http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/metrics.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/metrics.json b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/metrics.json new file mode 100644 index 0000000..826c0e8 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/metrics.json @@ -0,0 +1,262 @@ +{ + "KAFKA_BROKER": { + "Component": [ + { + "type": "ganglia", + "metrics": { + "metrics/jvm/uptime":{ + "metric":"jvm.uptime", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/heap_usage":{ + "metric":"jvm.heap_usage", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/non_heap_usage":{ + "metric":"jvm.non_heap_usage", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/thread-states/runnable":{ + "metric":"jvm.thread-states.runnable", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/thread-states/blocked":{ + "metric":"jvm.thread-states.blocked", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/thread-states/timed_waiting":{ + "metric":"jvm.thread-states.timed_waiting", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/thread-states/terminated":{ + "metric":"jvm.thread-states.terminated", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/thread_count":{ + "metric":"jvm.thread_count", + "pointInTime":true, + "temporal":true + }, + "metrics/jvm/daemon_thread_count":{ + "metric":"jvm.daemon_thread_count", + "pointInTime":true, + "temporal":true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/1MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsMessagesInPerSec.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/5MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsMessagesInPerSec.5MinuteRate", + "pointInTime": false, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/15MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsMessagesInPerSec.15MinuteRate", + "pointInTime": false, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/meanRate": { + "metric": "kafka.server.BrokerTopicMetrics/AllTopicsMessagesInPerSec/meanRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsMessagesInPerSec/count": { + "metric": "kafka.server.BrokerTopicMetrics/AllTopicsMessagesInPerSec.counte", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/1MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesInPerSec.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/5MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesInPerSec.5MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/15MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesInPerSec.15MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/meanRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesInPerSec.meanRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesInPerSec/count": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesInPerSec.count", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/1MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesOutPerSec.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/5MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesOutPerSec.5MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/15MinuteRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesOutPerSec.15MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/meanRate": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesOutPerSec.meanRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/server/BrokerTopicMetrics/AllTopicsBytesOutPerSec/count": { + "metric": "kafka.server.BrokerTopicMetrics.AllTopicsBytesOutPerSec.count", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/KafkaController/ActiveControllerCount": { + "metric": "kafka.controller.KafkaController.ActiveControllerCount", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/log/LogFlushStats/LogFlushRateAndTimeMs/meanRate": { + "metric": "kafka.log.LogFlushStats.LogFlushRateAndTimeMs.meanRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/log/LogFlushStats/LogFlushRateAndTimeMs/1MinuteRate": { + "metric": "kafka.log.LogFlushStats.LogFlushRateAndTimeMs.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/log/LogFlushStats/LogFlushRateAndTimeMs/5MinuteRate": { + "metric": "kafka.log.LogFlushStats.LogFlushRateAndTimeMs.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/log/LogFlushStats/LogFlushRateAndTimeMs/15MinuteRate": { + "metric": "kafka.log.LogFlushStats.LogFlushRateAndTimeMs.15MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/log/LogFlushStats/LogFlushRateAndTimeMs/count": { + "metric": "kafka.log.LogFlushStats.LogFlushRateAndTimeMs.count", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/meanRate": { + "metric": "kafka.controller.ControllerStats.LeaderElectionRateAndTimeMs.meanRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/1MinuteRate": { + "metric": "kafka.controller.ControllerStats.LeaderElectionRateAndTimeMs.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/5MinuteRate": { + "metric": "kafka.controller.ControllerStats.LeaderElectionRateAndTimeMs.5MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/15MinuteRate": { + "metric": "kafka.controller.ControllerStats.LeaderElectionRateAndTimeMs.15MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/LeaderElectionRateAndTimeMs/count": { + "metric": "kafka.controller.ControllerStats.LeaderElectionRateAndTimeMs.count", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/1MinuteRate": { + "metric": "kafka.controller.ControllerStats.UncleanLeaderElectionsPerSec.1MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/5MinuteRate": { + "metric": "kafka.controller.ControllerStats.UncleanLeaderElectionsPerSec.5MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/UncleanLeaderElectionsPerSec/15MinuteRate": { + "metric": "kafka.controller.ControllerStats.UncleanLeaderElectionsPerSec.15MinuteRate", + "pointInTime": true, + "temporal": true + }, + "metrics/kafka/controller/ControllerStats/OfflinePartitionsCount": { + "metric": "kafka.controller.ControllerStats.OfflinePartitionsCount", + "pointInTime" :true, + "temporal": true + }, + "metrics/kafka/server/ReplicaManager/PartitionCount": { + "metric": "kafka.server.ReplicaManager.PartitionCount", + "pointInTime" : true, + "temporal": true + }, + "metrics/kafka/server/ReplicaManager/LeaderCount": { + "metric": "kafka.server.ReplicaManager.LeaderCount", + "pointInTime" : true, + "temporal": true + }, + "metrics/kafka/server/ReplicaManager/UnderReplicatedPartitions": { + "metric": "kafka.server.ReplicaManager.UnderReplicatedPartitions", + "pointInTime" :true, + "temporal": true + }, + "metrics/kafka/server/ReplicaManager/ISRShrinksPerSec": { + "metric": "kafka.server.ReplicaManager.ISRShrinksPerSec", + "pointInTime" : true, + "temporal": true + }, + "metrics/kafka/server/ReplicaManager/ISRExpandsPerSec": { + "metric": "kafka.server.ReplicaManager.ISRExpandsPerSec", + "pointInTime" : true, + "temporal": true + }, + + "metrics/kafka/server/ReplicaFetcherManager/Replica-MaxLag": { + "metric": "kafka.server.ReplicaFetcherManager.Replica-MaxLag", + "pointInTime" : true, + "temporal": true + }, + "metrics/kafka/server/ProducerRequestPurgatory/PurgatorySize": { + "metric": "kafka.server.ProducerRequestPurgatory.PurgatorySize", + "pointInTime" : true, + "temporal": true + }, + "metrics/kafka/server/FetchRequestPurgatory/PurgatorySize": { + "metric": "kafka.server.FetchRequestPurgatory.PurgatorySize", + "pointInTime" : true, + "temporal": true + }, + "metrics/kafka/cluster/Partition/$1-UnderReplicated":{ + "metric":"kafka.cluster.Partition.