Repository: ambari Updated Branches: refs/heads/trunk 2ac17444b -> bf0e3db8e
AMBARI-13435. Ambari to support three topology config files for Knox (Sumit Gupta via smohanty) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/bf0e3db8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/bf0e3db8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/bf0e3db8 Branch: refs/heads/trunk Commit: bf0e3db8ea16de66b447822fd86ad4ff0a12ca79 Parents: 2ac1744 Author: Sumit Mohanty <smoha...@hortonworks.com> Authored: Fri Oct 23 09:05:30 2015 -0700 Committer: Sumit Mohanty <smoha...@hortonworks.com> Committed: Fri Oct 23 09:05:30 2015 -0700 ---------------------------------------------------------------------- .../0.5.0.2.2/configuration/admin-topology.xml | 96 ++++++++++++++++++++ .../common-services/KNOX/0.5.0.2.2/metainfo.xml | 2 + .../KNOX/0.5.0.2.2/package/scripts/knox.py | 17 ++++ .../0.5.0.2.2/package/scripts/params_linux.py | 2 + .../0.5.0.2.2/package/scripts/params_windows.py | 2 + .../KNOX/configuration/knoxsso-topology.xml | 93 +++++++++++++++++++ .../python/stacks/2.2/KNOX/test_knox_gateway.py | 10 ++ .../test/python/stacks/2.2/configs/default.json | 4 + ambari-web/app/models/stack_service.js | 2 +- 9 files changed, 227 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml new file mode 100644 index 0000000..b6b09ed --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/admin-topology.xml @@ -0,0 +1,96 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration supports_final="false" supports_adding_forbidden="true"> + <!-- topology file --> + + <property> + <name>content</name> + <value> + <topology> + + <gateway> + + <provider> + <role>authentication</role> + <name>ShiroProvider</name> + <enabled>true</enabled> + <param> + <name>sessionTimeout</name> + <value>30</value> + </param> + <param> + <name>main.ldapRealm</name> + <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value> + </param> + <param> + <name>main.ldapRealm.userDnTemplate</name> + <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value> + </param> + <param> + <name>main.ldapRealm.contextFactory.url</name> + <value>ldap://{{knox_host_name}}:33389</value> + </param> + <param> + <name>main.ldapRealm.contextFactory.authenticationMechanism</name> + <value>simple</value> + </param> + <param> + <name>urls./**</name> + <value>authcBasic</value> + </param> + </provider> + + <provider> + <role>authorization</role> + <name>AclsAuthz</name> + <enabled>true</enabled> + <param> + <name>knox.acl</name> + <value>admin;*;*</value> + </param> + </provider> + + <provider> + <role>identity-assertion</role> + <name>Default</name> + <enabled>true</enabled> + </provider> + + </gateway> + + <service> + <role>KNOX</role> + </service> + + </topology> + + </value> + <description> + The configuration specifies the Knox admin API configuration and access details. The authentication provider should be configured to match your deployment details. + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <show-property-name>false</show-property-name> + </value-attributes> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml index 34f55ff..657a300 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/metainfo.xml @@ -64,6 +64,8 @@ <config-type>gateway-site</config-type> <config-type>gateway-log4j</config-type> <config-type>topology</config-type> + <config-type>admin-topology</config-type> + <config-type>knoxsso-topology</config-type> <config-type>ranger-knox-plugin-properties</config-type> <config-type>ranger-knox-audit</config-type> <config-type>ranger-knox-policymgr-ssl</config-type> http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py index 055b76e..bb0bbfe 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox.py @@ -60,6 +60,18 @@ def knox(): content=InlineTemplate(params.topology_template) ) + File(os.path.join(params.knox_conf_dir, "topologies", "admin.xml"), + group=params.knox_group, + owner=params.knox_user, + content=InlineTemplate(params.admin_topology_template) + ) + + File(os.path.join(params.knox_conf_dir, "topologies", "knoxsso.xml"), + group=params.knox_group, + owner=params.knox_user, + content=InlineTemplate(params.knoxsso_topology_template) + ) + if params.security_enabled: TemplateConfig( os.path.join(params.knox_conf_dir, "krb5JAASLogin.conf"), owner = params.knox_user, @@ -104,6 +116,11 @@ def knox(): owner=params.knox_user, content=InlineTemplate(params.topology_template) ) + File(format("{params.knox_conf_dir}/topologies/admin.xml"), + group=params.knox_group, + owner=params.knox_user, + content=InlineTemplate(params.admin_topology_template) + ) if params.security_enabled: TemplateConfig( format("{knox_conf_dir}/krb5JAASLogin.conf"), owner = params.knox_user, http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py index 5d4ff69..36d542f 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py @@ -216,6 +216,8 @@ knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0] knox_host_name_in_cluster = config['hostname'] knox_host_port = config['configurations']['gateway-site']['gateway.port'] topology_template = config['configurations']['topology']['content'] +admin_topology_template = config['configurations']['admin-topology']['content'] +knoxsso_topology_template = config['configurations']['knoxsso-topology']['content'] gateway_log4j = config['configurations']['gateway-log4j']['content'] ldap_log4j = config['configurations']['ldap-log4j']['content'] users_ldif = config['configurations']['users-ldif']['content'] http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py index 50acbe7..e044d9a 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_windows.py @@ -57,6 +57,8 @@ knox_host_name = config['clusterHostInfo']['knox_gateway_hosts'][0] knox_host_name_in_cluster = config['hostname'] knox_master_secret = config['configurations']['knox-env']['knox_master_secret'] topology_template = config['configurations']['topology']['content'] +admin_topology_template = config['configurations']['admin-topology']['content'] +knoxsso_topology_template = config['configurations']['knoxsso-topology']['content'] gateway_log4j = config['configurations']['gateway-log4j']['content'] security_enabled = config['configurations']['cluster-env']['security_enabled'] ldap_log4j = config['configurations']['ldap-log4j']['content'] http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml new file mode 100644 index 0000000..0a617ad --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/services/KNOX/configuration/knoxsso-topology.xml @@ -0,0 +1,93 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration supports_final="false" supports_adding_forbidden="true"> + <!-- topology file --> + + <property> + <name>content</name> + <value> + <topology> + + <gateway> + + <provider> + <role>federation</role> + <name>Picketlink</name> + <enabled>true</enabled> + <param> + <name>identity.url</name> + <value>https://SSO_PROVIDER_HOST_NAME:SSO_PROVIDER_PORT/idp/profile/SAML2/POST/SSO</value> + </param> + <param> + <name>service.url</name> + <value>http://{{knox_host_name}}:{{knox_port}}/gateway/idp/knoxsso/api/v1/websso</value> + </param> + <param> + <name>keystore.url</name> + <value>{{knox_cert_store_path}}</value> + </param> + <param> + <name>validating.alias.key</name> + <value>SSO_PROVIDER_DOMAIN</value> + </param> + <param> + <name>validating.alias.value</name> + <value>SSO_PROVIDER_CERT_ALIAS</value> + </param> + <param> + <name>clock.skew.milis</name> + <value>2000</value> + </param> + </provider> + + <provider> + <role>identity-assertion</role> + <name>Default</name> + <enabled>true</enabled> + </provider> + + </gateway> + + <service> + <role>KNOXSSO</role> + <param> + <name>knoxsso.cookie.secure.only</name> + <value>true</value> + </param> + <param> + <name>knoxsso.cookie.max.age</name> + <value>600</value> + </param> + </service> + + </topology> + </value> + <description> + The configuration specifies the KnoxSSO provider integration, cookie and token management details. + </description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <show-property-name>false</show-property-name> + </value-attributes> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py index 817b87d..6f72038 100644 --- a/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py +++ b/ambari-server/src/test/python/stacks/2.2/KNOX/test_knox_gateway.py @@ -84,6 +84,11 @@ class TestKnoxGateway(RMFTestCase): owner = 'knox', content = InlineTemplate(self.getConfig()['configurations']['topology']['content']) ) + self.assertResourceCalled('File', '/usr/hdp/current/knox-server/conf/topologies/admin.xml', + group='knox', + owner = 'knox', + content = InlineTemplate(self.getConfig()['configurations']['admin-topology']['content']) + ) self.assertResourceCalled('Execute', ('chown', '-R', 'knox:knox', @@ -525,6 +530,11 @@ class TestKnoxGateway(RMFTestCase): owner = 'knox', content = InlineTemplate(self.getConfig()['configurations']['topology']['content']) ) + self.assertResourceCalled('File', '/usr/hdp/current/knox-server/conf/topologies/admin.xml', + group='knox', + owner = 'knox', + content = InlineTemplate(self.getConfig()['configurations']['admin-topology']['content']) + ) self.assertResourceCalled('Execute', ('chown', '-R', 'knox:knox', http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-server/src/test/python/stacks/2.2/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/default.json b/ambari-server/src/test/python/stacks/2.2/configs/default.json index 5a5554e..f759f49 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/default.json @@ -255,6 +255,10 @@ "content": "\n <topology>\n\n <gateway>\n\n <provider>\n <role>authentication</role>\n <name>ShiroProvider</name>\n <enabled>true</enabled>\n <param>\n <name>sessionTimeout</name>\n <value>30</value>\n </param>\n <param>\n <name>main.ldapRealm</name>\n <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>\n </param>\n <param>\n <name>main.ldapRealm.userDnTemplate</name>\n <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>\n </param>\n <param>\n <name>main.ldapRealm.contextFactory.url</name>\n <value>ldap://{{knox_host_name}}:33389</value>\n </param>\n <param>\n <name>main.ldapRealm.contextFactory.authenticationMechanism</name>\n <value>simple</value>\n </param>\n <param>\n <name>urls./**</name>\n <value>authcBasic</value>\n </param>\n </provider>\n\n <provider>\n <role>identity-assertion</role>\n <name>Default</name>\n <enabled>true</enabled>\n </provider>\n\n </gateway>\n\n <service>\n <role>NAMENODE</role>\n <url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>\n </service>\n\n <service>\n <role>JOBTRACKER</role>\n <url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>\n </service>\n\n <service>\n <role>WEBHDFS</ro le>\n <url>http://{{namenode_host}}:{{namenode_http_port}}/webhdfs</url>\n </service>\n\n <service>\n <role>WEBHCAT</role>\n <url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>\n </service>\n\n <service>\n <role>OOZIE</role>\n <url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>\n </service>\n\n <service>\n <role>WEBHBASE</role>\n <url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>\n </service>\n\n <service>\n <role>HIVE</role>\n <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>\n </service>\n\n <service>\n <role>RESOURCEMANAGER</role>\n <url>http://{{rm_host}}:{{rm_port}}/ws</url>\n </service>\n </topology>" }, + "admin-topology": { + "content": "\n <topology>\n\n <gateway>\n\n <provider>\n <role>authentication</role>\n <name>ShiroProvider</name>\n <enabled>true</enabled>\n <param>\n <name>sessionTimeout</name>\n <value>30</value>\n </param>\n <param>\n <name>main.ldapRealm</name>\n <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>\n </param>\n <param>\n <name>main.ldapRealm.userDnTemplate</name>\n <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>\n </param>\n <param>\n <name>main.ldapRealm.contextFactory.url</name>\n <value>ldap://{{knox_host_name}}:33389</value>\n </param>\n <param>\n <name>main.ldapRealm.contextFactory.authenticationMechanism</name>\n <value>simple</value>\n </param>\n <param>\n <name>urls./**</name>\n <value>authcBasic</value>\n </param>\n </provider>\n\n <provider>\n <role>identity-assertion</role>\n <name>Default</name>\n <enabled>true</enabled>\n </provider>\n\n </gateway>\n\n <service>\n <role>NAMENODE</role>\n <url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>\n </service>\n\n <service>\n <role>JOBTRACKER</role>\n <url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>\n </service>\n\n <service>\n <role>WEBHDFS</ro le>\n <url>http://{{namenode_host}}:{{namenode_http_port}}/webhdfs</url>\n </service>\n\n <service>\n <role>WEBHCAT</role>\n <url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>\n </service>\n\n <service>\n <role>OOZIE</role>\n <url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>\n </service>\n\n <service>\n <role>WEBHBASE</role>\n <url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>\n </service>\n\n <service>\n <role>HIVE</role>\n <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>\n </service>\n\n <service>\n <role>RESOURCEMANAGER</role>\n <url>http://{{rm_host}}:{{rm_port}}/ws</url>\n </service>\n </topology>" + }, + "ldap-log4j": { "content": "\n # Licensed to the Apache Software Foundation (ASF) under one\n # or more contributor license agreements. See the NOTICE file\n # distributed with this work for additional information\n # regarding copyright ownership. The ASF licenses this file\n # to you under the Apache License, Version 2.0 (the\n # \"License\"); you may not use this file except in compliance\n # with the License. You may obtain a copy of the License at\n #\n # http://www.apache.org/licenses/LICENSE-2.0\n #\n # Unless required by applicable law or agreed to in writing, software\n # distributed under the License is distributed on an \"AS IS\" BASIS,\n # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n # See the License for the specific language governing permissions and\n # limitations under the License.\n #testing\n\n app.log.dir=${launcher.d ir}/../logs\n app.log.file=${launcher.name}.log\n\n log4j.rootLogger=ERROR, drfa\n log4j.logger.org.apache.directory.server.ldap.LdapServer=INFO\n log4j.logger.org.apache.directory=WARN\n\n log4j.appender.stdout=org.apache.log4j.ConsoleAppender\n log4j.appender.stdout.layout=org.apache.log4j.PatternLayout\n log4j.appender.stdout.layout.ConversionPattern=%d{yy/MM/dd HH:mm:ss} %p %c{2}: %m%n\n\n log4j.appender.drfa=org.apache.log4j.DailyRollingFileAppender\n log4j.appender.drfa.File=${app.log.dir}/${app.log.file}\n log4j.appender.drfa.DatePattern=.yyyy-MM-dd\n log4j.appender.drfa.layout=org.apache.log4j.PatternLayout\n log4j.appender.drfa.layout.ConversionPattern=%d{ISO8601} %-5p %c{2} (%F:%M(%L)) - %m%n" }, http://git-wip-us.apache.org/repos/asf/ambari/blob/bf0e3db8/ambari-web/app/models/stack_service.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/models/stack_service.js b/ambari-web/app/models/stack_service.js index ce4278e..3d5e795 100644 --- a/ambari-web/app/models/stack_service.js +++ b/ambari-web/app/models/stack_service.js @@ -397,7 +397,7 @@ App.StackService.configCategories = function () { // Add custom section for every configType to all the services configTypes.forEach(function (type) { - var configTypesWithNoCustomSection = ['capacity-scheduler','mapred-queue-acls','flume-conf', 'pig-properties','topology','users-ldif']; + var configTypesWithNoCustomSection = ['capacity-scheduler','mapred-queue-acls','flume-conf', 'pig-properties','topology','users-ldif', 'admin-topology', 'knoxsso-topology']; if (type.endsWith('-env') || type.endsWith('-log4j') || configTypesWithNoCustomSection.contains(type)) { return; }