Repository: ambari Updated Branches: refs/heads/trunk 14c13c1c6 -> 0d203448b
AMBARI-13837. Ambari does not let user specify Active Directory LDAP configs when using HS2.(vbrodetskyi) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0d203448 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0d203448 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0d203448 Branch: refs/heads/trunk Commit: 0d203448bed3468aeb0ee703b97a1a3cb5ac03e5 Parents: 14c13c1 Author: Vitaly Brodetskyi <vbrodets...@hortonworks.com> Authored: Thu Nov 12 18:59:52 2015 +0200 Committer: Vitaly Brodetskyi <vbrodets...@hortonworks.com> Committed: Thu Nov 12 19:01:55 2015 +0200 ---------------------------------------------------------------------- .../ambari/server/upgrade/UpgradeCatalog210.java | 2 -- .../2.2/services/HIVE/configuration/hive-site.xml | 1 - .../stacks/HDP/2.2/services/stack_advisor.py | 15 ++++++++++----- .../stacks/HDP/2.3/services/stack_advisor.py | 6 ++++-- .../python/stacks/2.2/common/test_stack_advisor.py | 9 ++++++--- .../python/stacks/2.3/common/test_stack_advisor.py | 5 ++--- 6 files changed, 22 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/0d203448/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java index ac5df7c..52079cf 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog210.java @@ -1596,10 +1596,8 @@ public class UpgradeCatalog210 extends AbstractUpgradeCatalog { } if (!"ldap".equalsIgnoreCase(hive_server2_auth)) { hiveSiteRemoveProps.add("hive.server2.authentication.ldap.url"); - hiveSiteRemoveProps.add("hive.server2.authentication.ldap.baseDN"); } else { hiveSiteAddProps.put("hive.server2.authentication.ldap.url", ""); - hiveSiteAddProps.put("hive.server2.authentication.ldap.baseDN", ""); } if (!"kerberos".equalsIgnoreCase(hive_server2_auth) && !cluster.getServices().containsKey("KERBEROS")) { hiveSiteRemoveProps.add("hive.server2.authentication.kerberos.keytab"); http://git-wip-us.apache.org/repos/asf/ambari/blob/0d203448/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml index b17adbd..a214c3e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/hive-site.xml @@ -1745,7 +1745,6 @@ limitations under the License. </property> <property> <name>hive.server2.authentication.ldap.baseDN</name> - <value></value> <property-type>DONT_ADD_ON_UPGRADE</property-type> <depends-on> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/0d203448/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py index 5ea3115..6645083 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py @@ -483,16 +483,11 @@ class HDP22StackAdvisor(HDP21StackAdvisor): if hive_server2_auth == "ldap": putHiveSiteProperty("hive.server2.authentication.ldap.url", "") - putHiveSiteProperty("hive.server2.authentication.ldap.baseDN", " ") else: if ("hive.server2.authentication.ldap.url" in configurations["hive-site"]["properties"]) or \ ("hive-site" not in services["configurations"]) or \ ("hive-site" in services["configurations"] and "hive.server2.authentication.ldap.url" in services["configurations"]["hive-site"]["properties"]): putHiveSitePropertyAttribute("hive.server2.authentication.ldap.url", "delete", "true") - if ("hive.server2.authentication.ldap.baseDN" in configurations["hive-site"]["properties"]) or \ - ("hive-site" not in services["configurations"]) or \ - ("hive-site" in services["configurations"] and "hive.server2.authentication.ldap.baseDN" in services["configurations"]["hive-site"]["properties"]): - putHiveSitePropertyAttribute("hive.server2.authentication.ldap.baseDN", "delete", "true") if hive_server2_auth == "kerberos": putHiveSiteProperty("hive.server2.authentication.kerberos.keytab", "") @@ -1230,6 +1225,16 @@ class HDP22StackAdvisor(HDP21StackAdvisor): "item": self.getWarnItem("Correct values are {0}".format(stripe_size_values)) } ) + authentication_property = "hive.server2.authentication" + ldap_baseDN_property = "hive.server2.authentication.ldap.baseDN" + ldap_domain_property = "hive.server2.authentication.ldap.Domain" + if authentication_property in properties and properties[authentication_property].lower() == "ldap" \ + and not (ldap_baseDN_property in properties or ldap_domain_property in properties): + validationItems.append({"config-name" : authentication_property, "item" : + self.getWarnItem("According to LDAP value for " + authentication_property + ", you should add " + + ldap_domain_property + " property, if you are using AD, if not, then " + ldap_baseDN_property + "!")