(\\w+)-UnderReplicated", + "pointInTime":true, + "temporal":true + }, + "metrics/kafka/consumer/ConsumerFetcherManager/$1-MaxLag":{ + "metric":"kafka.consumer.ConsumerFetcherManager.(\\w+)-MaxLag", + "pointInTime":true, + "temporal":true + }, + "metrics/kafka/consumer/ConsumerFetcherManager/$1-MinFetch":{ + "metric":"kafka.consumer.ConsumerFetcherManager.(\\w+)-MinFetch", + "pointInTime":true, + "temporal":true + } + } + } + ] + } +}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka.py new file mode 100644 index 0000000..c0231a8 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka.py @@ -0,0 +1,70 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from resource_management import * +from properties_config import properties_config +import sys +from copy import deepcopy + +def kafka(): + import params + + Directory([params.log_dir, params.pid_dir, params.conf_dir], + owner=params.kafka_user, + group=params.user_group, + recursive=True + ) + brokerid = str(sorted(params.kafka_hosts).index(params.hostname)) + kafka_server_config = mutable_config_dict(params.config['configurations']['kafka-broker']) + kafka_server_config['broker.id'] = brokerid + kafka_server_config['host.name'] = params.hostname + kafka_data_dir = kafka_server_config['log.dirs'] + Directory(filter(None,kafka_data_dir.split(",")), + owner=params.kafka_user, + group=params.user_group, + recursive=True) + + conf_dir = params.conf_dir + properties_config("server.properties", + conf_dir=params.conf_dir, + configurations=kafka_server_config, + owner=params.kafka_user, + group=params.user_group, + brokerid=brokerid) + + File(format("{conf_dir}/kafka-env.sh"), + owner=params.kafka_user, + content=InlineTemplate(params.kafka_env_sh_template) + ) + + if (params.log4j_props != None): + File(format("{conf_dir}/log4j.properties"), + mode=0644, + group=params.user_group, + owner=params.kafka_user, + content=params.log4j_props + ) + + +def mutable_config_dict(kafka_broker_config): + kafka_server_config = {} + for key, value in kafka_broker_config.iteritems(): + kafka_server_config[key] = value + return kafka_server_config http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka_broker.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka_broker.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka_broker.py new file mode 100644 index 0000000..c79ebb9 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/kafka_broker.py @@ -0,0 +1,63 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from resource_management import * +import sys + +from kafka import kafka + +class KafkaBroker(Script): + def install(self, env): + self.install_packages(env) + self.configure(env) + + def configure(self, env): + import params + env.set_params(params) + kafka() + + def start(self, env): + import params + env.set_params(params) + self.configure(env) + daemon_cmd = format('source {params.conf_dir}/kafka-env.sh ; {params.kafka_bin} start') + no_op_test = format('ls {params.pid_file} >/dev/null 2>&1 && ps -p `cat {params.pid_file}` >/dev/null 2>&1') + Execute(daemon_cmd, + user=params.kafka_user, + not_if=no_op_test + ) + + def stop(self, env): + import params + env.set_params(params) + self.configure(env) + daemon_cmd = format('source {params.conf_dir}/kafka-env.sh; {params.kafka_bin} stop') + Execute(daemon_cmd, + user=params.kafka_user, + ) + Execute (format("rm -f {params.pid_file}")) + + + def status(self, env): + import status_params + env.set_params(status_params) + check_process_status(status_params.kafka_pid_file) + +if __name__ == "__main__": + KafkaBroker().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/params.py new file mode 100644 index 0000000..83d6d73 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/params.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from resource_management.libraries.functions.version import format_hdp_stack_version, compare_versions +from resource_management import * +import status_params + +# server configurations +config = Script.get_config() + +hdp_stack_version = str(config['hostLevelParams']['stack_version']) +hdp_stack_version = format_hdp_stack_version(hdp_stack_version) +stack_is_hdp22_or_further = hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0 + +if stack_is_hdp22_or_further: + kafka_home = '/usr/hdp/current/kafka-broker/' + kafka_bin = kafka_home+'bin/kafka' +else: + kafka_home = '/usr/lib/kafka/' + kafka_bin = kafka_home+'/bin/kafka' + + +conf_dir = "/etc/kafka/conf" +kafka_user = config['configurations']['kafka-env']['kafka_user'] +log_dir = config['configurations']['kafka-env']['kafka_log_dir'] +pid_dir = status_params.kafka_pid_dir +pid_file = pid_dir+"/kafka.pid" +hostname = config['hostname'] +user_group = config['configurations']['cluster-env']['user_group'] +java64_home = config['hostLevelParams']['java_home'] +kafka_env_sh_template = config['configurations']['kafka-env']['content'] +kafka_hosts = config['clusterHostInfo']['kafka_broker_hosts'] +kafka_hosts.sort() + +zookeeper_hosts = config['clusterHostInfo']['zookeeper_hosts'] +zookeeper_hosts.sort() + +if (('kafka-log4j' in config['configurations']) and ('content' in config['configurations']['kafka-log4j'])): + log4j_props = config['configurations']['kafka-log4j']['content'] +else: + log4j_props = None http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/properties_config.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/properties_config.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/properties_config.py new file mode 100644 index 0000000..56bab2c --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/properties_config.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +import re +from resource_management import * + +def properties_inline_template(configurations): + return source.InlineTemplate('''{% for key, value in configurations_dict.items() %}{{ key }}={{ value }} +{% endfor %}''', configurations_dict=configurations) + +def properties_config(filename, configurations = None, conf_dir = None, + mode = None, owner = None, group = None, brokerid = None): + config_content = properties_inline_template(configurations) + File (format("{conf_dir}/{filename}"), content = config_content, owner = owner, + group = group, mode = mode) http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/service_check.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/service_check.py new file mode 100644 index 0000000..c2b4bc1 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/service_check.