AMBARI-20733. /var/log/krb5kdc.log is growing rapidly on the KDC server (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/712b3d21 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/712b3d21 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/712b3d21 Branch: refs/heads/branch-2.5 Commit: 712b3d21c12aec99899cffd54a694b4bcb64dd93 Parents: 951bf19 Author: Eugene Chekanskiy <echekans...@hortonworks.com> Authored: Fri Apr 21 17:52:18 2017 +0300 Committer: Eugene Chekanskiy <echekans...@hortonworks.com> Committed: Fri Apr 21 17:52:18 2017 +0300 ---------------------------------------------------------------------- .../src/main/python/ambari_agent/ActionQueue.py | 9 +- .../ambari_agent/CustomServiceOrchestrator.py | 33 +----- .../test/python/ambari_agent/TestActionQueue.py | 13 +-- .../TestCustomServiceOrchestrator.py | 51 -------- .../libraries/script/script.py | 16 --- .../ambari/server/agent/ComponentStatus.java | 28 +---- .../ambari/server/agent/HeartbeatProcessor.java | 22 ---- .../package/scripts/accumulo_script.py | 50 -------- .../0.1.0/package/scripts/metrics_collector.py | 66 +---------- .../package/scripts/metadata_server.py | 78 ------------- .../0.5.0.2.1/package/scripts/falcon_client.py | 10 -- .../0.5.0.2.1/package/scripts/falcon_server.py | 59 ---------- .../0.96.0.2.0/package/scripts/hbase_master.py | 49 -------- .../package/scripts/hbase_regionserver.py | 49 -------- .../package/scripts/phoenix_queryserver.py | 6 +- .../HDFS/2.1.0.2.0/package/scripts/datanode.py | 58 --------- .../2.1.0.2.0/package/scripts/hdfs_client.py | 45 ------- .../2.1.0.2.0/package/scripts/journalnode.py | 57 --------- .../HDFS/2.1.0.2.0/package/scripts/namenode.py | 57 --------- .../2.1.0.2.0/package/scripts/nfsgateway.py | 58 --------- .../HDFS/2.1.0.2.0/package/scripts/snamenode.py | 60 ---------- .../2.1.0.2.0/package/scripts/zkfc_slave.py | 43 ------- .../package/scripts/hive_metastore.py | 52 --------- .../0.12.0.2.0/package/scripts/hive_server.py | 61 ---------- .../package/scripts/hive_server_interactive.py | 61 ---------- .../package/scripts/webhcat_server.py | 67 ----------- .../package/scripts/kerberos_client.py | 21 ---- .../0.5.0.2.2/package/scripts/knox_gateway.py | 61 ---------- .../4.0.0.2.0/package/scripts/oozie_server.py | 63 ---------- .../STORM/0.9.1/package/scripts/drpc_server.py | 52 --------- .../STORM/0.9.1/package/scripts/nimbus.py | 45 ------- .../STORM/0.9.1/package/scripts/pacemaker.py | 52 --------- .../STORM/0.9.1/package/scripts/ui_server.py | 53 --------- .../scripts/application_timeline_server.py | 61 ---------- .../2.1.0.2.0/package/scripts/historyserver.py | 56 --------- .../2.1.0.2.0/package/scripts/nodemanager.py | 60 ---------- .../package/scripts/resourcemanager.py | 60 ---------- .../3.4.5/package/scripts/zookeeper_server.py | 51 -------- .../KERBEROS/package/scripts/kerberos_client.py | 21 ---- .../server/agent/HeartbeatProcessorTest.java | 10 +- .../server/agent/TestHeartbeatHandler.java | 13 --- .../stacks/2.0.6/HBASE/test_hbase_master.py | 102 ---------------- .../2.0.6/HBASE/test_hbase_regionserver.py | 104 ----------------- .../python/stacks/2.0.6/HDFS/test_datanode.py | 111 ------------------ .../stacks/2.0.6/HDFS/test_hdfs_client.py | 100 ---------------- .../stacks/2.0.6/HDFS/test_journalnode.py | 114 ------------------ .../python/stacks/2.0.6/HDFS/test_namenode.py | 114 ------------------ .../python/stacks/2.0.6/HDFS/test_nfsgateway.py | 116 ------------------ .../python/stacks/2.0.6/HDFS/test_snamenode.py | 117 +------------------ .../test/python/stacks/2.0.6/HDFS/test_zkfc.py | 100 ---------------- .../stacks/2.0.6/HIVE/test_hive_server.py | 112 ------------------ .../stacks/2.0.6/HIVE/test_webhcat_server.py | 116 ------------------ .../stacks/2.0.6/OOZIE/test_oozie_server.py | 113 ------------------ .../stacks/2.0.6/YARN/test_historyserver.py | 106 ----------------- .../stacks/2.0.6/YARN/test_nodemanager.py | 109 ----------------- .../stacks/2.0.6/YARN/test_resourcemanager.py | 108 ----------------- .../2.0.6/ZOOKEEPER/test_zookeeper_server.py | 103 ---------------- .../stacks/2.1/FALCON/test_falcon_client.py | 24 ---- .../stacks/2.1/FALCON/test_falcon_server.py | 109 ----------------- .../stacks/2.1/HIVE/test_hive_metastore.py | 113 ------------------ .../stacks/2.1/STORM/test_storm_drpc_server.py | 104 ----------------- .../stacks/2.1/STORM/test_storm_nimbus.py | 103 ---------------- .../stacks/2.1/STORM/test_storm_ui_server.py | 82 ------------- .../stacks/2.1/YARN/test_apptimelineserver.py | 110 ----------------- .../python/stacks/2.2/KNOX/test_knox_gateway.py | 102 ---------------- .../stacks/2.5/ATLAS/test_atlas_server.py | 42 ------- 66 files changed, 13 insertions(+), 4358 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-agent/src/main/python/ambari_agent/ActionQueue.