ambari git commit: AMBARI-14638: secure HAWQ config logic in javascript

Tue, 12 Jan 2016 18:16:15 -0800 

Repository: ambari
Updated Branches:
  refs/heads/trunk 5f7833831 -> 44faf76e0


AMBARI-14638: secure HAWQ config logic in javascript


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/44faf76e
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/44faf76e
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/44faf76e

Branch: refs/heads/trunk
Commit: 44faf76e03d1b45640ff6cdfc8e73d5725316502
Parents: 5f78338
Author: Jun Aoki <ja...@apache.org>
Authored: Tue Jan 12 18:15:28 2016 -0800
Committer: Jun Aoki <ja...@apache.org>
Committed: Tue Jan 12 18:15:28 2016 -0800

----------------------------------------------------------------------
 .../common-services/HAWQ/2.0.0/kerberos.json    | 27 +++++++++++++++-----
 .../HAWQ/2.0.0/package/scripts/common.py        | 17 +-----------
 .../HAWQ/2.0.0/package/scripts/params.py        |  4 ---
 3 files changed, 21 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/44faf76e/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json 
b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
index a8130c4..cc11c15 100644
--- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
+++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json
@@ -1,6 +1,25 @@
 {
     "services": [
         {
+            "name": "HAWQ",
+            "identities": [
+                {
+                    "name": "/hdfs"
+                }
+            ], 
+            "configurations": [
+                {
+                    "hawq-site": {
+                        "enable_secure_filesystem": "ON",
+                        "krb_server_keyfile": 
"${keytab_dir}/hawq.service.keytab"
+                    }
+                },
+                {
+                    "hdfs-client": {
+                        "hadoop.security.authentication": "kerberos"
+                    }
+                }
+            ],
             "components": [
                 {
                     "identities": [
@@ -48,13 +67,7 @@
                     ], 
                     "name": "HAWQSTANDBY"
                 }
-            ], 
-            "identities": [
-                {
-                    "name": "/hdfs"
-                }
-            ], 
-            "name": "HAWQ"
+            ] 
         }
     ]
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/44faf76e/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py
 
b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py
index 2207b76..daab7eb 100644
--- 
a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py
+++ 
b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py
@@ -92,12 +92,6 @@ def __update_hdfs_client():
 
   hdfs_client_dict = params.hdfs_client.copy()
   
-  # security
-  if params.security_enabled:
-    hdfs_client_dict["hadoop.security.authentication"] = "kerberos"
-  else:
-    hdfs_client_dict.pop("hadoop.security.authentication", None) # remove the 
entry
-
   XmlConfig("hdfs-client.xml",
             conf_dir=hawq_constants.hawq_config_dir,
             configurations=ConfigDictionary(hdfs_client_dict),
@@ -129,18 +123,9 @@ def __update_hawq_site():
   """
   import params
   
-  hawq_site_modifiable = dict(params.hawq_site)
-
-  if params.security_enabled:
-    hawq_site_modifiable["enable_secure_filesystem"] = "ON"
-    hawq_site_modifiable["krb_server_keyfile"] = 
hawq_constants.hawq_keytab_file
-  else:
-    hawq_site_modifiable.pop("enable_secure_filesystem", None) # remove the 
entry
-    hawq_site_modifiable.pop("krb_server_keyfile", None) # remove the entry
-
   XmlConfig("hawq-site.xml",
             conf_dir=hawq_constants.hawq_config_dir,
-            configurations=ConfigDictionary(hawq_site_modifiable),
+            configurations=ConfigDictionary(params.hawq_site),
             
configuration_attributes=params.config['configuration_attributes']['hawq-site'],
             owner=hawq_constants.hawq_user,
             group=hawq_constants.hawq_group,

http://git-wip-us.apache.org/repos/asf/ambari/blob/44faf76e/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py
 
b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py
index e19de9d..aa3527c 100644
--- 
a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py
+++ 
b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py
@@ -99,10 +99,6 @@ ExecuteHadoop = functools.partial(ExecuteHadoop,
 rm_host = __get_component_host('rm_host')
 yarn_ha_enabled = 
default('/configurations/yarn-site/yarn.resourcemanager.ha.enabled', False)
 
-# Security
-security_enabled = config['configurations']['cluster-env']['security_enabled']
-
-
 # Config files
 gpcheck_content = config['configurations']['gpcheck-env']['content']
 # database user limits

Reply via email to