AMBARI-9901. Knox service check fails with umask 027 also in non-root (as well as Hive metastore start) (aonishuk)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9a45aea8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9a45aea8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9a45aea8 Branch: refs/heads/branch-2.0.0 Commit: 9a45aea84ce02aa3a65e83300e0ff78b7a312afb Parents: 2f88012 Author: Andrew Onishuk <aonis...@hortonworks.com> Authored: Tue Mar 3 18:56:14 2015 +0200 Committer: Andrew Onishuk <aonis...@hortonworks.com> Committed: Tue Mar 3 18:56:14 2015 +0200 ---------------------------------------------------------------------- .../HIVE/0.12.0.2.0/package/scripts/hive.py | 1 + .../0.12.0.2.0/package/scripts/hive_service.py | 28 ++++------- .../0.5.0.2.2/package/scripts/service_check.py | 29 ++++-------- .../stacks/2.0.6/HIVE/test_hive_metastore.py | 18 ++++--- .../stacks/2.0.6/HIVE/test_hive_server.py | 14 ++++-- .../stacks/2.1/HIVE/test_hive_metastore.py | 49 ++++++++++---------- 6 files changed, 65 insertions(+), 74 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9a45aea8/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py index 7b0113b..64bcebc 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive.py @@ -170,6 +170,7 @@ def crt_directory(name): Directory(name, recursive=True, + cd_access='a', owner=params.hive_user, group=params.user_group, mode=0755) http://git-wip-us.apache.org/repos/asf/ambari/blob/9a45aea8/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_service.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_service.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_service.py index a66b0c8..ef74b87 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_service.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_service.py @@ -30,12 +30,10 @@ def hive_service(name, action='start', rolling_restart=False): if name == 'metastore': pid_file = format("{hive_pid_dir}/{hive_metastore_pid}") - cmd = format( - "env HADOOP_HOME={hadoop_home} JAVA_HOME={java64_home} {start_metastore_path} {hive_log_dir}/hive.out {hive_log_dir}/hive.log {pid_file} {hive_server_conf_dir} {hive_log_dir}") + cmd = format("{start_metastore_path} {hive_log_dir}/hive.out {hive_log_dir}/hive.log {pid_file} {hive_server_conf_dir} {hive_log_dir}") elif name == 'hiveserver2': pid_file = format("{hive_pid_dir}/{hive_pid}") - cmd = format( - "env JAVA_HOME={java64_home} {start_hiveserver2_path} {hive_log_dir}/hive-server2.out {hive_log_dir}/hive-server2.log {pid_file} {hive_server_conf_dir} {hive_log_dir}") + cmd = format("{start_hiveserver2_path} {hive_log_dir}/hive-server2.out {hive_log_dir}/hive-server2.log {pid_file} {hive_server_conf_dir} {hive_log_dir}") process_id_exists_command = format("ls {pid_file} >/dev/null 2>&1 && ps -p `cat {pid_file}` >/dev/null 2>&1") @@ -43,7 +41,7 @@ def hive_service(name, action='start', rolling_restart=False): if name == 'hiveserver2': check_fs_root() - demon_cmd = format("{cmd}") + demon_cmd = cmd # upgrading hiveserver2 (rolling_restart) means that there is an existing, # de-registering hiveserver2; the pid will still exist, but the new @@ -54,19 +52,13 @@ def hive_service(name, action='start', rolling_restart=False): if params.security_enabled: hive_kinit_cmd = format("{kinit_path_local} -kt {hive_server2_keytab} {hive_principal}; ") Execute(hive_kinit_cmd, user=params.hive_user) - - # need tuple to run as sudo if (need if UMASK is not 022) - oldmask = os.umask (022) - os.umask (oldmask) - if oldmask == 027: - Execute(tuple(demon_cmd.split()), user=params.hive_user, - environment={'HADOOP_HOME': params.hadoop_home}, path=params.execute_path, - not_if=process_id_exists_command, - sudo=True ) - else: - Execute(demon_cmd, user=params.hive_user, - environment={'HADOOP_HOME': params.hadoop_home}, path=params.execute_path, - not_if=process_id_exists_command ) + + Execute(demon_cmd, + user=params.hive_user, + environment={'HADOOP_HOME': params.hadoop_home, 'JAVA_HOME': params.java64_home}, + path=params.execute_path, + not_if=process_id_exists_command + ) if params.hive_jdbc_driver == "com.mysql.jdbc.Driver" or \ params.hive_jdbc_driver == "org.postgresql.Driver" or \ http://git-wip-us.apache.org/repos/asf/ambari/blob/9a45aea8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py index aa887a5..498e259 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/service_check.py @@ -56,27 +56,14 @@ class KnoxServiceCheck(Script): content=StaticFile(validateKnoxFileName), mode=0755 ) - oldmask = os.umask (022) - os.umask (oldmask) - if oldmask == 027: - Execute(smoke_cmd, - tries=3, - try_sleep=5, - path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', - user=params.smokeuser, - timeout=5, - logoutput=True, - sudo=True - ) - else: - Execute(smoke_cmd, - tries=3, - try_sleep=5, - path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', - user=params.smokeuser, - timeout=5, - logoutput=True - ) + Execute(smoke_cmd, + tries=3, + try_sleep=5, + path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', + user=params.smokeuser, + timeout=5, + logoutput=True + ) if __name__ == "__main__": KnoxServiceCheck().execute() \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/9a45aea8/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py index 912fe7e..9153a84 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py +++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_metastore.py @@ -45,11 +45,11 @@ class TestHiveMetastore(RMFTestCase): ) self.assert_configure_default() - self.assertResourceCalled('Execute', 'env HADOOP_HOME=/usr JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + self.assertResourceCalled('Execute', '/tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + environment = {'HADOOP_HOME': '/usr', 'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', - environment = {'HADOOP_HOME' : '/usr'}, - path = ["/bin:/usr/lib/hive/bin:/usr/bin"], user = 'hive', + path = ['/bin:/usr/lib/hive/bin:/usr/bin'], ) self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/lib/hive/lib//mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6402.ambari.apache.org/hive?createDatabaseIfNotExist=true\' hive \'!`"\'"\'"\' 1\' com.mysql.jdbc.Driver', path = ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], @@ -105,11 +105,11 @@ class TestHiveMetastore(RMFTestCase): self.assertResourceCalled('Execute', '/usr/bin/kinit -kt /etc/security/keytabs/hive.service.keytab hive/c6401.ambari.apache....@example.com; ', user = 'hive', ) - self.assertResourceCalled('Execute', 'env HADOOP_HOME=/usr JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + self.assertResourceCalled('Execute', '/tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + environment = {'HADOOP_HOME': '/usr', 'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', - environment = {'HADOOP_HOME' : '/usr'}, - path = ["/bin:/usr/lib/hive/bin:/usr/bin"], user = 'hive', + path = ['/bin:/usr/lib/hive/bin:/usr/bin'], ) self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/lib/hive/lib//mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6402.ambari.apache.org/hive?createDatabaseIfNotExist=true\' hive \'!`"\'"\'"\' 1\' com.mysql.jdbc.Driver', path = ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], @@ -215,18 +215,21 @@ class TestHiveMetastore(RMFTestCase): group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/log/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/lib/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) def assert_configure_secured(self): @@ -301,16 +304,19 @@ class TestHiveMetastore(RMFTestCase): group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/log/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/lib/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) http://git-wip-us.apache.org/repos/asf/ambari/blob/9a45aea8/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py index c073d00..605b30f 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py +++ b/ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py @@ -62,9 +62,9 @@ class TestHiveServer(RMFTestCase): environment = {'PATH' : "/bin:/usr/lib/hive/bin:/usr/bin"}, user = 'hive', ) - self.assertResourceCalled('Execute', 'env JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /tmp/start_hiveserver2_script /var/log/hive/hive-server2.out /var/log/hive/hive-server2.log /var/run/hive/hive-server.pid /etc/hive/conf.server /var/log/hive', + self.assertResourceCalled('Execute', '/tmp/start_hiveserver2_script /var/log/hive/hive-server2.out /var/log/hive/hive-server2.log /var/run/hive/hive-server.pid /etc/hive/conf.server /var/log/hive', not_if = 'ls /var/run/hive/hive-server.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive-server.pid` >/dev/null 2>&1', - environment = {'HADOOP_HOME' : '/usr'}, + environment = {'HADOOP_HOME' : '/usr', 'JAVA_HOME':'/usr/jdk64/jdk1.7.0_45'}, path = ["/bin:/usr/lib/hive/bin:/usr/bin"], user = 'hive' ) @@ -134,9 +134,9 @@ class TestHiveServer(RMFTestCase): self.assertResourceCalled('Execute', '/usr/bin/kinit -kt /etc/security/keytabs/hive.service.keytab hive/c6401.ambari.apache....@example.com; ', user = 'hive', ) - self.assertResourceCalled('Execute', 'env JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /tmp/start_hiveserver2_script /var/log/hive/hive-server2.out /var/log/hive/hive-server2.log /var/run/hive/hive-server.pid /etc/hive/conf.server /var/log/hive', + self.assertResourceCalled('Execute', '/tmp/start_hiveserver2_script /var/log/hive/hive-server2.out /var/log/hive/hive-server2.log /var/run/hive/hive-server.pid /etc/hive/conf.server /var/log/hive', not_if = 'ls /var/run/hive/hive-server.