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" +from __future__ import print_function +from resource_management import * +import sys,subprocess,os + +class ServiceCheck(Script): + def service_check(self, env): + import params + env.set_params(params) + kafka_config=self.read_kafka_config(params.conf_dir) + self.set_env(params.conf_dir) + create_topic_cmd_created_output = "Created topic \"ambari_kafka_service_check\"." + create_topic_cmd_exists_output = "Topic \"ambari_kafka_service_check\" already exists." + print("Running kafka create topic command", file=sys.stdout) + create_topic_cmd = [params.kafka_home+'/bin/kafka-topics.sh', '--zookeeper '+kafka_config['zookeeper.connect'], + '--create --topic ambari_kafka_service_check', '--partitions 1 --replication-factor 1'] + print(" ".join(create_topic_cmd), file=sys.stdout) + create_topic_process = subprocess.Popen(create_topic_cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE) + out, err = create_topic_process.communicate() + if out.find(create_topic_cmd_created_output) != -1: + print(out, file=sys.stdout) + sys.exit(0) + elif out.find(create_topic_cmd_exists_output) != -1: + print("Topic ambari_kafka_service_check exists", file=sys.stdout) + sys.exit(0) + else: + print(out, file=sys.stderr) + sys.exit(1) + + def read_kafka_config(self,kafka_conf_dir): + conf_file = open(kafka_conf_dir+"/server.properties","r") + kafka_config = {} + for line in conf_file: + key,value = line.split("=") + kafka_config[key] = value.replace("\n","") + return kafka_config + + def set_env(self, kafka_conf_dir): + command = ['bash', '-c', 'source '+kafka_conf_dir+'/kafka-env.sh && env'] + proc = subprocess.Popen(command, stdout = subprocess.PIPE) + for line in proc.stdout: + (key, _, value) = line.partition("=") + os.environ[key] = value.replace("\n","") + proc.communicate() + +if __name__ == "__main__": + ServiceCheck().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/status_params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/status_params.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/status_params.py new file mode 100644 index 0000000..fcb0816 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KAFKA/package/scripts/status_params.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from resource_management import * + +config = Script.get_config() + +kafka_pid_dir = config['configurations']['kafka-env']['kafka_pid_dir'] +kafka_pid_file = format("{kafka_pid_dir}/kafka.pid") http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kadm5-acl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kadm5-acl.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kadm5-acl.xml new file mode 100644 index 0000000..293bcbf --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kadm5-acl.xml @@ -0,0 +1,36 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- + ~ Licensed to the Apache Software Foundation (ASF) under one + ~ or more contributor license agreements. See the NOTICE file + ~ distributed with this work for additional information + ~ regarding copyright ownership. The ASF licenses this file + ~ to you under the Apache License, Version 2.0 (the + ~ "License"); you may not use this file except in compliance + ~ with the License. You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<configuration> + <property> + <name>conf_dir</name> + <description>The kadm.acl configuration directory</description> + <value>/var/kerberos/krb5kdc</value> + </property> + <property> + <name>content</name> + <description>The jinja template for the kadm5.acl file</description> + <value> + */admin@{{realm}} * + + {# Append additional realm declarations below #} + </value> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kdc-conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kdc-conf.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kdc-conf.xml new file mode 100644 index 0000000..ac41317 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/kdc-conf.xml @@ -0,0 +1,57 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration> + <property> + <name>kdcdefaults_kdc_ports</name> + <value>88</value> + </property> + <property> + <name>kdcdefaults_kdc_tcp_ports</name> + <value>88</value> + </property> + + <property> + <name>conf_dir</name> + <description>The kdc.conf configuration directory</description> + <value>/var/kerberos/krb5kdc</value> + </property> + <property> + <name>content</name> + <description>The jinja template for the kdc.conf file</description> + <value> + [kdcdefaults] + kdc_ports = {{kdcdefaults_kdc_ports}} + kdc_tcp_ports = {{kdcdefaults_kdc_tcp_ports}} + + [realms] + {{realm}} = { + acl_file = {{kadm5_acl_path}} + dict_file = /usr/share/dict/words + admin_keytab = {{kadm5_acl_dir}}/kadm5.keytab + supported_enctypes = {{libdefaults_default_tgs_enctypes}} + } + + {# Append additional realm declarations below #} + </value> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml new file mode 100644 index 0000000..8e6b9ba --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/configuration/krb5-conf.xml @@ -0,0 +1,186 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration> + <property> + <name>logging_default</name> + <value>FILE:/var/log/krb5libs.log</value> + </property> + <property> + <name>logging_kdc</name> + <value>FILE:/var/log/krb5kdc.log</value> + </property> + <property> + <name>logging_admin_server</name> + <value>FILE:/var/log/kadmind.log</value> + </property> + + <property> + <name>libdefaults_dns_lookup_realm</name> + <value>false</value> + </property> + <property> + <name>libdefaults_dns_lookup_kdc</name> + <value>false</value> + </property> + <property> + <name>libdefaults_ticket_lifetime</name> + <value>24h</value> + </property> + <property> + <name>libdefaults_renew_lifetime</name> + <value>7d</value> + </property> + <property> + <name>libdefaults_forwardable</name> + <value>true</value> + </property> + <property> + <name>libdefaults_default_tgs_enctypes</name> + <description> + a space-delimited list of session key encryption types supported by the KDC or Active + Directory + </description> + <value> + aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 + camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 + </value> + </property> + <property> + <name>libdefaults_default_tkt_enctypes</name> + <description> + a space-delimited list of session key encryption types supported by the KDC or Active + Directory + </description> + <value> + aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 + camellia256-cts-cmac camellia128-cts-cmac des-cbc-crc des-cbc-md5 des-cbc-md4 + </value> + </property> + + <property require-input="true"> + <name>realm</name> + <description> + The realm to use when creating service principals + </description> + <value/> + </property> + <property require-input="true"> + <name>domains</name> + <description> + A comma-delimited list of domain names that the realm serves (optional) + </description> + <value/> + </property> + <property require-input="true"> + <name>kdc_type</name> + <description> + The type of KDC being used. Either mit-kdc or active-directory + </description> + <value>mit-kdc</value> + </property> + <property