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/python/ambari_agent/ActionQueue.py b/ambari-agent/src/main/python/ambari_agent/ActionQueue.py index 75880c6..1eda5c2 100644 --- a/ambari-agent/src/main/python/ambari_agent/ActionQueue.py +++ b/ambari-agent/src/main/python/ambari_agent/ActionQueue.py @@ -498,16 +498,14 @@ class ActionQueue(threading.Thread): def execute_status_command_and_security_status(self, command): component_status_result = self.customServiceOrchestrator.requestComponentStatus(command) - component_security_status_result = self.customServiceOrchestrator.requestComponentSecurityState(command) - - return command, component_status_result, component_security_status_result + return command, component_status_result def process_status_command_result(self, result): ''' Executes commands of type STATUS_COMMAND ''' try: - command, component_status_result, component_security_status_result = result + command, component_status_result = result cluster = command['clusterName'] service = command['serviceName'] component = command['componentName'] @@ -548,9 +546,6 @@ class ActionQueue(threading.Thread): if self.controller.recovery_manager.enabled(): result['sendExecCmdDet'] = str(request_execution_cmd) - # Add security state to the result - result['securityState'] = component_security_status_result - if component_extra is not None and len(component_extra) != 0: if component_extra.has_key('alerts'): result['alerts'] = component_extra['alerts'] http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py index e3f465f..e6523e5 100644 --- a/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py +++ b/ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py @@ -47,7 +47,6 @@ class CustomServiceOrchestrator(): SCRIPT_TYPE_PYTHON = "PYTHON" COMMAND_TYPE = "commandType" COMMAND_NAME_STATUS = "STATUS" - COMMAND_NAME_SECURITY_STATUS = "SECURITY_STATUS" CUSTOM_ACTION_COMMAND = 'ACTIONEXECUTE' CUSTOM_COMMAND_COMMAND = 'CUSTOM_COMMAND' @@ -63,7 +62,7 @@ class CustomServiceOrchestrator(): AMBARI_SERVER_PORT = "ambari_server_port" AMBARI_SERVER_USE_SSL = "ambari_server_use_ssl" - FREQUENT_COMMANDS = [COMMAND_NAME_SECURITY_STATUS, COMMAND_NAME_STATUS] + FREQUENT_COMMANDS = [COMMAND_NAME_STATUS] DONT_DEBUG_FAILURES_FOR_COMMANDS = FREQUENT_COMMANDS REFLECTIVELY_RUN_COMMANDS = FREQUENT_COMMANDS # -- commands which run a lot and often (this increases their speed) DONT_BACKUP_LOGS_FOR_COMMANDS = FREQUENT_COMMANDS @@ -471,36 +470,6 @@ class CustomServiceOrchestrator(): override_output_files=override_output_files) return res - def requestComponentSecurityState(self, command): - """ - Determines the current security state of the component - A command will be issued to trigger the security_status check and the result of this check will - returned to the caller. If the component lifecycle script has no security_status method the - check will return non zero exit code and "UNKNOWN" will be returned. - """ - override_output_files=True # by default, we override status command output - if logger.level == logging.DEBUG: - override_output_files = False - security_check_res = self.runCommand(command, self.status_commands_stdout, - self.status_commands_stderr, self.COMMAND_NAME_SECURITY_STATUS, - override_output_files=override_output_files) - result = 'UNKNOWN' - - if security_check_res is None: - logger.warn("The return value of the security_status check was empty, the security status is unknown") - elif 'exitcode' not in security_check_res: - logger.warn("Missing 'exitcode' value from the security_status check result, the security status is