------------------------- diff --git a/install/installer/traf_add_ldap b/install/installer/traf_add_ldap index be85389..652326f 100755 --- a/install/installer/traf_add_ldap +++ b/install/installer/traf_add_ldap @@ -44,28 +44,38 @@ echo echo "***INFO: Running LDAP installation" echo "***INFO: Copy $LDAP_AUTH_FILE to all nodes" -sudo cp -r $LOCAL_WORKDIR/$LDAP_AUTH_FILE $HOME_DIR/$TRAF_USER -sudo chown $TRAF_USER.$TRAF_GROUP $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE -sudo chmod 750 $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE - +# Copy traf_authentication_config file to correct location and change to official name +if [[ "$all_node_count" -eq "1" ]]; then + sudo cp -r $LOCAL_WORKDIR/$LDAP_AUTH_FILE $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE + sudo chown $TRAF_USER.$TRAF_GROUP $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE + sudo su $TRAF_USER --command "cp $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE $SQ_ROOT/sql/scripts/.traf_authentication_config" 2>&1 + sudo su $TRAF_USER --command "chmod 750 $SQ_ROOT/sql/scripts/.traf_authentication_config" +else + $TRAF_PDCP $LOCAL_WORKDIR/$LDAP_AUTH_FILE $HOME + $TRAF_PDSH sudo cp $HOME/$LDAP_AUTH_FILE $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE + $TRAF_PDSH sudo chown $TRAF_USER:$TRAF_GROUP $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE + sudo su $TRAF_USER --command "$TRAF_PDSH cp $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE $SQ_ROOT/sql/scripts/.traf_authentication_config" + sudo su $TRAF_USER --command "$TRAF_PDSH chmod 750 $SQ_ROOT/sql/scripts/.traf_authentication_config" +fi + # Check traf_authentication_config for errors echo "***INFO: Checking LDAP Configuration file for errors." -sudo su $TRAF_USER --login --command "ldapconfigcheck -file $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE" | tee -a $INSTALL_LOG +sudo su $TRAF_USER --login --command "ldapconfigcheck -file $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE" if [ ${PIPESTATUS[0]} != "0" ]; then echo "***ERROR: traf_authentication_config not configured correctly." + echo "***ERROR: Configuration file LDAP_AUTH_FILE located $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE" + echo "***ERROR: Contents of the configuration file is:" + echo "`sudo cat $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE | grep -v '#' | awk NF`" exit -1 fi -# Copy traf_authentication_config file to correct location and change to official name -if [[ "$all_node_count" -eq "1" ]]; then - sudo su $TRAF_USER --login --command "cp $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE $SQ_ROOT/sql/scripts/.traf_authentication_config" 2>&1 -else - sudo su $TRAF_USER --command "$TRAF_PDCP $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE $SQ_ROOT/sql/scripts/.traf_authentication_config" 2>&1 -fi - -sudo su $TRAF_USER --login --command "ldapcheck --username=$DB_ROOT_NAME" | tee -a $INSTALL_LOG +echo "***INFO: Verifying that LDAP username \"$DB_ROOT_NAME\" exists" +sudo su $TRAF_USER --login --command "ldapcheck --username=$DB_ROOT_NAME" if [ ${PIPESTATUS[0]} != "0" ]; then echo "***ERROR: traf_authentication_config not configured correctly." + echo "***ERROR: Configuration file LDAP_AUTH_FILE located $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE" + echo "***ERROR: Contents of the configuration file is:" + echo "`sudo cat $HOME_DIR/$TRAF_USER/$LDAP_AUTH_FILE | grep -v '#' | awk NF`" exit -1 fi http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/trafodion_config_default ---------------------------------------------------------------------- diff --git a/install/installer/trafodion_config_default b/install/installer/trafodion_config_default index 