Repository: ambari Updated Branches: refs/heads/trunk 1e37bff5a -> 8ae21c8b7
AMBARI-9693. Review and update kerberos descriptors for various services.(vbrodetskyi) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8ae21c8b Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8ae21c8b Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8ae21c8b Branch: refs/heads/trunk Commit: 8ae21c8b72c873a611d0f9a8e352f7ac77280e9a Parents: 1e37bff Author: Vitaly Brodetskyi <vbrodets...@hortonworks.com> Authored: Wed Feb 18 17:31:40 2015 +0200 Committer: Vitaly Brodetskyi <vbrodets...@hortonworks.com> Committed: Wed Feb 18 17:31:40 2015 +0200 ---------------------------------------------------------------------- .../server/controller/KerberosHelper.java | 14 ++++++ .../apache/ambari/server/utils/StageUtils.java | 46 ++++++++++---------- .../HBASE/0.96.0.2.0/kerberos.json | 5 ++- .../HDFS/2.1.0.2.0/kerberos.json | 14 +++++- .../YARN/2.1.0.2.0/kerberos.json | 18 +++++++- .../server/controller/KerberosHelperTest.java | 16 +++---- 6 files changed, 80 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java index fa829a4..db19611 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/KerberosHelper.java @@ -78,6 +78,7 @@ import org.apache.ambari.server.state.PropertyInfo; import org.apache.ambari.server.state.SecurityState; import org.apache.ambari.server.state.SecurityType; import org.apache.ambari.server.state.Service; +import org.apache.ambari.server.state.ServiceComponent; import org.apache.ambari.server.state.ServiceComponentHost; import org.apache.ambari.server.state.StackId; import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor; @@ -91,6 +92,7 @@ import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor; import org.apache.ambari.server.state.svccomphost.ServiceComponentHostServerActionEvent; import org.apache.ambari.server.utils.StageUtils; import org.apache.commons.io.FileUtils; +import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -1135,6 +1137,18 @@ public class KerberosHelper { configHelper.cloneAttributesMap(attributes, configurationAttributes.get(type)); } + // add clusterHostInfo config + Map<String, String> componentHosts = new HashMap<String, String>(); + for (Map.Entry<String, Service> service : cluster.getServices().entrySet()) { + for (Map.Entry<String, ServiceComponent> serviceComponent : service.getValue().getServiceComponents().entrySet()) { + if (StageUtils.getComponentToClusterInfoKeyMap().keySet().contains(serviceComponent.getValue().getName())) { + componentHosts.put(StageUtils.getComponentToClusterInfoKeyMap().get(serviceComponent.getValue().getName()), + StringUtils.join(serviceComponent.getValue().getServiceComponentHosts().keySet(), ",")); + } + } + } + configurations.put("clusterHostInfo", componentHosts); + return configurations; } http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java index f6d44d8..de84f35 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/utils/StageUtils.java @@ -17,26 +17,8 @@ */ package org.apache.ambari.server.utils; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.InetAddress; -import java.net.UnknownHostException; -import java.nio.charset.Charset; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; -import java.util.SortedSet; -import java.util.TreeMap; -import java.util.TreeSet; - -import javax.xml.bind.JAXBException; - +import com.google.common.base.Joiner; +import com.google.gson.Gson; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.Role; import org.apache.ambari.server.RoleCommand; @@ -57,8 +39,24 @@ import org.codehaus.jackson.map.JsonMappingException; import org.codehaus.jackson.map.ObjectMapper; import org.codehaus.jackson.map.SerializationConfig; -import com.google.common.base.Joiner; -import com.google.gson.Gson; +import javax.xml.bind.JAXBException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.nio.charset.Charset; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import java.util.SortedSet; +import java.util.TreeMap; +import java.util.TreeSet; public class StageUtils { @@ -140,6 +138,10 @@ public class StageUtils { return requestId + "-" + stageId; } + public static Map<String, String> getComponentToClusterInfoKeyMap() { + return componentToClusterInfoKeyMap; + } + public static long[] getRequestStage(String actionId) { String[] fields = actionId.split("-"); long[] requestStageIds = new long[2]; http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json index 9ddad69..67664a9 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json @@ -39,7 +39,10 @@ "hbase-site": { "hbase.security.authentication": "kerberos", "hbase.security.authorization": "true", - "zookeeper.znode.parent": "/hbase-secure" + "zookeeper.znode.parent": "/hbase-secure", + "hbase.coprocessor.master.classes": "org.apache.hadoop.hbase.security.access.AccessController", + "hbase.coprocessor.region.classes": "org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController", + "hbase.bulkload.staging.dir": "/apps/hbase/staging" } } ], http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json