require-input="true"> + <name>kdc_host</name> + <description> + The IP address or FQDN of the KDC or Active Directory server, optionally a port number may be + provided + </description> + <value/> + </property> + <property> + <name>admin_server_host</name> + <description> + The IP address or FQDN of the administrative Kerberos server, optionally a port number may be + provided + </description> + <value/> + </property> + <property> + <name>test_principal</name> + <description> + The principal that may be used to test the Kerberos configuration (this will not be retained) + </description> + <value/> + </property> + <property> + <name>test_password</name> + <description> + The password for the administrative principal (either this value or the keytab value is + required to be set, neither is expected to be retained) + </description> + <value/> + <property-type>PASSWORD</property-type> + </property> + <property> + <name>test_keytab</name> + <description> + The base64-encoded keytab for the test principal (either this value or the password + value is required to be set, neither is expected to be retained) + </description> + <value> + + </value> + </property> + + + <property> + <name>conf_dir</name> + <description>The krb5.conf configuration directory</description> + <value>/etc</value> + </property> + <property> + <name>content</name> + <description>The jinja template for the krb5.conf file</description> + <value> +[libdefaults] + renew_lifetime = {{libdefaults_renew_lifetime}} + forwardable = {{libdefaults_forwardable}} + default_realm = {{realm|upper()}} + ticket_lifetime = {{libdefaults_ticket_lifetime}} + dns_lookup_realm = {{libdefaults_dns_lookup_realm}} + dns_lookup_kdc = {{libdefaults_dns_lookup_kdc}} + +{% if domains %} +[domain_realm] +{% for domain in domains.split(',') %} + {{domain}} = {{realm|upper()}} +{% endfor %} +{% endif %} + +[logging] + default = {{logging_default}} +{# +# The following options are unused unless a managed KDC is installed + admin_server = {{logging_admin_server}} + kdc = {{logging_admin_kdc}} +#} + +[realms] + {{realm}} = { + admin_server = {{admin_server_host|default(kdc_host, True)}} + kdc = {{kdc_host}} + } + +{# Append additional realm declarations below #} + </value> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/metainfo.xml new file mode 100644 index 0000000..8751892 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/metainfo.xml @@ -0,0 +1,167 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<metainfo> + <schemaVersion>2.0</schemaVersion> + <services> + <service> + <name>KERBEROS</name> + <displayName>Kerberos</displayName> + <comment>A computer network authentication protocol which works on + the basis of 'tickets' to allow nodes communicating over a + non-secure network to prove their identity to one another in a + secure manner. + </comment> + <version>1.10.3-10</version> + + <components> + <component> + <name>KDC_SERVER</name> + <displayName>Kerberos KDC</displayName> + <category>MASTER</category> + <cardinality>0-1</cardinality> + <dependencies> + <dependency> + <name>KERBEROS/KERBEROS_CLIENT</name> + <scope>cluster</scope> + <auto-deploy> + <enabled>true</enabled> + </auto-deploy> + </dependency> + </dependencies> + <commandScript> + <script>scripts/kerberos_server.py</script> + <scriptType>PYTHON</scriptType> + <timeout>900</timeout> + </commandScript> + <configFiles> + <configFile> + <type>env</type> + <fileName>krb5.conf</fileName> + <dictionaryName>krb5-conf</dictionaryName> + </configFile> + <configFile> + <type>env</type> + <fileName>kdc.conf</fileName> + <dictionaryName>kdc-conf</dictionaryName> + </configFile> + <configFile> + <type>env</type> + <fileName>kadm5.acl</fileName> + <dictionaryName>kadm5-acl</dictionaryName> + </configFile> + </configFiles> + </component> + + <component> + <name>KERBEROS_CLIENT</name> + <displayName>Kerberos Client</displayName> + <category>CLIENT</category> + <cardinality>ALL</cardinality> + <auto-deploy> + <enabled>true</enabled> + </auto-deploy> + <commandScript> + <script>scripts/kerberos_client.py</script> + <scriptType>PYTHON</scriptType> + <timeout>600</timeout> + </commandScript> + <customCommands> + <customCommand> + <name>SET_KEYTAB</name> + <commandScript> + <script>scripts/kerberos_client.py</script> + <scriptType>PYTHON</scriptType> + <timeout>1000</timeout> + </commandScript> + </customCommand> + </customCommands> + <configFiles> + <configFile> + <type>env</type> + <fileName>krb5.conf</fileName> + <dictionaryName>krb5-conf</dictionaryName> + </configFile> + </configFiles> + </component> + </components> + + <osSpecifics> + <osSpecific> + <osFamily>redhat5,redhat6</osFamily> + <packages> + <package> + <name>krb5-server</name> + </package> + <package> + <name>krb5-libs</name> + </package> + <package> + <name>krb5-workstation</name> + </package> + </packages> + </osSpecific> + + <osSpecific> + <osFamily>ubuntu12</osFamily> + <packages> + <package> + <name>krb5-kdc</name> + </package> + <package> + <name>krb5-admin-server</name> + </package> + <package> + <name>krb5-user</name> + </package> + <package> + <name>krb5-config</name> + </package> + </packages> + </osSpecific> + + <osSpecific> + <osFamily>suse11</osFamily> + <packages> + <package> + <name>krb5</name> + </package> + <package> + <name>krb5-client</name> + </package> + <package> + <name>krb5-server</name> + </package> + </packages> + </osSpecific> + </osSpecifics> + + <commandScript> + <script>scripts/service_check.py</script> + <scriptType>PYTHON</scriptType> + <timeout>300</timeout> + </commandScript> + + <configuration-dependencies> + <config-type>krb5-conf</config-type> + <config-type>kdc-conf</config-type> + <config-type>kadm5-acl</config-type> + </configuration-dependencies> + <restartRequiredAfterChange>true</restartRequiredAfterChange> + </service> + </services> +</metainfo> http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_client.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_client.py new file mode 100644 index 0000000..a341e8d --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_client.py @@ -0,0 +1,40 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from kerberos_common import * + +class KerberosClient(KerberosScript): + def install(self, env): + self.install_packages(env, ['krb5-server', 'krb5-libs', 'krb5-auth-dialog', 'krb5', 'krb5-kdc', 'krb5-admin-server']) + self.configure(env) + + + def configure(self, env): + import params + env.set_params(params) + self.write_krb5_conf() + + def status(self, env): + raise ClientComponentHasNoStatus() + + def set_keytab(self, env): + KerberosScript.write_keytab_file() + +if __name__ == "__main__": + KerberosClient().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_common.