AMBARI-20611. Add disable security option to infra-solr-client (oleewere)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f6972cbd Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f6972cbd Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f6972cbd Branch: refs/heads/branch-dev-logsearch Commit: f6972cbde880213496dee6a6d3cfcd8c6396cc19 Parents: 0903309 Author: oleewere <oleew...@gmail.com> Authored: Tue Mar 28 22:10:49 2017 +0200 Committer: oleewere <oleew...@gmail.com> Committed: Wed Mar 29 12:26:36 2017 +0200 ---------------------------------------------------------------------- ambari-infra/ambari-infra-solr-client/pom.xml | 5 +++ .../ambari/infra/solr/AmbariSolrCloudCLI.java | 17 +++++++- .../infra/solr/AmbariSolrCloudClient.java | 9 ++++ .../solr/commands/UnsecureZNodeZkCommand.java | 44 ++++++++++++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/pom.xml b/ambari-infra/ambari-infra-solr-client/pom.xml index 1a3733a..8cb2248 100644 --- a/ambari-infra/ambari-infra-solr-client/pom.xml +++ b/ambari-infra/ambari-infra-solr-client/pom.xml @@ -36,6 +36,11 @@ <version>${solr.version}</version> </dependency> <dependency> + <groupId>org.apache.zookeeper</groupId> + <artifactId>zookeeper</artifactId> + <version>3.4.9</version> + </dependency> + <dependency> <groupId>commons-cli</groupId> <artifactId>commons-cli</artifactId> <version>1.3.1</version> http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java index 5cde9ea..e3a1e79 100644 --- a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java +++ b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudCLI.java @@ -49,6 +49,7 @@ public class AmbariSolrCloudCLI { private static final String SETUP_KERBEROS_PLUGIN = "setup-kerberos-plugin"; private static final String CHECK_ZNODE = "check-znode"; private static final String SECURE_ZNODE_COMMAND = "secure-znode"; + private static final String UNSECURE_ZNODE_COMMAND = "unsecure-znode"; private static final String SECURE_SOLR_ZNODE_COMMAND = "secure-solr-znode"; private static final String SECURITY_JSON_LOCATION = "security-json-location"; private static final String CMD_LINE_SYNTAX = @@ -61,6 +62,7 @@ public class AmbariSolrCloudCLI { + "\n./solrCloudCli.sh --check-znode -z host1:2181,host2:2181 -zn /ambari-solr" + "\n./solrCloudCli.sh --cluster-prop -z host1:2181,host2:2181/ambari-solr -cpn urlScheme -cpn http" + "\n./solrCloudCli.sh --secure-znode -z host1:2181,host2:2181 -zn /ambari-solr -su logsearch,atlas,ranger --jaas-file /etc/myconf/jaas_file" + + "\n./solrCloudCli.sh --unsecure-znode -z host1:2181,host2:2181 -zn /ambari-solr --jaas-file /etc/myconf/jaas_file" + "\n./solrCloudCli.sh --secure-solr-znode -z host1:2181,host2:2181 -zn /ambari-solr -su logsearch,atlas,ranger --jaas-file /etc/myconf/jaas_file" + "\n./solrCloudCli.sh --setup-kerberos-plugin -z host1:2181,host2:2181 -zn /ambari-solr --security-json-location /etc/infra-solr/conf/security.json\n"; @@ -130,6 +132,11 @@ public class AmbariSolrCloudCLI { .desc("Set acls for znode") .build(); + final Option unsecureZnodeOption = Option.builder("uz") + .longOpt(UNSECURE_ZNODE_COMMAND) + .desc("Disable security for znode") + .build(); + final Option shardNameOption = Option.builder("sn") .longOpt("shard-name") .desc("Name of the shard for create-shard command") @@ -327,6 +334,7 @@ public class AmbariSolrCloudCLI { options.addOption(configDirOption); options.addOption(collectionOption); options.addOption(secureZnodeOption); + options.addOption(unsecureZnodeOption); options.addOption(secureSolrZnodeOption); options.addOption(shardsOption); options.addOption(replicationOption); @@ -403,9 +411,12 @@ public class AmbariSolrCloudCLI { } else if (cli.hasOption("ssz")) { command = SECURE_SOLR_ZNODE_COMMAND; validateRequiredOptions(cli, command, zkConnectStringOption, znodeOption, jaasFileOption, saslUsersOption); + } else if (cli.hasOption("uz")) { + command = UNSECURE_ZNODE_COMMAND; + validateRequiredOptions(cli, command, zkConnectStringOption, znodeOption, jaasFileOption); } else { List<String> commands = Arrays.asList(CREATE_COLLECTION_COMMAND, CREATE_SHARD_COMMAND, UPLOAD_CONFIG_COMMAND, - DOWNLOAD_CONFIG_COMMAND, CONFIG_CHECK_COMMAND, SET_CLUSTER_PROP, CREATE_ZNODE, SECURE_ZNODE_COMMAND, + DOWNLOAD_CONFIG_COMMAND, CONFIG_CHECK_COMMAND, SET_CLUSTER_PROP, CREATE_ZNODE, SECURE_ZNODE_COMMAND, UNSECURE_ZNODE_COMMAND, SECURE_SOLR_ZNODE_COMMAND, CHECK_ZNODE, SETUP_KERBEROS_PLUGIN); helpFormatter.printHelp(CMD_LINE_SYNTAX, options); exit(1, String.format("One of the supported commands is required (%s)", StringUtils.join(commands, "|"))); @@ -521,6 +532,10 @@ public class AmbariSolrCloudCLI { solrCloudClient = clientBuilder.build(); solrCloudClient.secureZnode(); break; + case UNSECURE_ZNODE_COMMAND: + solrCloudClient = clientBuilder.build(); + solrCloudClient.unsecureZnode(); + break; case SECURE_SOLR_ZNODE_COMMAND: solrCloudClient = clientBuilder.build(); solrCloudClient.secureSolrZnode(); http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java index ff28664..d5d971c 100644 --- a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java +++ b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/AmbariSolrCloudClient.java @@ -30,6 +30,7 @@ import org.apache.ambari.infra.solr.commands.ListCollectionCommand; import org.apache.ambari.infra.solr.commands.SecureSolrZNodeZkCommand; import org.apache.ambari.infra.solr.commands.SecureZNodeZkCommand; import org.apache.ambari.infra.solr.commands.SetClusterPropertyZkCommand; +import org.apache.ambari.infra.solr.commands.UnsecureZNodeZkCommand; import org.apache.ambari.infra.solr.commands.UploadConfigZkCommand; import org.apache.ambari.infra.solr.commands.CheckZnodeZkCommand; import org.apache.ambari.infra.solr.util.ShardUtils; @@ -178,6 +179,14 @@ public class AmbariSolrCloudClient { } /** + * Unsecure znode + */ + public void unsecureZnode() throws Exception { + LOG.info("Disable security for znode - ", this.getZnode()); + new UnsecureZNodeZkCommand(getRetryTimes(), getInterval()).run(this); + } + + /** * Upload config set to zookeeper */ public String uploadConfiguration() throws Exception { http://git-wip-us.apache.org/repos/asf/ambari/blob/f6972cbd/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java ---------------------------------------------------------------------- diff --git a/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java new file mode 100644 index 0000000..ad61270 --- /dev/null +++ b/ambari-infra/ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/UnsecureZNodeZkCommand.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ambari.infra.solr.commands; + +import org.apache.ambari.infra.solr.AmbariSolrCloudClient; +import org.apache.ambari.infra.solr.util.AclUtils; +import org.apache.solr.common.cloud.SolrZkClient; +import org.apache.solr.common.cloud.SolrZooKeeper; +import org.apache.zookeeper.ZooDefs; +import org.apache.zookeeper.data.ACL; +import org.apache.zookeeper.data.Id; + +import java.util.ArrayList; +import java.util.List; + +public class UnsecureZNodeZkCommand extends AbstractZookeeperRetryCommand<Boolean> { + + public UnsecureZNodeZkCommand(int maxRetries, int interval) { + super(maxRetries, interval); + } + + @Override + protected Boolean executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception { + String zNode = client.getZnode(); + AclUtils.setRecursivelyOn(client.getSolrZkClient().getSolrZooKeeper(), zNode, ZooDefs.Ids.OPEN_ACL_UNSAFE); + return true; + } +}
