Repository: ambari Updated Branches: refs/heads/trunk 727b76f0f -> 2f25e3b12
Ambari-10680. Phoenix Query Server not supported in secure deployments (ndimiduk via smohanty) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2f25e3b1 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2f25e3b1 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2f25e3b1 Branch: refs/heads/trunk Commit: 2f25e3b1298391dcff9d5145a7ff8b039e6e58bb Parents: 727b76f Author: Sumit Mohanty <smoha...@hortonworks.com> Authored: Thu Apr 23 11:17:47 2015 -0700 Committer: Sumit Mohanty <smoha...@hortonworks.com> Committed: Thu Apr 23 11:17:47 2015 -0700 ---------------------------------------------------------------------- .../HBASE/0.96.0.2.0/kerberos.json | 26 ++++++++++++++++++++ .../0.96.0.2.0/package/scripts/params_linux.py | 3 +++ .../templates/hbase_queryserver_jaas.conf.j2 | 26 ++++++++++++++++++++ .../python/stacks/2.0.6/configs/secured.json | 1 + .../python/stacks/2.3/configs/hbase_secure.json | 1 + 5 files changed, 57 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/2f25e3b1/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json index 67664a9..125a9c9 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/kerberos.json @@ -98,6 +98,32 @@ } } ] + }, + { + "name": "PHOENIX_QUERY_SERVER", + "identities": [ + { + "name": "hbase_queryserver_hbase", + "principal": { + "value": "hbase/_HOST@${realm}", + "type" : "service", + "configuration": "hbase-site/phoenix.queryserver.kerberos.principal", + "local_username": "${hbase-env/hbase_user}" + }, + "keytab": { + "file": "${keytab_dir}/hbase.service.keytab", + "owner": { + "name": "${hbase-env/hbase_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "hbase-site/phoenix.queryserver.keytab.file" + } + } + ] } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/2f25e3b1/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index 6a3a1a4..311819a 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -94,6 +94,7 @@ local_dir = substitute_vars(_local_dir_conf, config['configurations']['hbase-sit client_jaas_config_file = format("{hbase_conf_dir}/hbase_client_jaas.conf") master_jaas_config_file = format("{hbase_conf_dir}/hbase_master_jaas.conf") regionserver_jaas_config_file = format("{hbase_conf_dir}/hbase_regionserver_jaas.conf") +queryserver_jaas_config_file = format("{hbase_conf_dir}/phoenix_queryserver_jaas.conf") ganglia_server_hosts = default('/clusterHostInfo/ganglia_server_host', []) # is not passed when ganglia is not present ganglia_server_host = '' if len(ganglia_server_hosts) == 0 else ganglia_server_hosts[0] @@ -123,9 +124,11 @@ if security_enabled: _hostname_lowercase = config['hostname'].lower() master_jaas_princ = config['configurations']['hbase-site']['hbase.master.kerberos.principal'].replace('_HOST',_hostname_lowercase) regionserver_jaas_princ = config['configurations']['hbase-site']['hbase.regionserver.kerberos.principal'].replace('_HOST',_hostname_lowercase) + queryserver_jaas_princ = config['configurations']['hbase-site']['phoenix.queryserver.kerberos.principal'].replace('_HOST',_hostname_lowercase) master_keytab_path = config['configurations']['hbase-site']['hbase.master.keytab.file'] regionserver_keytab_path = config['configurations']['hbase-site']['hbase.regionserver.keytab.file'] +queryserver_keytab_path = config['configurations']['hbase-site']['phoenix.queryserver.keytab.file'] smoke_user_keytab = config['configurations']['cluster-env']['smokeuser_keytab'] hbase_user_keytab = config['configurations']['hbase-env']['hbase_user_keytab'] kinit_path_local = functions.get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None)) http://git-wip-us.apache.org/repos/asf/ambari/blob/2f25e3b1/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_queryserver_jaas.conf.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_queryserver_jaas.conf.j2 b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_queryserver_jaas.conf.j2 new file mode 100644 index 0000000..c5a6c3f --- /dev/null +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/templates/hbase_queryserver_jaas.conf.j2 @@ -0,0 +1,26 @@ +{# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#} + +Client { +com.sun.security.auth.module.Krb5LoginModule required +useKeyTab=true +storeKey=true +useTicketCache=false +keyTab="{{queryserver_keytab_path}}" +principal="{{queryserver_jaas_princ}}"; +}; http://git-wip-us.apache.org/repos/asf/ambari/blob/2f25e3b1/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json index 7d66e72..c54d2b0 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json +++ b/ambari-server/src/test/python/stacks/2.0.6/configs/secured.json @@ -330,6 +330,7 @@ "hbase.local.dir": "${hbase.tmp.dir}/local", "hfile.block.cache.size": "0.40", "hbase.regionserver.kerberos.principal": "hbase/_h...@example.com", + "phoenix.queryserver.kerberos.principal": "hbase/_h...@example.com", "hbase.security.authentication": "kerberos", "hbase.defaults.for.version.skip": "true", "hbase.zookeeper.quorum": "c6401.ambari.apache.org,c6402.ambari.apache.org", http://git-wip-us.apache.org/repos/asf/ambari/blob/2f25e3b1/ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json b/ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json index ea57e66..8580db6 100644 --- a/ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json +++ b/ambari-server/src/test/python/stacks/2.3/configs/hbase_secure.json @@ -357,6 +357,7 @@ "hbase.tmp.dir": "/hadoop/hbase", "hfile.block.cache.size": "0.40", "hbase.regionserver.kerberos.principal": "hbase/_h...@example.com", + "phoenix.queryserver.kerberos.principal": "hbase/_h...@example.com", "hbase.client.scanner.caching": "100", "hbase.security.authentication": "kerberos", "hbase.defaults.for.version.skip": "true",