Repository: ambari Updated Branches: refs/heads/trunk 57bda3470 -> 862d5b36d
AMBARI-16290: Handle repository creation for Hive in Ranger for kerberised environments(gautam) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/862d5b36 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/862d5b36 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/862d5b36 Branch: refs/heads/trunk Commit: 862d5b36dd37b226e9c6bc5b9bb7c232ed141bf8 Parents: 57bda34 Author: Gautam Borad <gau...@apache.org> Authored: Sat May 7 14:34:22 2016 +0530 Committer: Gautam Borad <gau...@apache.org> Committed: Fri May 13 11:09:21 2016 +0530 ---------------------------------------------------------------------- .../libraries/functions/ranger_functions_v2.py | 129 +++---------------- .../functions/setup_ranger_plugin_xml.py | 9 +- .../0.96.0.2.0/package/scripts/params_linux.py | 2 + .../package/scripts/setup_ranger_hbase.py | 2 +- .../2.1.0.2.0/package/scripts/params_linux.py | 3 + .../package/scripts/setup_ranger_hdfs.py | 2 +- .../0.12.0.2.0/package/scripts/params_linux.py | 3 + .../package/scripts/setup_ranger_hive.py | 4 +- .../KAFKA/0.8.1/package/scripts/params.py | 2 +- .../0.5.0.2.2/package/scripts/params_linux.py | 3 + .../package/scripts/setup_ranger_knox.py | 2 +- .../STORM/0.9.1/package/scripts/params_linux.py | 1 + .../0.9.1/package/scripts/setup_ranger_storm.py | 3 +- .../2.1.0.2.0/package/scripts/params_linux.py | 3 + 14 files changed, 41 insertions(+), 127 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py index 4f319ea..a486da7 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/ranger_functions_v2.py @@ -98,7 +98,8 @@ class RangeradminV2: def create_ranger_repository(self, component, repo_name, repo_properties, ambari_ranger_admin, ambari_ranger_password, - admin_uname, admin_password, policy_user, is_security_enabled, component_user, component_user_principal, component_user_keytab): + admin_uname, admin_password, policy_user, is_security_enabled = False, component_user = None, + component_user_principal = None, component_user_keytab = None): if not is_security_enabled : response_code = self.check_ranger_login_urllib2(self.base_url) repo_data = json.dumps(repo_properties) @@ -345,10 +346,12 @@ class RangeradminV2: response_stripped = response[1:len(response) - 1] if response_stripped and len(response_stripped) > 0: response_json = json.loads(response_stripped) - if response_json['name'].lower() == name.lower(): + if 'name' in response_json and response_json['name'].lower() == name.lower(): return response_json else: return None + else: + return None except Fail, fail: raise Fail(str(fail)) @@ -364,120 +367,24 @@ class RangeradminV2: :param data: service definition of the repository :return: """ - search_repo_url = self.url_repos_pub - header = 'Content-Type: application/json' - method = 'POST' - - response,error_message,time_in_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,search_repo_url,False,method,data,header) - if response and len(response) > 0: - response_json = json.loads(response) - if 'name' in response_json and response_json['name'].lower() == name.lower(): - Logger.info('Repository created Successfully') - service_name = response_json['name'] - service_type = response_json['type'] - if service_type in ['hdfs','hive','hbase','knox','storm']: - policy_list = self.get_policy_by_repo_name(component_user,component_user_keytab,component_user_principal,service_name,service_type,'true') - if policy_list is not None and len(policy_list) > 0: - policy_update_count = 0 - for policy in policy_list: - updated_policy_object = self.get_policy_params(service_type,policy,policy_user=policy_user) - response,error_message,time_in_millis = self.update_ranger_policy(component_user,component_user_keytab,component_user_principal,updated_policy_object['id'],json.dumps(updated_policy_object)) - if response and len(response) > 0: - policy_update_count += 1 - else: - Logger.info("Policy updated failed") - if len(policy_list) == policy_update_count: - Logger.info("Ranger Repository created successfully and policies updated successfully providing ambari-qa user all permissions") - return response_json - else: - return response_json - else: - Logger.info('Repository creation failed') - return None - else: - Logger.info('Repository creation failed') - return None - - - - @safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=None) - def