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_common.py new file mode 100644 index 0000000..269658b --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_common.py @@ -0,0 +1,398 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +import base64 +import os +import string +import subprocess +import sys +import tempfile + +from resource_management import * +from utils import get_property_value + +class KerberosScript(Script): + KRB5_REALM_PROPERTIES = [ + 'kdc', + 'admin_server', + 'default_domain', + 'master_kdc' + ] + + KRB5_SECTION_NAMES = [ + 'libdefaults', + 'logging', + 'realms', + 'domain_realm', + 'capaths', + 'ca_paths', + 'appdefaults', + 'plugins' + ] + + @staticmethod + def create_random_password(): + import random + + chars = string.digits + string.ascii_letters + return ''.join(random.choice(chars) for x in range(13)) + + @staticmethod + def write_conf_section(output_file, section_name, section_data): + if section_name is not None: + output_file.write('[%s]\n' % section_name) + + if section_data is not None: + for key, value in section_data.iteritems(): + output_file.write(" %s = %s\n" % (key, value)) + + + @staticmethod + def _write_conf_realm(output_file, realm_name, realm_data): + """ Writes out realm details + + Example: + + EXAMPLE.COM = { + kdc = kerberos.example.com + admin_server = kerberos.example.com + } + + """ + if realm_name is not None: + output_file.write(" %s = {\n" % realm_name) + + if realm_data is not None: + for key, value in realm_data.iteritems(): + if key in KerberosScript.KRB5_REALM_PROPERTIES: + output_file.write(" %s = %s\n" % (key, value)) + + output_file.write(" }\n") + + @staticmethod + def write_conf_realms_section(output_file, section_name, realms_data): + if section_name is not None: + output_file.write('[%s]\n' % section_name) + + if realms_data is not None: + for realm, realm_data in realms_data.iteritems(): + KerberosScript._write_conf_realm(output_file, realm, realm_data) + output_file.write('\n') + + @staticmethod + def write_krb5_conf(): + import params + + Directory(params.krb5_conf_dir, + owner='root', + recursive=True, + group='root', + mode=0755 + ) + + if (params.krb5_conf_template is None) or not params.krb5_conf_template.strip(): + content = Template('krb5_conf.j2') + else: + content = InlineTemplate(params.krb5_conf_template) + + File(params.krb5_conf_path, + content=content, + owner='root', + group='root', + mode=0644 + ) + + @staticmethod + def invoke_kadmin(query, admin_identity=None, default_realm=None): + """ + Executes the kadmin or kadmin.local command (depending on whether auth_identity is set or not + and returns command result code and standard out data. + + :param query: the kadmin query to execute + :param admin_identity: the identity for the administrative user (optional) + :param default_realm: the default realm to assume + :return: return_code, out + """ + if (query is not None) and (len(query) > 0): + auth_principal = None + auth_keytab_file = None + + if admin_identity is not None: + auth_principal = get_property_value(admin_identity, 'principal') + + if auth_principal is None: + kadmin = 'kadmin.local' + credential = '' + else: + kadmin = 'kadmin -p "%s"' % auth_principal + + auth_password = get_property_value(admin_identity, 'password') + + if auth_password is None: + auth_keytab = get_property_value(admin_identity, 'keytab') + + if auth_keytab is not None: + (fd, auth_keytab_file) = tempfile.mkstemp() + os.write(fd, base64.b64decode(auth_keytab)) + os.close(fd) + + credential = '-k -t %s' % auth_keytab_file + else: + credential = '-w "%s"' % auth_password + + if (default_realm is not None) and (len(default_realm) > 0): + realm = '-r %s' % default_realm + else: + realm = '' + + try: + command = '%s %s %s -q "%s"' % (kadmin, credential, realm, query.replace('"', '\\"')) + return shell.checked_call(command) + except: + raise + finally: + if auth_keytab_file is not None: + os.remove(auth_keytab_file) + + @staticmethod + def create_keytab_file(principal, path, auth_identity=None): + success = False + + if (principal is not None) and (len(principal) > 0): + if (auth_identity is None) or (len(auth_identity) == 0): + norandkey = '-norandkey' + else: + norandkey = '' + + if (path is not None) and (len(path) > 0): + keytab_file = '-k %s' % path + else: + keytab_file = '' + + try: + result_code, output = KerberosScript.invoke_kadmin( + 'ktadd %s %s %s' % (keytab_file, norandkey, principal), + auth_identity) + + success = (result_code == 0) + except: + raise Fail("Failed to create keytab for principal: %s (in %s)" % (principal, path)) + + return success + + @staticmethod + def create_keytab(principal, auth_identity=None): + keytab = None + + (fd, temp_path) = tempfile.mkstemp() + os.remove(temp_path) + + try: + if KerberosScript.create_keytab_file(principal, temp_path, auth_identity): + with open(temp_path, 'r') as f: + keytab = base64.b64encode(f.read()) + finally: + if os.path.isfile(temp_path): + os.remove(temp_path) + + return keytab + + @staticmethod + def principal_exists(identity, auth_identity=None): + exists = False + + if identity is not None: + principal = get_property_value(identity, 'principal') + + if (principal is not None) and (len(principal) > 0): + try: + result_code, output = KerberosScript.invoke_kadmin('getprinc %s' % principal, + auth_identity) + exists = (output is not None) and (("Principal: %s" % principal) in output) + except: + raise Fail("Failed to determine if principal exists: %s" % principal) + + return exists + + @staticmethod + def change_principal_password(identity, auth_identity=None): + success = False + + if identity is not None: + principal = get_property_value(identity, 'principal') + + if (principal is not None) and (len(principal) > 0): + password = get_property_value(identity, 'password') + + if password is None: + credentials = '-randkey' + else: + credentials = '-pw "%s"' % password + + try: + result_code, output = KerberosScript.invoke_kadmin( + 'change_password %s %s' % (credentials, principal), + auth_identity) + + success = (result_code == 0) + except: + raise Fail("Failed to create principal: %s" % principal) + + return success + + @staticmethod + def create_principal(identity, auth_identity=None): + success = False + + if identity is not None: + principal = get_property_value(identity, 'principal') + + if (principal is not None) and (len(principal) > 0): + password = get_property_value(identity, 'password') + + if password is None: + credentials = '-randkey' + else: + credentials = '-pw "%s"' % password + + try: + result_code, out = KerberosScript.invoke_kadmin( + 'addprinc %s %s' % (credentials, principal), + auth_identity) + + success = (result_code == 0) + except: + raise Fail("Failed to create principal: %s" % principal) + + return success + + @staticmethod + def create_principals(identities, auth_identity=None): + if identities is not None: + for identity in identities: + KerberosScript.create_principal(identity, auth_identity) + + @staticmethod + def create_or_update_administrator_identity(): + import params + + if params.realm is not None: + admin_identity = params.get_property_value(params.realm, 'admin_identity') + + if KerberosScript.principal_exists(admin_identity): + KerberosScript.change_principal_password(admin_identity) + else: + KerberosScript.create_principal(admin_identity) + + @staticmethod + def