unknown") - elif security_check_res['exitcode'] != 0: - logger.debug("The 'exitcode' value from the security_status check result indicated the check routine failed to properly execute, the security status is unknown") - elif 'structuredOut' not in security_check_res: - logger.warn("Missing 'structuredOut' value from the security_status check result, the security status is unknown") - elif 'securityState' not in security_check_res['structuredOut']: - logger.warn("Missing 'securityState' value from the security_status check structuredOut data set, the security status is unknown") - else: - result = security_check_res['structuredOut']['securityState'] - - return result - def resolve_script_path(self, base_dir, script): """ Encapsulates logic of script location determination. http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py b/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py index ab46f96..faa9b81 100644 --- a/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py +++ b/ambari-agent/src/test/python/ambari_agent/TestActionQueue.py @@ -988,12 +988,11 @@ class TestActionQueue(TestCase): dummy_controller.recovery_manager = RecoveryManager(tempfile.mktemp()) - result = (self.status_command, {'exitcode': 0 }, 'UNKNOWN') + result = (self.status_command, {'exitcode': 0 }) actionQueue.process_status_command_result(result) report = actionQueue.result() - expected = {'dummy report': '', - 'securityState' : 'UNKNOWN'} + expected = {'dummy report': ''} self.assertEqual(len(report['componentStatus']), 1) self.assertEqual(report['componentStatus'][0], expected) @@ -1019,12 +1018,11 @@ class TestActionQueue(TestCase): dummy_controller.recovery_manager = RecoveryManager(tempfile.mktemp(), True, False) - result = (self.status_command, {'exitcode': 0 }, 'UNKNOWN') + result = (self.status_command, {'exitcode': 0 }) actionQueue.process_status_command_result(result) report = actionQueue.result() expected = {'dummy report': '', - 'securityState' : 'UNKNOWN', 'sendExecCmdDet': 'True'} self.assertEqual(len(report['componentStatus']), 1) @@ -1033,12 +1031,11 @@ class TestActionQueue(TestCase): requires_recovery_mock.return_value = True command_exists_mock.return_value = True - result = (self.status_command, {'exitcode': 0 }, 'UNKNOWN') + result = (self.status_command, {'exitcode': 0 }) actionQueue.process_status_command_result(result) report = actionQueue.result() expected = {'dummy report': '', - 'securityState' : 'UNKNOWN', 'sendExecCmdDet': 'False'} self.assertEqual(len(report['componentStatus']), 1) @@ -1062,7 +1059,7 @@ class TestActionQueue(TestCase): 'structuredOut': {'alerts': [ {'name': 'flume_alert'} ] } } - result = (self.status_command_for_alerts, command_return_value, command_return_value) + result = (self.status_command_for_alerts, command_return_value) build_mock.return_value = {'somestatusresult': 'aresult'} http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py index 3985c5a..601255b 100644 --- a/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py +++ b/ambari-agent/src/test/python/ambari_agent/TestCustomServiceOrchestrator.py @@ -551,57 +551,6 @@ class TestCustomServiceOrchestrator(TestCase): status = orchestrator.requestComponentStatus(status_command) self.assertEqual(runCommand_mock.return_value, status) - @patch.object(CustomServiceOrchestrator, "runCommand") - @patch.object(FileCache, "__init__") - def test_requestComponentSecurityState(self, FileCache_mock, runCommand_mock): - FileCache_mock.return_value = None - status_command = { - "serviceName" : 'HDFS', - "commandType" : "STATUS_COMMAND", - "clusterName" : "", - "componentName" : "DATANODE", - 'configurations':{} - } - dummy_controller = MagicMock() - orchestrator = CustomServiceOrchestrator(self.config, dummy_controller) - # Test securityState - runCommand_mock.return_value = { - 'exitcode' : 0, - 'structuredOut' : {'securityState': 'UNSECURED'} - } - - status = orchestrator.requestComponentSecurityState(status_command) - self.assertEqual('UNSECURED', status) - - # Test case where exit code indicates failure - runCommand_mock.return_value = { - "exitcode" : 1 - } - status = orchestrator.requestComponentSecurityState(status_command) - self.assertEqual('UNKNOWN', status) - - @patch.object(FileCache, "__init__") - def