get_policy_by_repo_name(self, component_user,component_user_keytab,component_user_principal,name, component, status): - """ - :param name: repository name - :param component: component name for which policy needs to be searched - :param status: true or false - :param usernamepassword: user credentials using which policy needs to be searched - :return Returns successful response else None - """ try: - # time.sleep(5) - search_policy_url = self.url_policies_get+ '?serviceType=' + component + '&isEnabled=' + status - - search_policy_url = search_policy_url.format(servicename=name) - method = 'GET' - response,error_message,time_in_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,search_policy_url,False,request_method=method) - if response and len(response) > 0: - response = json.loads(response) - return response - else: - return None - except Fail, fail: - raise Fail(str(fail)) - - @safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=None) - def update_ranger_policy(self,component_user,component_user_keytab,component_user_principal, policyId, data): - """ - :param policyId: policy id which needs to be updated - :param data: policy data that needs to be updated - :param usernamepassword: user credentials using which policy needs to be updated - :return Returns successful response and response code else None - """ - try: - update_url = self.url_policies + '/' + str(policyId) + search_repo_url = self.url_repos_pub header = 'Content-Type: application/json' - method = 'PUT' + method = 'POST' - response,error_message,time_in_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,update_url,False,method,data,header=header) + response,error_message,time_in_millis = self.call_curl_request(component_user,component_user_keytab,component_user_principal,search_repo_url,False,method,data,header) if response and len(response) > 0: - Logger.info('Policy updated Successfully') - response_json = json.loads(response) - return response_json,error_message,time_in_millis + if 'name' in response_json and response_json['name'].lower() == name.lower(): + Logger.info('Repository created Successfully') + return response_json + elif 'exists'.lower() in response_json.lower(): + Logger.info('Repository {name} already exists'.format(name=name)) + else: + Logger.info('Repository creation failed') + return None else: - Logger.error('Update Policy failed') - return None, None,None + Logger.info('Repository creation failed') + return None except Fail, fail: raise Fail(str(fail)) - - def get_policy_params(self, typeOfPolicy, policyObj, policy_user): - """ - :param typeOfPolicy: component name for which policy has to be get - :param policyObj: policy dict - :param policy_user: policy user that needs to be updated - :returns Returns updated policy dict - """ - typeOfPolicy = typeOfPolicy.lower() - policy_record = '' - if typeOfPolicy == "hdfs": - policy_record = {'users': [policy_user], 'accesses': [{'isAllowed': True,'type': 'read' }, {'isAllowed': True,'type': 'write' },{'isAllowed': True,'type': 'execute' }],'delegateAdmin': True} - elif typeOfPolicy == "hive": - policy_record = {'users': [policy_user], - 'accesses': [{'isAllowed': True,'type': 'select' }, {'isAllowed': True,'type': 'update' }, {'isAllowed': True,'type': 'create' }, - {'isAllowed': True,'type': 'drop' }, {'isAllowed': True,'type': 'alter' }, {'isAllowed': True,'type': 'index' }, - {'isAllowed': True,'type': 'lock' }, {'isAllowed': True,'type': 'all' }],'delegateAdmin':True } - elif typeOfPolicy == "hbase": - policy_record = {'users': [policy_user], 'accesses': [{'isAllowed': True,'type': 'read' }, {'isAllowed': True,'type': 'write' }, - {'isAllowed': True,'type': 'create' }],'delegateAdmin':True } - elif typeOfPolicy == "knox": - policy_record = {'users': [policy_user], 'accesses': [{'isAllowed': True,'type': 'allow' }],'delegateAdmin':True } - elif typeOfPolicy == "storm": - policy_record = {'users': [policy_user], - 'accesses': [{'isAllowed': True,'type': 'submitTopology' }, {'isAllowed': True,'type': 'fileUpload' },{'isAllowed': True,'type': 'getNimbusConf' }, - {'isAllowed': True,'type': 'getClusterInfo' },{'isAllowed': True,'type': 'fileDownload' } , {'isAllowed': True,'type': 'killTopology' }, - {'isAllowed': True,'type': 'rebalance' }, {'isAllowed': True,'type': 'activate' }, {'isAllowed': True,'type': 