test_kinit(identity): + principal = get_property_value(identity, 'principal') + + if principal is not None: + keytab_file = get_property_value(identity, 'keytab_file') + keytab = get_property_value(identity, 'keytab') + password = get_property_value(identity, 'password') + + # If a test keytab file is available, simply use it + if (keytab_file is not None) and (os.path.isfile(keytab_file)): + command = 'kinit -k -t %s %s' % (keytab_file, principal) + shell.checked_call(command) + return shell.checked_call('kdestroy') + + # If base64-encoded test keytab data is available; then decode it, write it to a temporary file + # use it, and then remove the temporary file + elif keytab is not None: + (fd, test_keytab_file) = tempfile.mkstemp() + os.write(fd, base64.b64decode(keytab)) + os.close(fd) + + try: + command = 'kinit -k -t %s %s' % (test_keytab_file, principal) + shell.checked_call(command) + return shell.checked_call('kdestroy') + except: + raise + finally: + if test_keytab_file is not None: + os.remove(test_keytab_file) + + # If no keytab data is available and a password was supplied, simply use it. + elif password is not None: + process = subprocess.Popen(['kinit', principal], stdin=subprocess.PIPE) + stdout, stderr = process.communicate(password) + if process.returncode: + err_msg = Logger.get_protected_text("Execution of kinit returned %d. %s" % (process.returncode, stderr)) + raise Fail(err_msg) + else: + return shell.checked_call('kdestroy') + else: + return 0, '' + else: + return 0, '' + + + @staticmethod + def write_keytab_file(): + import params + + if params.keytab_details is not None: + data = get_property_value(params.keytab_details, 'data') + + if (data is not None) and (len(data) > 0): + file_path = get_property_value(params.keytab_details, 'file-path') + + if (file_path is not None) and (len(file_path) > 0): + with open(file_path, 'w') as f: + f.write(base64.b64decode(data)) + + KerberosScript._set_file_access(file_path, params.keytab_details, params.default_group) + + + @staticmethod + def _set_file_access(file_path, access_details, default_group=None): + if (file_path is not None) and os.path.isfile(file_path) and (access_details is not None): + import stat + import pwd + import grp + + owner = get_property_value(access_details, 'owner/name') + owner_access = get_property_value(access_details, 'owner/access', 'rw') + group = get_property_value(access_details, 'group/name', default_group) + group_access = get_property_value(access_details, 'group/access', '') + + pwnam = pwd.getpwnam(owner) if (owner is not None) and (len(owner) > 0) else None + uid = pwnam.pw_uid if pwnam is not None else os.geteuid() + + grnam = grp.getgrnam(group) if (group is not None) and (len(group) > 0) else None + gid = grnam.gr_gid if grnam is not None else os.getegid() + + chmod = 0 + + if owner_access == 'r': + chmod |= stat.S_IREAD + else: + chmod |= stat.S_IREAD | stat.S_IWRITE + + if group_access == 'rw': + chmod |= stat.S_IRGRP | stat.S_IWGRP + elif group_access == 'r': + chmod |= stat.S_IRGRP + + os.chmod(file_path, chmod) + os.chown(file_path, uid, gid) http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_server.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_server.py new file mode 100644 index 0000000..3e15f50 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/kerberos_server.py @@ -0,0 +1,144 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from kerberos_common import * + +class KerberosServer(KerberosScript): + @staticmethod + def write_kadm5_acl(): + import params + + Directory(params.kadm5_acl_dir, + owner='root', + recursive=True, + group='root', + mode=0700 + ) + + if (params.kadm5_acl_template is None) or not params.kadm5_acl_template.strip(): + content = Template('kadm5_acl.j2') + else: + content = InlineTemplate(params.kadm5_acl_template) + + File(params.kadm5_acl_path, + content=content, + owner='root', + group='root', + mode=0600 + ) + + @staticmethod + def write_kdc_conf(): + import params + + Directory(params.kdc_conf_dir, + owner='root', + recursive=True, + group='root', + mode=0700 + ) + + if (params.kdc_conf_template is None) or not params.kdc_conf_template.strip(): + content = Template('kdc_conf.j2') + else: + content = InlineTemplate(params.kdc_conf_template) + + File(params.kdc_conf_path, + content=content, + owner='root', + group='root', + mode=0600 + ) + + def install(self, env): + import params + + self.install_packages(env) + self.configure(env) + + # Create the Kerberos database (only on install, for now) + Execute( + "%s create -s -P '%s'" % (params.kdb5_util_path, KerberosScript.create_random_password())) + + # Create or update the administrator account + KerberosScript.create_or_update_administrator_identity() + + + def start(self, env): + os_family = System.get_instance().os_family + + # Attempt to reconfigure the service before starting + self.configure(env) + + # Create or update the administrator account + KerberosScript.create_or_update_administrator_identity() + + if os_family == "suse": + Execute('rckadmind start') + Execute('rckrb5kdc start') + elif os_family == 'ubuntu': + Execute('service krb5-kdc start') + Execute('service krb5-admin-server start') + else: + Execute('service krb5kdc start') + Execute('service kadmin start') + + def stop(self, env): + os_family = System.get_instance().os_family + + if os_family == "suse": + Execute('rckadmind stop') + Execute('rckrb5kdc stop') + elif os_family == 'ubuntu': + Execute('service krb5-kdc stop') + Execute('service krb5-admin-server stop') + else: + Execute('service krb5kdc stop') + Execute('service kadmin stop') + + + def configure(self, env): + import params + env.set_params(params) + + KerberosServer.write_krb5_conf() + KerberosServer.write_kdc_conf() + KerberosServer.write_kadm5_acl() + + def status(self, env): + import params + + if params.os_family == "suse": + try: + Execute('checkproc `which krb5kdc`') + Execute('checkproc `which kadmind`') + except Fail as ex: + raise ComponentIsNotRunning() + + elif params.os_family == 'ubuntu': + check_process_status(params.kdamin_pid_path) + check_process_status(params.krb5kdc_pid_path) + + else: + check_process_status(params.kdamin_pid_path) + check_process_status(params.krb5kdc_pid_path) + + +if __name__ == "__main__": + KerberosServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py new file mode 100644 index 0000000..cff6250 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/params.py @@ -0,0 +1,211 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +from resource_management import * +from utils import get_property_value, get_unstructured_data + +os_family = System.get_instance().os_family + +krb5_conf_dir = '/etc' +krb5_conf_file = 'krb5.conf' +krb5_conf_path = krb5_conf_dir + '/' + krb5_conf_file + +if os_family == 'suse': + kdc_conf_dir = '/var/lib/kerberos/krb5kdc' +elif os_family == 'ubuntu': + kdc_conf_dir = '/etc/krb5kdc' +else: + kdc_conf_dir = '/var/kerberos/krb5kdc' +kdc_conf_file = 'kdc.conf' +kdc_conf_path = kdc_conf_dir + '/' + kdc_conf_file + +kadm5_acl_dir = kdc_conf_dir # Typically kadm5.acl and kdc.conf exist in the same directory +kadm5_acl_file = 'kadm5.acl' +kadm5_acl_path = kadm5_acl_dir + '/' + kadm5_acl_file + +config = Script.get_config() + +command_params = None +configurations = None +keytab_details = None +default_group = None +cluster_env = None +kdc_server_host = None +cluster_host_info = None + +kdb5_util_path = 'kdb5_util' + +kdamin_pid_path = '/var/run/kadmind.pid' +krb5kdc_pid_path = '/var/run/krb5kdc.pid' + +smoke_test_principal = None +smoke_test_keytab_file = None + +# If a test keytab file is available, simply use it + + +if config is not None: + command_params = get_property_value(config, 'commandParams') + if command_params is not None: + keytab_details = get_unstructured_data(command_params, 'keytab') + + configurations = get_property_value(config, 'configurations') + if configurations is not None: + cluster_env = get_property_value(configurations, 'cluster-env') + + if cluster_env is not None: + smoke_test_principal = get_property_value(cluster_env, 'smokeuser') + smoke_test_keytab_file = get_property_value(cluster_env, 'smokeuser_keytab') + + default_group = get_property_value(cluster_env, 'user_group') + + if default_group is None: + default_group = get_property_value(cluster_env, 'user-group') + + cluster_host_info = get_property_value(config, 'clusterHostInfo') + if cluster_host_info is not None: + kdc_server_hosts = get_property_value(cluster_host_info, 'kdc_server_hosts') + + if (kdc_server_hosts is not None) and (len(kdc_server_hosts) > 0): + kdc_server_host = kdc_server_hosts[0] + + # ################################################################################################ + # Get krb5.conf template data + # ################################################################################################ + logging_default = 'FILE:/var/log/krb5libs.log' + logging_kdc = 'FILE:/var/log/krb5kdc.log' + logging_admin_server = 'FILE:/var/log/kadmind.log' + libdefaults_dns_lookup_realm = 'false' + libdefaults_dns_lookup_kdc = 'false' + libdefaults_ticket_lifetime = '24h' + libdefaults_renew_lifetime = '7d' + libdefaults_forwardable = 'true' + libdefaults_default_tgs_enctypes = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 ' \ + 'arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac ' \ + 'des-cbc-crc des-cbc-md5 des-cbc-md4' + libdefaults_default_tkt_enctypes = 'aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 ' \ + 'arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac ' \ + 'des-cbc-crc des-cbc-md5 des-cbc-md4' + realm = 'EXAMPLE.COM' + domains = '' + kdc_host = 'localhost' + admin_server_host = None + admin_principal = None + admin_password = None + admin_keytab = None + test_principal = None + test_password = None + test_keytab = None + test_keytab_file = None + + krb5_conf_template = None + + krb5_conf_data = get_property_value(configurations, 'krb5-conf') + + if krb5_conf_data is not None: + logging_default = get_property_value(krb5_conf_data, 'logging_default', logging_default) + logging_kdc = get_property_value(krb5_conf_data, 'logging_kdc', logging_kdc) + logging_admin_server = get_property_value(krb5_conf_data, 'logging_admin_server', + logging_admin_server) + libdefaults_dns_lookup_realm = get_property_value(krb5_conf_data, + 'libdefaults_dns_lookup_realm', + libdefaults_dns_lookup_realm) + libdefaults_dns_lookup_kdc = get_property_value(krb5_conf_data, 'libdefaults_dns_lookup_kdc', + libdefaults_dns_lookup_kdc) + libdefaults_ticket_lifetime = get_property_value(krb5_conf_data, 'libdefaults_ticket_lifetime', + libdefaults_ticket_lifetime) + libdefaults_renew_lifetime = get_property_value(krb5_conf_data, 'libdefaults_renew_lifetime', + libdefaults_renew_lifetime) + libdefaults_forwardable = get_property_value(krb5_conf_data, 'libdefaults_forwardable', + libdefaults_forwardable) + libdefaults_default_tgs_enctypes = get_property_value(krb5_conf_data, + 'libdefaults_default_tgs_enctypes', + libdefaults_default_tgs_enctypes) + libdefaults_default_tkt_enctypes = get_property_value(krb5_conf_data, + 'libdefaults_default_tkt_enctypes', + libdefaults_default_tkt_enctypes) + realm = get_property_value(krb5_conf_data, 'realm', realm) + domains = get_property_value(krb5_conf_data, 'domains', domains) + kdc_host = get_property_value(krb5_conf_data, 'kdc_host', kdc_host) + admin_server_host = get_property_value(krb5_conf_data, 'admin_server_host', admin_server_host) + + admin_principal = get_property_value(krb5_conf_data, 'admin_principal', admin_principal) + admin_password = get_property_value(krb5_conf_data, 'admin_password', admin_password) + admin_keytab = get_property_value(krb5_conf_data, 'admin_keytab', admin_keytab) + + # If the admin keytab is just white space, set it to None + if admin_keytab is not None: + admin_keytab = admin_keytab.strip() + + if len(admin_keytab) == 0: + admin_keytab = None + + test_principal = get_property_value(krb5_conf_data, 'test_principal', test_principal) + test_password = get_property_value(krb5_conf_data, 'test_password', test_password) + test_keytab = get_property_value(krb5_conf_data, 'test_keytab', test_keytab) + test_keytab_file = get_property_value(krb5_conf_data, 'test_keytab_file', test_keytab_file) + + # If the test keytab is just white space, set it to None + if test_keytab is not None: + test_keytab = test_keytab.strip() + + if len(test_keytab) == 0: + test_keytab = None + + krb5_conf_template = get_property_value(krb5_conf_data, 'content', krb5_conf_template) + krb5_conf_dir = get_property_value(krb5_conf_data, 'conf_dir', krb5_conf_dir) + krb5_conf_file = get_property_value(krb5_conf_data, 'conf_file', krb5_conf_file) + krb5_conf_path = krb5_conf_dir + '/' + krb5_conf_file + + # ################################################################################################ + # Get kdc.conf template data + # ################################################################################################ + kdcdefaults_kdc_ports = "88" + kdcdefaults_kdc_tcp_ports = "88" + + kdc_conf_template = None + + kdc_conf_data = get_property_value(configurations, 'kdc-conf') + + if kdc_conf_data is not None: + kdcdefaults_kdc_ports = get_property_value(kdc_conf_data, 'kdcdefaults_kdc_ports', + kdcdefaults_kdc_ports) + kdcdefaults_kdc_tcp_ports = get_property_value(kdc_conf_data, 'kdcdefaults_kdc_tcp_ports', + kdcdefaults_kdc_tcp_ports) + + kdc_conf_template = get_property_value(kdc_conf_data, 'content', kdc_conf_template) + kdc_conf_dir = get_property_value(kdc_conf_data, 'conf_dir', kdc_conf_dir) + kdc_conf_file = get_property_value(kdc_conf_data, 'conf_file', kdc_conf_file) + kdc_conf_path = kdc_conf_dir + '/' + kdc_conf_file + + # ################################################################################################ + # Get kadm5.acl template data + # ################################################################################################ + kdcdefaults_kdc_ports = '88' + kdcdefaults_kdc_tcp_ports = '88' + + kadm5_acl_template = None + + kadm5_acl_data = get_property_value(configurations, 'kadm5-acl') + + if kadm5_acl_data is not None: + kadm5_acl_template = get_property_value(kadm5_acl_data, 'content', kadm5_acl_template) + kadm5_acl_dir = get_property_value(kadm5_acl_data, 'conf_dir', kadm5_acl_dir) + kadm5_acl_file = get_property_value(kadm5_acl_data, 'conf_file', kadm5_acl_file) + kadm5_acl_path = kadm5_acl_dir + '/' + kadm5_acl_file http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/service_check.