test_requestComponentSecurityState_realFailure(self, FileCache_mock): - ''' - Tests the case where the CustomServiceOrchestrator attempts to call a service's security_status - method, but fails to do so because the script or method was not found. - :param FileCache_mock: - :return: - ''' - FileCache_mock.return_value = None - status_command = { - "serviceName" : 'BOGUS_SERVICE', - "commandType" : "STATUS_COMMAND", - "clusterName" : "", - "componentName" : "DATANODE", - 'configurations':{} - } - dummy_controller = MagicMock() - orchestrator = CustomServiceOrchestrator(self.config, dummy_controller) - - status = orchestrator.requestComponentSecurityState(status_command) - self.assertEqual('UNKNOWN', status) - @patch.object(CustomServiceOrchestrator, "get_py_executor") @patch.object(CustomServiceOrchestrator, "dump_command_to_json") http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-common/src/main/python/resource_management/libraries/script/script.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/script/script.py b/ambari-common/src/main/python/resource_management/libraries/script/script.py index a7450e0..e329236 100644 --- a/ambari-common/src/main/python/resource_management/libraries/script/script.py +++ b/ambari-common/src/main/python/resource_management/libraries/script/script.py @@ -843,22 +843,6 @@ class Script(object): """ self.fail_with_error('configure method isn\'t implemented') - def security_status(self, env): - """ - To be overridden by subclasses to provide the current security state of the component. - Implementations are required to set the "securityState" property of the structured out data set - to one of the following values: - - UNSECURED - If the component is not configured for any security protocol such as - Kerberos - SECURED_KERBEROS - If the component is configured for Kerberos - UNKNOWN - If the security state cannot be determined - ERROR - If the component is supposed to be secured, but there are issues with the - configuration. For example, if the component is configured for Kerberos - but the configured principal and keytab file fail to kinit - """ - self.put_structured_out({"securityState": "UNKNOWN"}) - def generate_configs_get_template_file_content(self, filename, dicts): config = self.get_config() content = '' http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java index 5591ae8..68e1734 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/ComponentStatus.java @@ -28,12 +28,6 @@ public class ComponentStatus { private String msg; private String status; - /** - * A String declaring the component's security state - * - * @see org.apache.ambari.server.state.SecurityState - */ - private String securityState; private String sendExecCmdDet = "False"; private String serviceName; @@ -74,26 +68,6 @@ public class ComponentStatus { this.status = status; } - /** - * Gets the relevant component's security state. - * - * @return a String declaring this component's security state - * @see org.apache.ambari.server.state.SecurityState - */ - public String getSecurityState() { - return securityState; - } - - /** - * Sets the relevant component's security state. - * - * @param securityState a String declaring this component's security state - * @see org.apache.ambari.server.state.SecurityState - */ - public void setSecurityState(String securityState) { - this.securityState = securityState; - } - public String getStackVersion() { return stackVersion; } @@ -158,7 +132,7 @@ public class ComponentStatus { @Override public String toString() { return "ComponentStatus [componentName=" + componentName + ", msg=" + msg - + ", status=" + status + ", securityState=" + securityState + + ", status=" + status + ", serviceName=" + serviceName + ", clusterName=" + clusterName + ", stackVersion=" + stackVersion + ", configurationTags=" + configurationTags + ", extra=" + extra + "]"; http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java index 8f4782e..222f201 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java @@ -19,8 +19,6 @@ package org.apache.ambari.server.agent; import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; @@ -58,7 +56,6 @@ import org.apache.ambari.server.state.ComponentInfo; import org.apache.ambari.server.state.Host; import org.apache.ambari.server.state.HostHealthStatus; import org.apache.ambari.server.state.MaintenanceState; -import org.apache.ambari.server.state.SecurityState; import org.apache.ambari.server.state.Service; import org.apache.ambari.server.state.ServiceComponent; import org.apache.ambari.server.state.ServiceComponentHost; @@ -618,25 +615,6 @@ public class HeartbeatProcessor extends AbstractService{ } } - SecurityState prevSecurityState = scHost.getSecurityState(); - SecurityState currentSecurityState = SecurityState.valueOf(status.getSecurityState()); - if((prevSecurityState != currentSecurityState)) { - if(prevSecurityState.isEndpoint()) { - scHost.setSecurityState(currentSecurityState); - LOG.info(String.format("Security of service component %s of service %s of cluster %s " + - "has changed from %s to %s on host %s", - componentName, status.getServiceName(), status.getClusterName(), prevSecurityState, - currentSecurityState, hostname)); - } - else { - LOG.debug(String.format("Security of service component %s of service %s of cluster %s " + - "has changed from %s to %s on host %s but will be ignored since %s is a " + - "transitional state", - componentName, status.getServiceName(), status.getClusterName(), - prevSecurityState, currentSecurityState, hostname, prevSecurityState)); - } - } - if (null != status.getStackVersion() && !status.getStackVersion().isEmpty()) { scHost.setStackVersion(gson.fromJson(status.getStackVersion(), StackId.class)); } http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py index 0c5cee9..ebd418d 100644 --- a/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py +++ b/ambari-server/src/main/resources/common-services/ACCUMULO/1.6.1.2.2.0/package/scripts/accumulo_script.py @@ -119,56 +119,6 @@ class AccumuloScript(Script): # some accumulo components depend on the client, so update that too stack_select.select("accumulo-client", params.version) - - - def security_status(self, env): - import status_params - - env.set_params(status_params) - - props_value_check = {} - props_empty_check = ['general.kerberos.keytab', - 'general.kerberos.principal'] - props_read_check = ['general.kerberos.keytab'] - accumulo_site_expectations = build_expectations('accumulo-site', - props_value_check, props_empty_check, props_read_check) - - accumulo_expectations = {} - accumulo_expectations.update(accumulo_site_expectations) - - security_params = get_params_from_filesystem(status_params.conf_dir, - {'accumulo-site.xml': FILE_TYPE_XML}) - - result_issues = validate_security_config_properties(security_params, accumulo_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'accumulo-site' not in security_params - or 'general.kerberos.keytab' not in security_params['accumulo-site'] - or 'general.kerberos.principal' not in security_params['accumulo-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.accumulo_user, - security_params['accumulo-site']['general.kerberos.keytab'], - security_params['accumulo-site']['general.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir, - 30) - - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py index 99df380..2158e72 100644 --- a/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py +++ b/ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/metrics_collector.py @@ -73,71 +73,7 @@ class AmsCollector(Script): @OsFamilyImpl(os_family=OsFamilyImpl.DEFAULT) class AmsCollectorDefault(AmsCollector): - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hbase.security.authentication": "kerberos", - "hbase.security.authorization": "true"} - - props_empty_check = ["hbase.zookeeper.property.authProvider.1", - "hbase.master.keytab.file", - "hbase.master.kerberos.principal", - "hbase.regionserver.keytab.file", - "hbase.regionserver.kerberos.principal" - ] - props_read_check = ['hbase.master.keytab.file', 'hbase.regionserver.keytab.file'] - ams_hbase_site_expectations = build_expectations('hbase-site', props_value_check, - props_empty_check, - props_read_check) - - expectations = {} - expectations.update(ams_hbase_site_expectations) - - security_params = get_params_from_filesystem(status_params.ams_hbase_conf_dir, - {'hbase-site.xml': FILE_TYPE_XML}) - - # In case of blueprint deployment security_status might be called before AMS collector is installed. - if ('hbase-site' not in security_params or 'hbase.cluster.distributed' not in security_params['hbase-site']) : - self.put_structured_out({"securityState": "UNKNOWN"}) - return - - is_hbase_distributed = security_params['hbase-site']['hbase.cluster.distributed'] - # for embedded mode, when HBase is backed by file, security state is SECURED_KERBEROS by definition when cluster is secured - if status_params.security_enabled and not is_hbase_distributed: - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - return - - result_issues = validate_security_config_properties(security_params, expectations) - - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hbase-site' not in security_params or - 'hbase.master.keytab.file' not in security_params['hbase-site'] or - 'hbase.master.kerberos.principal' not in security_params['hbase-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hbase_user, - security_params['hbase-site']['hbase.master.keytab.file'], - security_params['hbase-site']['hbase.master.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % ( - cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) + pass @OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY) http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py index d79ba3d..38f9a41 100644 --- a/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py +++ b/ambari-server/src/main/resources/common-services/ATLAS/0.1.0.2.3/package/scripts/metadata_server.py @@ -166,84 +166,6 @@ class MetadataServer(Script): env.set_params(status_params) check_process_status(status_params.pid_file) - def security_status(self, env): - import status_params - - env.set_params(status_params) - - file_name_key = 'applicaton' - props_value_check = {'atlas.authentication.method': 'kerberos', - 'atlas.http.authentication.enabled': 'true', - 'atlas.http.authentication.type': 'kerberos'} - props_empty_check = ['atlas.authentication.principal', - 'atlas.authentication.keytab', - 'atlas.http.authentication.kerberos.principal', - 'atlas.http.authentication.kerberos.keytab'] - props_read_check = ['atlas.authentication.keytab', - 'atlas.http.authentication.kerberos.keytab'] - - if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, status_params.version_for_stack_feature_checks): - file_name_key = 'atlas-application' - props_value_check = {'atlas.authentication.method.kerberos': 'true', - 'atlas.solr.kerberos.enable': 'true'} - props_empty_check = ['atlas.authentication.principal', - 'atlas.authentication.keytab', - 'atlas.authentication.method.kerberos.principal', - 'atlas.authentication.method.kerberos.keytab'] - props_read_check = ['atlas.authentication.keytab', - 'atlas.authentication.method.kerberos.keytab'] - - atlas_site_expectations = build_expectations(file_name_key, - props_value_check, - props_empty_check, - props_read_check) - - atlas_expectations = {} - atlas_expectations.update(atlas_site_expectations) - - security_params = get_params_from_filesystem(status_params.conf_dir, - {status_params.conf_file: FILE_TYPE_PROPERTIES}) - result_issues = validate_security_config_properties(security_params, atlas_expectations) - - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( file_name_key not in security_params - or 'atlas.authentication.keytab' not in security_params[file_name_key] - or 'atlas.authentication.principal' not in security_params[file_name_key]): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Atlas service keytab file or principal are not set property."}) - return - - if check_stack_feature(StackFeature.ATLAS_UPGRADE_SUPPORT, status_params.version_for_stack_feature_checks): - if ( file_name_key not in security_params - or 'atlas.authentication.method.kerberos.keytab' not in security_params[file_name_key] - or 'atlas.authentication.method.kerberos.principal' not in security_params[file_name_key]): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Method Authentication keytab file or principal are not set property."