981d2cf..00eed16 100755 --- a/install/installer/trafodion_config_default +++ b/install/installer/trafodion_config_default @@ -130,8 +130,6 @@ export INIT_TRAFODION="N" # Default is to leave as is and this file will be created. export SQCONFIG="" -export CONFIG_COMPLETE="true" - #----------------- security configuration information ----------------- #Enter in Kerberos details if Kerberos is enabled on your cluster @@ -170,6 +168,8 @@ export LDAP_AUTH_FILE="traf_authentication_config_${HOSTNAME}" DB_ROOT_NAME="trafodion" #----------------- end security configuration ----------------- +export CONFIG_COMPLETE="true" + #HA configuraton enabled, if want to enable set to true and add valid floating IP address. export ENABLE_HA="false" http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/trafodion_install ---------------------------------------------------------------------- diff --git a/install/installer/trafodion_install b/install/installer/trafodion_install index 452995f..bd12188 100755 --- a/install/installer/trafodion_install +++ b/install/installer/trafodion_install @@ -725,11 +725,27 @@ if [[ "$SECURE_HADOOP" == "Y" ]]; then echo "***ERROR: Kerberos not enabled" | tee -a $INSTALL_LOG exit -1 fi +else + echo "***INFO: Skipping Kerberos setup for Trafodion" fi echo "***INFO: Secure Hadoop setup for Trafodion ran successfully." -# setup identity store (LDAP) stuff +# Install and configure CLI for Cloud environments +if [ "$ENABLE_HA" == "true" ] && [[ $CLOUD_CONFIG == "Y" ]] && [[ $all_node_count -gt 1 ]]; then + echo "***INFO: Install and configure CLI for Cloud" + $TRAF_WORKDIR/installer/cloud_cli_setup +fi + +sudo su $TRAF_USER --login --command "$TRAF_WORKDIR/installer/traf_sqgen" 2>&1 | tee -a $INSTALL_LOG +if [ ${PIPESTATUS[0]} != "0" ]; then + echo "***ERROR: Error while running traf_sqgen" | tee -a $INSTALL_LOG + echo "***ERROR: Setup not complete, review logs." | tee -a $INSTALL_LOG + echo "***ERROR: Exiting...." | tee -a $INSTALL_LOG + exit -1 +fi + +# setup identity store (LDAP) stuff - has to be done after traf_sqgen completes if [[ "$LDAP_SECURITY" == "Y" ]]; then $LOCAL_WORKDIR/traf_add_ldap | tee -a $INSTALL_LOG if [ ${PIPESTATUS[0]} != "0" ]; then @@ -739,14 +755,8 @@ if [[ "$LDAP_SECURITY" == "Y" ]]; then fi fi -# Install and configure CLI for Cloud environments -if [ "$ENABLE_HA" == "true" ] && [[ $CLOUD_CONFIG == "Y" ]] && [[ $all_node_count -gt 1 ]]; then - echo "***INFO: Install and configure CLI for Cloud" - $TRAF_WORKDIR/installer/cloud_cli_setup -fi if [[ $START_ALL == "Y" ]]; then - sudo su $TRAF_USER --login --command "$TRAF_WORKDIR/installer/traf_sqgen" 2>&1 | tee -a $INSTALL_LOG sudo su $TRAF_USER --login --command "$TRAF_WORKDIR/installer/traf_start" 2>&1 | tee -a $INSTALL_LOG if [ ${PIPESTATUS[0]} != "0" ]; then http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/a7f9c83f/install/installer/trafodion_uninstaller ---------------------------------------------------------------------- diff --git a/install/installer/trafodion_uninstaller b/install/installer/trafodion_uninstaller index b0ec497..553cacd 100755 --- a/install/installer/trafodion_uninstaller +++ b/install/installer/trafodion_uninstaller @@ -110,9 +110,9 @@ if [[ "$SECURE_HADOOP" == "Y" ]]; then echo "***INFO: Stopping Kerberos ticket monitoring process" if [ $all_node_count -eq 1 ]; then - sudo su $TRAF_USER --login --command "$SQ_ROOT/sql/scripts/krb5service stop" + sudo su $TRAF_USER --login --command "$SQ_ROOT/sql/scripts/krb5service stop 2>/dev/null" else - $TRAF_PDSH "sudo su $TRAF_USER --login --command \"$SQ_ROOT/sql/scripts/krb5service stop\"" + $TRAF_PDSH "sudo su $TRAF_USER --login --command \"$SQ_ROOT/sql/scripts/krb5service stop 2>/dev/null\"" fi fi