Repository: ambari Updated Branches: refs/heads/branch-2.1 bc995b20f -> 8144dbdd4
AMBARI-13803. Reconfiguring Kafka service via ambari-web generates an error in stack advisor. (jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8144dbdd Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8144dbdd Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8144dbdd Branch: refs/heads/branch-2.1 Commit: 8144dbdd4a3c4484ae2eb22b40abd9605dfa0fa7 Parents: bc995b2 Author: Jaimin Jetly <jai...@hortonworks.com> Authored: Mon Nov 9 15:57:08 2015 -0800 Committer: Jaimin Jetly <jai...@hortonworks.com> Committed: Mon Nov 9 15:57:08 2015 -0800 ---------------------------------------------------------------------- .../stacks/HDP/2.3/services/stack_advisor.py | 20 ++++++++++---------- .../stacks/2.3/common/test_stack_advisor.py | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/8144dbdd/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 820487d..3deb87a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -253,7 +253,11 @@ class HDP23StackAdvisor(HDP22StackAdvisor): putHdfsSitePropertyAttribute('dfs.namenode.inode.attributes.provider.class', 'delete', 'true') def recommendKAFKAConfigurations(self, configurations, clusterData, services, hosts): - core_site = services["configurations"]["core-site"]["properties"] + kafka_broker = getServicesSiteProperties(services, "kafka-broker") + + # kerberos security for kafka is decided from `security.inter.broker.protocol` property value + security_enabled = (kafka_broker is not None and 'security.inter.broker.protocol' in kafka_broker + and 'SASL' in kafka_broker['security.inter.broker.protocol']) putKafkaBrokerProperty = self.putProperty(configurations, "kafka-broker", services) putKafkaLog4jProperty = self.putProperty(configurations, "kafka-log4j", services) putKafkaBrokerAttributes = self.putPropertyAttribute(configurations, "kafka-broker") @@ -315,20 +319,16 @@ class HDP23StackAdvisor(HDP22StackAdvisor): else: - # Cluster is kerberized - if 'hadoop.security.authentication' in core_site and core_site['hadoop.security.authentication'] == 'kerberos' and \ + # Kerberized Cluster with Ranger plugin disabled + if security_enabled and \ services['configurations']['kafka-broker']['properties']['authorizer.class.name'] == 'org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer': putKafkaBrokerProperty("authorizer.class.name", 'kafka.security.auth.SimpleAclAuthorizer') + # Non-kerberos Cluster with Ranger plugin disabled else: putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true') - # Cluster with Ranger is not kerberized - elif ('hadoop.security.authentication' not in core_site or core_site['hadoop.security.authentication'] != 'kerberos'): - putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true') - - - # Cluster without Ranger is not kerberized - elif ('hadoop.security.authentication' not in core_site or core_site['hadoop.security.authentication'] != 'kerberos'): + # Non-Kerberos Cluster without Ranger + elif not security_enabled: putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true') http://git-wip-us.apache.org/repos/asf/ambari/blob/8144dbdd/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py index c5620d7..a1114fc 100644 --- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py @@ -255,7 +255,7 @@ class TestHDP23StackAdvisor(TestCase): # Test authorizer.class.name with Ranger Kafka plugin disabled in kerberos environment configurations['kafka-broker']['properties'] = {} configurations['kafka-broker']['property_attributes'] = {} - services['configurations']['core-site']['properties']['hadoop.security.authentication'] = 'kerberos' + services['configurations']['kafka-broker']['properties']['security.inter.broker.protocol'] = 'PLAINTEXTSASL' services['configurations']['kafka-broker']['properties']['authorizer.class.name'] = 'org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer' self.stackAdvisor.recommendKAFKAConfigurations(configurations, clusterData, services, None) self.assertEquals(configurations['kafka-broker']['properties']['authorizer.class.name'], 'kafka.security.auth.SimpleAclAuthorizer' , "Test authorizer.class.name with Ranger Kafka plugin disabled in kerberos environment") @@ -263,7 +263,7 @@ class TestHDP23StackAdvisor(TestCase): # Test authorizer.class.name with Ranger Kafka plugin enabled in non-kerberos environment configurations['kafka-broker']['properties'] = {} configurations['kafka-broker']['property_attributes'] = {} - del services['configurations']['core-site']['properties']['hadoop.security.authentication'] + del services['configurations']['kafka-broker']['properties']['security.inter.broker.protocol'] services['configurations']['kafka-broker']['properties']['authorizer.class.name'] = 'kafka.security.auth.SimpleAclAuthorizer' services['configurations']['ranger-kafka-plugin-properties']['properties']['ranger-kafka-plugin-enabled'] = 'Yes' self.stackAdvisor.recommendKAFKAConfigurations(configurations, clusterData, services, None) @@ -272,7 +272,7 @@ class TestHDP23StackAdvisor(TestCase): # Test authorizer.class.name with Ranger Kafka plugin enabled in kerberos environment configurations['kafka-broker']['properties'] = {} configurations['kafka-broker']['property_attributes'] = {} - services['configurations']['core-site']['properties']['hadoop.security.authentication'] = 'kerberos' + services['configurations']['kafka-broker']['properties']['security.inter.broker.protocol'] = 'PLAINTEXTSASL' services['configurations']['kafka-broker']['properties']['authorizer.class.name'] = 'kafka.security.auth.SimpleAclAuthorizer' services['configurations']['ranger-kafka-plugin-properties']['properties']['ranger-kafka-plugin-enabled'] = 'Yes' self.stackAdvisor.recommendKAFKAConfigurations(configurations, clusterData, services, None)