'deactivate' }, - {'isAllowed': True,'type': 'getTopologyConf' }, {'isAllowed': True,'type': 'getTopology' }, {'isAllowed': True,'type': 'getUserTopology' }, - {'isAllowed': True,'type': 'getTopologyInfo' }, {'isAllowed': True,'type': 'uploadNewCredential' }],'delegateAdmin':True} - - if policy_record != '': - policyObj['policyItems'].append(policy_record) - return policyObj http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py index 4a071ca..d653000 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin_xml.py @@ -70,19 +70,12 @@ def setup_ranger_plugin(component_select_name, service_name, if plugin_enabled: if api_version is not None and api_version == 'v2': - ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url, skip_if_rangeradmin_down=skip_if_rangeradmin_down) - if is_security_enabled and is_stack_supports_ranger_kerberos: - ranger_adm_obj.create_ranger_repository(service_name, repo_name, plugin_repo_dict, + ranger_adm_obj.create_ranger_repository(service_name, repo_name, plugin_repo_dict, ranger_env_properties['ranger_admin_username'], ranger_env_properties['ranger_admin_password'], ranger_env_properties['admin_username'], ranger_env_properties['admin_password'], policy_user,is_security_enabled,component_user,component_user_principal,component_user_keytab) - else: - ranger_adm_obj.create_ranger_repository(service_name, repo_name, plugin_repo_dict, - ranger_env_properties['ranger_admin_username'], ranger_env_properties['ranger_admin_password'], - ranger_env_properties['admin_username'], ranger_env_properties['admin_password'], - policy_user) else: ranger_adm_obj = Rangeradmin(url=policymgr_mgr_url, skip_if_rangeradmin_down=skip_if_rangeradmin_down) ranger_adm_obj.create_ranger_repository(service_name, repo_name, plugin_repo_dict, http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index d3fc173..d1674cb 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -342,6 +342,8 @@ if has_ranger_admin: hbase_ranger_plugin_config['tag.download.auth.users'] = hbase_user hbase_ranger_plugin_config['policy.grant.revoke.auth.users'] = hbase_user + if stack_supports_ranger_kerberos: + hbase_ranger_plugin_config['ambari.service.check.user'] = policy_user hbase_ranger_plugin_repo = { 'isEnabled': 'true', http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py index 864d937..1e860d9 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/setup_ranger_hbase.py @@ -64,7 +64,7 @@ def setup_ranger_hbase(upgrade_type=None): if params.xml_configurations_supported: api_version=None - if params.stack_supports_ranger_kerberos and params.security_enabled: + if params.stack_supports_ranger_kerberos: api_version='v2' from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin setup_ranger_plugin('hbase-client', 'hbase', params.downloaded_custom_connector, params.driver_curl_source, http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py index f42185e..784da9c 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py @@ -489,6 +489,9 @@ if has_ranger_admin: hdfs_ranger_plugin_config['policy.download.auth.users'] = hdfs_user hdfs_ranger_plugin_config['tag.download.auth.users'] = hdfs_user + if stack_supports_ranger_kerberos: + hdfs_ranger_plugin_config['ambari.service.check.user'] = policy_user + hdfs_ranger_plugin_repo = { 'isEnabled': 'true', 'configs': hdfs_ranger_plugin_config, http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py index 72eb3ad..f660562 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/setup_ranger_hdfs.py @@ -46,7 +46,7 @@ def setup_ranger_hdfs(upgrade_type=None): if params.xml_configurations_supported: from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin api_version=None - if params.stack_supports_ranger_kerberos and params.security_enabled: + if params.stack_supports_ranger_kerberos: api_version='v2' setup_ranger_plugin('hadoop-client', 'hdfs', params.downloaded_custom_connector, params.driver_curl_source, http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py index e9f5e47..4f8aa49 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py @@ -662,6 +662,9 @@ if has_ranger_admin: hive_ranger_plugin_config['tag.download.auth.users'] = hive_user hive_ranger_plugin_config['policy.grant.revoke.auth.users'] = hive_user + if stack_supports_ranger_kerberos: + hive_ranger_plugin_config['ambari.service.check.user'] = policy_user + hive_ranger_plugin_repo = { 'isEnabled': 'true', 'configs': hive_ranger_plugin_config, http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py index 92eaaab..7515e9b 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py @@ -55,7 +55,7 @@ def setup_ranger_hive(upgrade_type = None): if params.xml_configurations_supported: api_version=None - if params.stack_supports_ranger_kerberos and params.security_enabled: + if params.stack_supports_ranger_kerberos: api_version='v2' from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin setup_ranger_plugin('hive-server2', 'hive', @@ -75,7 +75,7 @@ def setup_ranger_hive(upgrade_type = None): stack_version_override = stack_version, skip_if_rangeradmin_down= not params.retryAble, api_version=api_version, is_security_enabled = params.security_enabled, is_stack_supports_ranger_kerberos = params.stack_supports_ranger_kerberos, - component_user_principal=params.hive_server_principal if params.security_enabled else None, + component_user_principal=params.hive_principal if params.security_enabled else None, component_user_keytab=params.hive_server2_keytab if params.security_enabled else None) else: from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py index 12ccef6..37bd77c 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py @@ -214,7 +214,7 @@ if has_ranger_admin and is_supported_kafka_ranger: if stack_supports_ranger_kerberos and security_enabled: ranger_plugin_config['policy.download.auth.users'] = kafka_user ranger_plugin_config['tag.download.auth.users'] = kafka_user - + ranger_plugin_config['ambari.service.check.user'] = policy_user #For curl command in ranger plugin to get db connector jdk_location = config['hostLevelParams']['jdk_location'] http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py index 1dd25ce..d1268a1 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py @@ -324,6 +324,9 @@ if has_ranger_admin: knox_ranger_plugin_config['policy.download.auth.users'] = knox_user knox_ranger_plugin_config['tag.download.auth.users'] = knox_user + if stack_supports_ranger_kerberos: + knox_ranger_plugin_config['ambari.service.check.user'] = policy_user + knox_ranger_plugin_repo = { 'isEnabled': 'true', 'configs': knox_ranger_plugin_config, http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py index c5f8940..64e2060 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py @@ -56,7 +56,7 @@ def setup_ranger_knox(upgrade_type=None): if params.xml_configurations_supported: api_version=None - if params.stack_supports_ranger_kerberos and params.security_enabled: + if params.stack_supports_ranger_kerberos: api_version='v2' from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin setup_ranger_plugin('knox-server', 'knox', http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py index d715a25..c935fb3 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/params_linux.py @@ -291,6 +291,7 @@ if has_ranger_admin: if stack_supports_ranger_kerberos and security_enabled: storm_ranger_plugin_config['policy.download.auth.users'] = storm_user storm_ranger_plugin_config['tag.download.auth.users'] = storm_user + storm_ranger_plugin_config['ambari.service.check.user'] = policy_user storm_ranger_plugin_repo = { 'isEnabled': 'true', http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py index ba4c777..1dd85e9 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1/package/scripts/setup_ranger_storm.py @@ -57,8 +57,7 @@ def setup_ranger_storm(upgrade_type=None): if params.xml_configurations_supported: api_version=None - if params.stack_supports_ranger_kerberos and params.security_enabled: - Logger.info('setting stack_version as v2') + if params.stack_supports_ranger_kerberos: api_version='v2' from resource_management.libraries.functions.setup_ranger_plugin_xml import setup_ranger_plugin setup_ranger_plugin('storm-nimbus', 'storm', http://git-wip-us.apache.org/repos/asf/ambari/blob/862d5b36/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py index cf01965..3306cf2 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py @@ -415,6 +415,9 @@ if has_ranger_admin: 'assetType': '1' } + if stack_supports_ranger_kerberos: + ranger_plugin_config['ambari.service.check.user'] = policy_user + if stack_supports_ranger_kerberos and security_enabled: ranger_plugin_config['policy.download.auth.users'] = yarn_user ranger_plugin_config['tag.download.auth.users'] = yarn_user