Repository: ambari Updated Branches: refs/heads/branch-2.2 50eb7ca51 -> 8fd439789
AMBARI-15770: HAWQ fails to connect to YARN in HA+SEC mode (Alexander Denissov via mithmatt) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8fd43978 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8fd43978 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8fd43978 Branch: refs/heads/branch-2.2 Commit: 8fd439789175bcae4e4b79a3ab8d364a1bdf0717 Parents: 50eb7ca Author: Matt <mmat...@pivotal.io> Authored: Fri Apr 8 11:01:57 2016 -0700 Committer: Matt <mmat...@pivotal.io> Committed: Fri Apr 8 11:01:57 2016 -0700 ---------------------------------------------------------------------- .../resources/common-services/HAWQ/2.0.0/kerberos.json | 11 +++++++++++ .../HAWQ/2.0.0/package/scripts/common.py | 13 +++++++++++++ .../HAWQ/2.0.0/package/scripts/hawq_constants.py | 1 + .../src/test/python/stacks/2.3/HAWQ/test_hawqmaster.py | 11 +++++++++++ .../test/python/stacks/2.3/HAWQ/test_hawqsegment.py | 11 +++++++++++ .../test/python/stacks/2.3/HAWQ/test_hawqstandby.py | 11 +++++++++++ 6 files changed, 58 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/8fd43978/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json index da11986..088a244 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/kerberos.json @@ -35,6 +35,17 @@ "hdfs-client": { "hadoop.security.authentication": "kerberos" } + }, + { + "yarn-client": { + "hadoop.security.authentication": "kerberos" + } + }, + { + "core-site": { + "hadoop.proxyuser.postgres.hosts": "*", + "hadoop.proxyuser.postgres.groups": "${cluster-env/user_group}" + } } ], "components" : [ http://git-wip-us.apache.org/repos/asf/ambari/blob/8fd43978/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py index 2ec4903..88bc4fa 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/common.py @@ -37,6 +37,7 @@ def setup_user(): Creates HAWQ user home directory and sets up the correct ownership. """ __create_hawq_user() + __create_hawq_user_secured() __set_home_dir_ownership() @@ -53,6 +54,18 @@ def __create_hawq_user(): groups=[hawq_constants.hawq_group, params.user_group], ignore_failures=True) +def __create_hawq_user_secured(): + """ + Creates HAWQ secured headless user belonging to hadoop group. + """ + import params + Group(hawq_constants.hawq_group_secured, ignore_failures=True) + + User(hawq_constants.hawq_user_secured, + gid=hawq_constants.hawq_group_secured, + groups=[hawq_constants.hawq_group_secured, params.user_group], + ignore_failures=True) + def create_master_dir(dir_path): """ Creates the master directory (hawq_master_dir or hawq_segment_dir) for HAWQ http://git-wip-us.apache.org/repos/asf/ambari/blob/8fd43978/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/hawq_constants.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/hawq_constants.py b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/hawq_constants.py index 2a671da..3f6c371 100644 --- a/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/hawq_constants.py +++ b/ambari-server/src/main/resources/common-services/HAWQ/2.0.0/package/scripts/hawq_constants.py @@ -34,6 +34,7 @@ root_user = "root" hawq_user = "gpadmin" hawq_user_secured = "postgres" hawq_group = hawq_user +hawq_group_secured = hawq_user_secured # Directories hawq_home_dir = "/usr/local/hawq/" http://git-wip-us.apache.org/repos/asf/ambari/blob/8fd43978/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqmaster.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqmaster.py b/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqmaster.py index 5a5ee8d..c18941c 100644 --- a/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqmaster.py +++ b/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqmaster.py @@ -27,6 +27,7 @@ class TestHawqMaster(RMFTestCase): COMMON_SERVICES_PACKAGE_DIR = 'HAWQ/2.0.0/package' STACK_VERSION = '2.3' GPADMIN = 'gpadmin' + POSTGRES = 'postgres' DEFAULT_IMMUTABLE_PATHS = ['/apps/hive/warehouse', '/apps/falcon', '/mr-history/done', '/app-logs', '/tmp'] def __asserts_for_configure(self): @@ -42,6 +43,16 @@ class TestHawqMaster(RMFTestCase): password = 'saNIJ3hOyqasU' ) + self.assertResourceCalled('Group', self.POSTGRES, + ignore_failures = True + ) + + self.assertResourceCalled('User', self.POSTGRES, + gid = self.POSTGRES, + groups = [self.POSTGRES, u'hadoop'], + ignore_failures = True + ) + self.assertResourceCalled('Execute', 'chown -R gpadmin:gpadmin /usr/local/hawq/', timeout = 600 ) http://git-wip-us.apache.org/repos/asf/ambari/blob/8fd43978/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqsegment.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqsegment.py b/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqsegment.py index c212b7d..17d7473 100644 --- a/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqsegment.py +++ b/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqsegment.py @@ -25,6 +25,7 @@ class TestHawqSegment(RMFTestCase): COMMON_SERVICES_PACKAGE_DIR = 'HAWQ/2.0.0/package' STACK_VERSION = '2.3' GPADMIN = 'gpadmin' + POSTGRES = 'postgres' def __asserts_for_configure(self): @@ -39,6 +40,16 @@ class TestHawqSegment(RMFTestCase): password = 'saNIJ3hOyqasU' ) + self.assertResourceCalled('Group', self.POSTGRES, + ignore_failures = True + ) + + self.assertResourceCalled('User', self.POSTGRES, + gid = self.POSTGRES, + groups = [self.POSTGRES, u'hadoop'], + ignore_failures = True + ) + self.assertResourceCalled('Execute', 'chown -R gpadmin:gpadmin /usr/local/hawq/', timeout = 600 ) http://git-wip-us.apache.org/repos/asf/ambari/blob/8fd43978/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqstandby.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqstandby.py b/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqstandby.py index 1eb335e..44565b3 100644 --- a/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqstandby.py +++ b/ambari-server/src/test/python/stacks/2.3/HAWQ/test_hawqstandby.py @@ -26,6 +26,7 @@ class TestHawqStandby(RMFTestCase): COMMON_SERVICES_PACKAGE_DIR = 'HAWQ/2.0.0/package' STACK_VERSION = '2.3' GPADMIN = 'gpadmin' + POSTGRES = 'postgres' def __asserts_for_configure(self): @@ -40,6 +41,16 @@ class TestHawqStandby(RMFTestCase): password = 'saNIJ3hOyqasU' ) + self.assertResourceCalled('Group', self.POSTGRES, + ignore_failures = True + ) + + self.assertResourceCalled('User', self.POSTGRES, + gid = self.POSTGRES, + groups = [self.POSTGRES, u'hadoop'], + ignore_failures = True + ) + self.assertResourceCalled('Execute', 'chown -R gpadmin:gpadmin /usr/local/hawq/', timeout = 600 )