}) + + configurationValidationProblems = self.toConfigurationValidationProblems(validationItems, "hive-site") configurationValidationProblems.extend(parentValidationProblems) return configurationValidationProblems http://git-wip-us.apache.org/repos/asf/ambari/blob/0d203448/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 83dd804..e421abe 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -590,7 +590,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor): def validateHiveConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): - super(HDP23StackAdvisor, self).validateHiveConfigurations(properties, recommendedDefaults, configurations, services, hosts) + parentValidationProblems = super(HDP23StackAdvisor, self).validateHiveConfigurations(properties, recommendedDefaults, configurations, services, hosts) hive_site = properties hive_env_properties = getSiteProperties(configurations, "hive-env") validationItems = [] @@ -609,8 +609,10 @@ class HDP23StackAdvisor(HDP22StackAdvisor): "item": self.getWarnItem( "If Hive using SQL Anywhere db." \ " {0} needs to be set to {1}".format(prop_name,prop_value))}) - return self.toConfigurationValidationProblems(validationItems, "hive-site") + configurationValidationProblems = self.toConfigurationValidationProblems(validationItems, "hive-site") + configurationValidationProblems.extend(parentValidationProblems) + return configurationValidationProblems def validateHiveServer2Configurations(self, properties, recommendedDefaults, configurations, services, hosts): super(HDP23StackAdvisor, self).validateHiveServer2Configurations(properties, recommendedDefaults, configurations, services, hosts) http://git-wip-us.apache.org/repos/asf/ambari/blob/0d203448/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py index 6b9dcd5..d3d2c3a 100644 --- a/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.2/common/test_stack_advisor.py @@ -1035,8 +1035,7 @@ class TestHDP22StackAdvisor(TestCase): 'hive.auto.convert.join.noconditionaltask.size': {'maximum': '805306368'}, 'hive.server2.authentication.pam.services': {'delete': 'true'}, 'hive.server2.custom.authentication.class': {'delete': 'true'}, - 'hive.server2.authentication.ldap.baseDN': {'delete': 'true'}, - 'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, + 'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, 'hive.server2.authentication.kerberos.keytab': {'delete': 'true'}, 'hive.server2.authentication.ldap.url': {'delete': 'true'}, 'hive.server2.tez.default.queues': { @@ -3093,6 +3092,7 @@ class TestHDP22StackAdvisor(TestCase): def test_validateHiveConfigurations(self): properties = {"hive_security_authorization": "None", + "hive.server2.authentication": "LDAP", "hive.exec.orc.default.stripe.size": "8388608", 'hive.tez.container.size': '2048', 'hive.tez.java.opts': '-Xmx300m', @@ -3113,7 +3113,10 @@ class TestHDP22StackAdvisor(TestCase): } # Test for 'ranger-hive-plugin-properties' not being in configs - res_expected = [] + res_expected = [{'config-type': 'hive-site', 'message': 'According to LDAP value for hive.server2.authentication, ' + 'you should add hive.server2.authentication.ldap.Domain property, if you are using AD, if not, ' + 'then hive.server2.authentication.ldap.baseDN!', 'type': 'configuration', 'config-name': + 'hive.server2.authentication', 'level': 'WARN'}] res = self.stackAdvisor.validateHiveConfigurations(properties, recommendedDefaults, configurations, services, {}) self.assertEquals(res, res_expected) http://git-wip-us.apache.org/repos/asf/ambari/blob/0d203448/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py index fc4f2e9..d6b0c07 100644 --- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py @@ -726,8 +726,7 @@ class TestHDP23StackAdvisor(TestCase): 'hive.auto.convert.join.noconditionaltask.size': {'maximum': '805306368'}, 'hive.server2.authentication.pam.services': {'delete': 'true'}, 'hive.server2.custom.authentication.class': {'delete': 'true'}, - 'hive.server2.authentication.ldap.baseDN': {'delete': 'true'}, - 'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, + 'hive.server2.authentication.kerberos.principal': {'delete': 'true'}, 'hive.server2.authentication.kerberos.keytab': {'delete': 'true'}, 'hive.server2.authentication.ldap.url': {'delete': 'true'}, 'hive.server2.tez.default.queues': { @@ -1313,4 +1312,4 @@ class TestHDP23StackAdvisor(TestCase): recommendedConfigurations = {} self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None) - self.assertEquals(recommendedConfigurations['ranger-admin-site']['properties']['ranger.audit.solr.zookeepers'], 'NONE') \ No newline at end of file + self.assertEquals(recommendedConfigurations['ranger-admin-site']['properties']['ranger.audit.solr.zookeepers'], 'NONE')