Repository: ambari Updated Branches: refs/heads/trunk 5f7833831 -> 44faf76e0
AMBARI-14638: secure HAWQ config logic in javascript Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/44faf76e Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/44faf76e Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/44faf76e Branch: refs/heads/trunk Commit: 44faf76e03d1b45640ff6cdfc8e73d5725316502 Parents: 5f78338 Author: Jun Aoki <ja...@apache.org> Authored: Tue Jan 12 18:15:28 2016 -0800 Committer: Jun Aoki <ja...@apache.org> Committed: Tue Jan 12 18:15:28 2016 -0800 ---------------------------------------------------------------------- .../common-services/HAWQ/2.0.0/kerberos.json | 27 +++++++++++++++----- .../HAWQ/2.0.0/package/scripts/common.py | 17 +----------- .../HAWQ/2.0.0/package/scripts/params.py | 4 --- 3 files changed, 21 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/44faf76e/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json index a8130c4..cc11c15 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json @@ -1,6 +1,25 @@ { "services": [ { + "name": "HAWQ", + "identities": [ + { + "name": "/hdfs" + } + ], + "configurations": [ + { + "hawq-site": { + "enable_secure_filesystem": "ON", + "krb_server_keyfile": "${keytab_dir}/hawq.service.keytab" + } + }, + { + "hdfs-client": { + "hadoop.security.authentication": "kerberos" + } + } + ], "components": [ { "identities": [ @@ -48,13 +67,7 @@ ], "name": "HAWQSTANDBY" } - ], - "identities": [ - { - "name": "/hdfs" - } - ], - "name": "HAWQ" + ] } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/44faf76e/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py index 2207b76..daab7eb 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py @@ -92,12 +92,6 @@ def __update_hdfs_client(): hdfs_client_dict = params.hdfs_client.copy() - # security - if params.security_enabled: - hdfs_client_dict["hadoop.security.authentication"] = "kerberos" - else: - hdfs_client_dict.pop("hadoop.security.authentication", None) # remove the entry - XmlConfig("hdfs-client.xml", conf_dir=hawq_constants.hawq_config_dir, configurations=ConfigDictionary(hdfs_client_dict), @@ -129,18 +123,9 @@ def __update_hawq_site(): """ import params - hawq_site_modifiable = dict(params.hawq_site) - - if params.security_enabled: - hawq_site_modifiable["enable_secure_filesystem"] = "ON" - hawq_site_modifiable["krb_server_keyfile"] = hawq_constants.hawq_keytab_file - else: - hawq_site_modifiable.pop("enable_secure_filesystem", None) # remove the entry - hawq_site_modifiable.pop("krb_server_keyfile", None) # remove the entry - XmlConfig("hawq-site.xml", conf_dir=hawq_constants.hawq_config_dir, - configurations=ConfigDictionary(hawq_site_modifiable), + configurations=ConfigDictionary(params.hawq_site), configuration_attributes=params.config['configuration_attributes']['hawq-site'], owner=hawq_constants.hawq_user, group=hawq_constants.hawq_group, http://git-wip-us.apache.org/repos/asf/ambari/blob/44faf76e/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py index e19de9d..aa3527c 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/params.py @@ -99,10 +99,6 @@ ExecuteHadoop = functools.partial(ExecuteHadoop, rm_host = __get_component_host('rm_host') yarn_ha_enabled = default('/configurations/yarn-site/yarn.resourcemanager.ha.enabled', False) -# Security -security_enabled = config['configurations']['cluster-env']['security_enabled'] - - # Config files gpcheck_content = config['configurations']['gpcheck-env']['content'] # database user limits