}) - return - else: - if ( file_name_key not in security_params - or 'atlas.http.authentication.kerberos.keytab' not in security_params[file_name_key] - or 'atlas.http.authentication.kerberos.principal' not in security_params[file_name_key]): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "HTTP Authentication keytab file or principal are not set property."}) - return - - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py index 924ab29..365f661 100644 --- a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py +++ b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_client.py @@ -59,16 +59,6 @@ class FalconClientLinux(FalconClient): conf_select.select(params.stack_name, "falcon", params.version) stack_select.select("falcon-client", params.version) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - - @OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY) class FalconClientWindows(FalconClient): def install(self, env): http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py index a5bd982..5b2db44 100644 --- a/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py +++ b/ambari-server/src/main/resources/common-services/FALCON/0.5.0.2.1/package/scripts/falcon_server.py @@ -89,65 +89,6 @@ class FalconServerLinux(FalconServer): falcon_server_upgrade.pre_start_restore() - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"*.falcon.authentication.type": "kerberos", - "*.falcon.http.authentication.type": "kerberos"} - props_empty_check = ["*.falcon.service.authentication.kerberos.principal", - "*.falcon.service.authentication.kerberos.keytab", - "*.falcon.http.authentication.kerberos.principal", - "*.falcon.http.authentication.kerberos.keytab"] - props_read_check = ["*.falcon.service.authentication.kerberos.keytab", - "*.falcon.http.authentication.kerberos.keytab"] - falcon_startup_props = build_expectations('startup', props_value_check, props_empty_check, - props_read_check) - - falcon_expectations ={} - falcon_expectations.update(falcon_startup_props) - - security_params = get_params_from_filesystem('/etc/falcon/conf', - {'startup.properties': FILE_TYPE_PROPERTIES}) - result_issues = validate_security_config_properties(security_params, falcon_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'startup' not in security_params - or '*.falcon.service.authentication.kerberos.keytab' not in security_params['startup'] - or '*.falcon.service.authentication.kerberos.principal' not in security_params['startup']) \ - or '*.falcon.http.authentication.kerberos.keytab' not in security_params['startup'] \ - or '*.falcon.http.authentication.kerberos.principal' not in security_params['startup']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.falcon_user, - security_params['startup']['*.falcon.service.authentication.kerberos.keytab'], - security_params['startup']['*.falcon.service.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.falcon_user, - security_params['startup']['*.falcon.http.authentication.kerberos.keytab'], - security_params['startup']['*.falcon.http.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.falcon_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py index b15be5b..30674a8 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_master.py @@ -95,55 +95,6 @@ class HbaseMasterDefault(HbaseMaster): env.set_params(status_params) pid_file = format("{pid_dir}/hbase-{hbase_user}-master.pid") check_process_status(pid_file) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hbase.security.authentication" : "kerberos", - "hbase.security.authorization": "true"} - props_empty_check = ['hbase.master.keytab.file', - 'hbase.master.kerberos.principal'] - props_read_check = ['hbase.master.keytab.file'] - hbase_site_expectations = build_expectations('hbase-site', props_value_check, props_empty_check, - props_read_check) - - hbase_expectations = {} - hbase_expectations.update(hbase_site_expectations) - - security_params = get_params_from_filesystem(status_params.hbase_conf_dir, - {'hbase-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hbase_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'hbase-site' not in security_params - or 'hbase.master.keytab.file' not in security_params['hbase-site'] - or 'hbase.master.kerberos.principal' not in security_params['hbase-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hbase_user, - security_params['hbase-site']['hbase.master.keytab.file'], - security_params['hbase-site']['hbase.master.