index af8f93b..c327efb 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/kerberos.json @@ -25,7 +25,19 @@ "hadoop.security.authentication": "kerberos", "hadoop.rpc.protection": "authentication", "hadoop.security.authorization": "true", - "hadoop.security.auth_to_local": "_AUTH_TO_LOCAL_RULES" + "hadoop.security.auth_to_local": "_AUTH_TO_LOCAL_RULES", + "hadoop.http.authentication.kerberos.name.rules": "", + "hadoop.http.filter.initializers": "", + "hadoop.http.authentication.type": "simple", + "hadoop.http.authentication.signature.secret": "", + "hadoop.http.authentication.signature.secret.file": "", + "hadoop.http.authentication.signer.secret.provider": "", + "hadoop.http.authentication.signer.secret.provider.object": "", + "hadoop.http.authentication.token.validity": "", + "hadoop.http.authentication.cookie.domain": "", + "hadoop.http.authentication.cookie.path": "", + "hadoop.proxyuser.HTTP.groups": "${core-site/proxyuser_group}", + "hadoop.proxyuser.HTTP.hosts": "${clusterHostInfo/webhcat_server_host}" } } ], http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json index 42d0c1e..d4b005a 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/kerberos.json @@ -18,7 +18,23 @@ "yarn-site": { "yarn.timeline-service.enabled": "true", "yarn.timeline-service.http-authentication.type": "kerberos", - "yarn.acl.enable": "true" + "yarn.acl.enable": "true", + "yarn.timeline-service.http-authentication.signature.secret": "", + "yarn.timeline-service.http-authentication.signature.secret.file": "", + "yarn.timeline-service.http-authentication.signer.secret.provider": "", + "yarn.timeline-service.http-authentication.signer.secret.provider.object": "", + "yarn.timeline-service.http-authentication.token.validity": "", + "yarn.timeline-service.http-authentication.cookie.domain": "", + "yarn.timeline-service.http-authentication.cookie.path": "", + "yarn.timeline-service.http-authentication.proxyusers.*.hosts": "", + "yarn.timeline-service.http-authentication.proxyusers.*.users": "", + "yarn.timeline-service.http-authentication.proxyusers.*.groups": "", + "yarn.timeline-service.http-authentication.kerberos.name.rules": "", + "yarn.resourcemanager.proxyusers.*.groups": "", + "yarn.resourcemanager.proxyusers.*.hosts": "", + "yarn.resourcemanager.proxyusers.*.users": "", + "yarn.resourcemanager.proxy-user-privileges.enabled": "true", + "yarn.nodemanager.linux-container-executor.cgroups.mount-path": "" } } ], http://git-wip-us.apache.org/repos/asf/ambari/blob/8ae21c8b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java index 1c8af3f..215161c 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java @@ -375,7 +375,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(service1.getName()).andReturn("SERVICE1").anyTimes(); expect(service1.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); service1.setSecurityState(SecurityState.SECURED_KERBEROS); expectLastCall().once(); @@ -383,7 +383,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(service2.getName()).andReturn("SERVICE2").anyTimes(); expect(service2.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); service2.setSecurityState(SecurityState.SECURED_KERBEROS); expectLastCall().once(); @@ -625,7 +625,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(service1.getName()).andReturn("SERVICE1").anyTimes(); expect(service1.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); service1.setSecurityState(SecurityState.UNSECURED); expectLastCall().once(); @@ -633,7 +633,7 @@ public class KerberosHelperTest extends EasyMockSupport { expect(service2.getName()).andReturn("SERVICE2").anyTimes(); expect(service2.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); service2.setSecurityState(SecurityState.UNSECURED); expectLastCall().once(); @@ -852,13 +852,13 @@ public class KerberosHelperTest extends EasyMockSupport { expect(service1.getName()).andReturn("SERVICE1").anyTimes(); expect(service1.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); final Service service2 = createStrictMock(Service.class); expect(service2.getName()).andReturn("SERVICE2").anyTimes(); expect(service2.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class); expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes(); @@ -1130,13 +1130,13 @@ public class KerberosHelperTest extends EasyMockSupport { expect(service1.getName()).andReturn("SERVICE1").anyTimes(); expect(service1.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); final Service service2 = createStrictMock(Service.class); expect(service2.getName()).andReturn("SERVICE2").anyTimes(); expect(service2.getServiceComponents()) .andReturn(Collections.<String, ServiceComponent>emptyMap()) - .once(); + .times(2); final Map<String, String> kerberosEnvProperties = createNiceMock(Map.class); expect(kerberosEnvProperties.get("kdc_type")).andReturn("mit-kdc").anyTimes();