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive-server.pid` >/dev/null 2>&1', - environment = {'HADOOP_HOME' : '/usr'}, + environment = {'HADOOP_HOME' : '/usr', 'JAVA_HOME': '/usr/jdk64/jdk1.7.0_45'}, path = ["/bin:/usr/lib/hive/bin:/usr/bin"], user = 'hive' ) @@ -335,18 +335,21 @@ class TestHiveServer(RMFTestCase): group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/log/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/lib/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) @@ -453,18 +456,21 @@ class TestHiveServer(RMFTestCase): group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/log/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/lib/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) @patch("hive_service.check_fs_root") http://git-wip-us.apache.org/repos/asf/ambari/blob/9a45aea8/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py b/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py index aa8bc7f..031763a 100644 --- a/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py +++ b/ambari-server/src/test/python/stacks/2.1/HIVE/test_hive_metastore.py @@ -45,11 +45,12 @@ class TestHiveMetastore(RMFTestCase): ) self.assert_configure_default() - self.assertResourceCalled('Execute', 'env HADOOP_HOME=/usr JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', - not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', - environment = {'HADOOP_HOME': '/usr'}, - path = ["/bin:/usr/lib/hive/bin:/usr/bin"], - user = 'hive' + + self.assertResourceCalled('Execute', '/tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + environment = {'HADOOP_HOME': '/usr', 'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', + user = 'hive', + path = ['/bin:/usr/lib/hive/bin:/usr/bin'], ) self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/lib/hive/lib//mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6402.ambari.apache.org/hive?createDatabaseIfNotExist=true\' hive aaa com.mysql.jdbc.Driver', @@ -72,22 +73,13 @@ class TestHiveMetastore(RMFTestCase): ) self.assert_configure_default() - self.assertResourceCalled('Execute', (u'env', - u'HADOOP_HOME=/usr', - u'JAVA_HOME=/usr/jdk64/jdk1.7.0_45', - u'/tmp/start_metastore_script', - u'/var/log/hive/hive.out', - u'/var/log/hive/hive.log', - u'/var/run/hive/hive.pid', - u'/etc/hive/conf.server', - u'/var/log/hive'), - environment = {'HADOOP_HOME': '/usr'}, - not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', - sudo = True, - user = 'hive', - path = ['/bin:/usr/lib/hive/bin:/usr/bin'], - ) + self.assertResourceCalled('Execute', '/tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + environment = {'HADOOP_HOME': '/usr', 'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', + user = 'hive', + path = ['/bin:/usr/lib/hive/bin:/usr/bin'], + ) self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/lib/hive/lib//mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6402.ambari.apache.org/hive?createDatabaseIfNotExist=true\' hive aaa com.mysql.jdbc.Driver', path = ['/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin'], tries = 5, @@ -144,11 +136,12 @@ class TestHiveMetastore(RMFTestCase): self.assertResourceCalled('Execute', '/usr/bin/kinit -kt /etc/security/keytabs/hive.service.keytab hive/c6401.ambari.apache....@example.com; ', user = 'hive', ) - self.assertResourceCalled('Execute', 'env HADOOP_HOME=/usr JAVA_HOME=/usr/jdk64/jdk1.7.0_45 /tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', - not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', - environment = {'HADOOP_HOME' : '/usr'}, - path = ["/bin:/usr/lib/hive/bin:/usr/bin"], - user = 'hive' + + self.assertResourceCalled('Execute', '/tmp/start_metastore_script /var/log/hive/hive.out /var/log/hive/hive.log /var/run/hive/hive.pid /etc/hive/conf.server /var/log/hive', + environment = {'HADOOP_HOME': '/usr', 'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + not_if = 'ls /var/run/hive/hive.pid >/dev/null 2>&1 && ps -p `cat /var/run/hive/hive.pid` >/dev/null 2>&1', + user = 'hive', + path = ['/bin:/usr/lib/hive/bin:/usr/bin'], ) self.assertResourceCalled('Execute', '/usr/jdk64/jdk1.7.0_45/bin/java -cp /usr/lib/ambari-agent/DBConnectionVerification.jar:/usr/lib/hive/lib//mysql-connector-java.jar org.apache.ambari.server.DBConnectionVerification \'jdbc:mysql://c6402.ambari.apache.org/hive?createDatabaseIfNotExist=true\' hive asd com.mysql.jdbc.Driver', @@ -244,18 +237,21 @@ class TestHiveMetastore(RMFTestCase): group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/log/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/lib/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) def assert_configure_secured(self): @@ -321,18 +317,21 @@ class TestHiveMetastore(RMFTestCase): group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/log/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) self.assertResourceCalled('Directory', '/var/lib/hive', owner = 'hive', group = 'hadoop', mode = 0755, recursive = True, + cd_access = 'a', ) @patch("resource_management.libraries.functions.security_commons.build_expectations")