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/service_check.py new file mode 100644 index 0000000..73b9c7a --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/service_check.py @@ -0,0 +1,63 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Ambari Agent + +""" + +from kerberos_common import * +from resource_management import * + +class KerberosServiceCheck(KerberosScript): + def service_check(self, env): + import params + + # First attempt to test using the smoke test user, if data is available + if ((params.smoke_test_principal is not None) and + (params.smoke_test_keytab_file is not None) and + os.path.isfile(params.smoke_test_keytab_file)): + print "Performing kinit using smoke test user: %s" % params.smoke_test_principal + code, out = self.test_kinit({ + 'principal': params.smoke_test_principal, + 'keytab_file': params.smoke_test_keytab_file + }) + test_performed = True + + # Else if a test credentials is specified, try to test using that + elif params.test_principal is not None: + print "Performing kinit using test user: %s" % params.test_principal + code, out = self.test_kinit({ + 'principal': params.test_principal, + 'keytab_file': params.test_keytab_file, + 'keytab': params.test_keytab, + 'password': params.test_password + }) + test_performed = True + + else: + code = 0 + out = '' + test_performed = False + + if test_performed: + if code == 0: + print "Test executed successfully." + else: + print "Test failed with error code %d: %s." % (code, out) + +if __name__ == "__main__": + KerberosServiceCheck().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/utils.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/utils.py b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/utils.py new file mode 100644 index 0000000..79e89e6 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/scripts/utils.py @@ -0,0 +1,69 @@ +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +def get_property_value(dictionary, property_name, null_value=None): + return dictionary[property_name] if property_name in dictionary else null_value + +def get_unstructured_data(dictionary, property_name): + prefix = property_name + '/' + prefix_len = len(prefix) + return dict((k[prefix_len:], v) for k, v in dictionary.iteritems() if k.startswith(prefix)) + +def split_host_and_port(host): + """ + Splits a string into its host and port components + + :param host: a string matching the following patern: <host name | ip address>[:port] + :return: a Dictionary containing 'host' and 'port' entries for the input value + """ + + if host is None: + host_and_port = None + else: + host_and_port = {} + parts = host.split(":") + + if parts is not None: + length = len(parts) + + if length > 0: + host_and_port['host'] = parts[0] + + if length > 1: + host_and_port['port'] = int(parts[1]) + + return host_and_port + +def set_port(host, port): + """ + Sets the port for a host specification, potentially replacing an existing port declaration + + :param host: a string matching the following pattern: <host name | ip address>[:port] + :param port: a string or integer declaring the (new) port + :return: a string declaring the new host/port specification + """ + if port is None: + return host + else: + host_and_port = split_host_and_port(host) + + if (host_and_port is not None) and ('host' in host_and_port): + return "%s:%s" % (host_and_port['host'], port) + else: + return host http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kadm5_acl.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kadm5_acl.j2 b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kadm5_acl.j2 new file mode 100644 index 0000000..d82ae23 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kadm5_acl.j2 @@ -0,0 +1,20 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} +*/admin@{{realm}} * + +{# Append additional realm declarations should be placed below #} http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kdc_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kdc_conf.j2 b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kdc_conf.j2 new file mode 100644 index 0000000..c067bae --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/kdc_conf.j2 @@ -0,0 +1,30 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} +[kdcdefaults] + kdc_ports = {{kdcdefaults_kdc_ports}} + kdc_tcp_ports = {{kdcdefaults_kdc_tcp_ports}} + +[realms] + {{realm}} = { + acl_file = {{kadm5_acl_path}} + dict_file = /usr/share/dict/words + admin_keytab = {{kadm5_acl_dir}}/kadm5.keytab + supported_enctypes = {{libdefaults_default_tgs_enctypes}} + } + +{# Append additional realm declarations should be placed below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2 b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2 new file mode 100644 index 0000000..db1015a --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KERBEROS/package/templates/krb5_conf.j2 @@ -0,0 +1,47 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} +[libdefaults] + renew_lifetime = {{libdefaults_renew_lifetime}} + forwardable = {{libdefaults_forwardable}} + default_realm = {{realm|upper()}} + ticket_lifetime = {{libdefaults_ticket_lifetime}} + dns_lookup_realm = {{libdefaults_dns_lookup_realm}} + dns_lookup_kdc = {{libdefaults_dns_lookup_kdc}} + +{% if domains %} +[domain_realm] +{% for domain in domains.split(',') %} + {{domain}} = {{realm|upper()}} +{% endfor %} +{% endif %} + +[logging] + default = {{logging_default}} +{# +# The following options are unused unless a managed KDC is installed + admin_server = {{logging_admin_server}} + kdc = {{logging_admin_kdc}} +#} + +[realms] + {{realm}} = { + admin_server = {{admin_server_host|default(kdc_host, True)}} + kdc = {{kdc_host}} + } + +{# Append additional realm declarations below #} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/c15cd0e0/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/alerts.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/alerts.json b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/alerts.json new file mode 100644 index 0000000..236875a --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2.GlusterFS/services/KNOX/alerts.json @@ -0,0 +1,26 @@ +{ + "KNOX": { + "service": [], + "KNOX_GATEWAY": [ + { + "name": "knox_gateway_process", + "label": "Know Gateway Process", + "interval": 1, + "scope": "HOST", + "source": { + "type": "PORT", + "uri": "{{gateway-site/gateway.port}}", + "default_port": 8443, + "reporting": { + "ok": { + "text": "TCP OK - {0:.4f} response on port {1}" + }, + "critical": { + "text": "Connection failed: {0} to {1}:{2}" + } + } + } + } + ] + } +}