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py index 370167b..9194991 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/hbase_regionserver.py @@ -105,55 +105,6 @@ class HbaseRegionServerDefault(HbaseRegionServer): pid_file = format("{pid_dir}/hbase-{hbase_user}-regionserver.pid") check_process_status(pid_file) - def security_status(self, env): - import status_params - - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hbase.security.authentication" : "kerberos", - "hbase.security.authorization": "true"} - props_empty_check = ['hbase.regionserver.keytab.file', - 'hbase.regionserver.kerberos.principal'] - props_read_check = ['hbase.regionserver.keytab.file'] - hbase_site_expectations = build_expectations('hbase-site', props_value_check, props_empty_check, - props_read_check) - - hbase_expectations = {} - hbase_expectations.update(hbase_site_expectations) - - security_params = get_params_from_filesystem(status_params.hbase_conf_dir, - {'hbase-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hbase_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'hbase-site' not in security_params - or 'hbase.regionserver.keytab.file' not in security_params['hbase-site'] - or 'hbase.regionserver.kerberos.principal' not in security_params['hbase-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hbase_user, - security_params['hbase-site']['hbase.regionserver.keytab.file'], - security_params['hbase-site']['hbase.regionserver.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py index 82113e9..b1bdb78 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/phoenix_queryserver.py @@ -71,10 +71,6 @@ class PhoenixQueryServer(Script): import status_params env.set_params(status_params) phoenix_service('status') - - - def security_status(self, env): - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params @@ -85,4 +81,4 @@ class PhoenixQueryServer(Script): return params.hbase_user if __name__ == "__main__": - PhoenixQueryServer().execute() \ No newline at end of file + PhoenixQueryServer().execute() http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py index f174987..c7b813f 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/datanode.py @@ -142,64 +142,6 @@ class DataNodeDefault(DataNode): hdfs_binary = self.get_hdfs_binary() # ensure the DataNode has started and rejoined the cluster datanode_upgrade.post_upgrade_check(hdfs_binary) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['dfs.datanode.keytab.file', - 'dfs.datanode.kerberos.principal'] - props_read_check = ['dfs.datanode.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hdfs-site' not in security_params or - 'dfs.datanode.keytab.file' not in security_params['hdfs-site'] or - 'dfs.datanode.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['dfs.datanode.keytab.file'], - security_params['hdfs-site']['dfs.datanode.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py index 95d1603..87a6f52 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/hdfs_client.py @@ -67,51 +67,6 @@ class HdfsClientDefault(HdfsClient): conf_select.select(params.stack_name, "hadoop", params.version) stack_select.select("hadoop-client", params.version) - def security_status(self, env): - import status_params - env.set_params(status_params) - - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - hdfs_expectations ={} - hdfs_expectations.update(core_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML}) - - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - if status_params.hdfs_user_principal or status_params.hdfs_user_keytab: - try: - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - status_params.hdfs_user_keytab, - status_params.hdfs_user_principal, - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out({"securityIssuesFound": "hdfs principal and/or keytab file is not specified"}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - - else: - self.put_structured_out({"securityState": "UNSECURED"}) - @OsFamilyImpl(os_family=OSConst.WINSRV_FAMILY) class HdfsClientWindows(HdfsClient): def install(self, env): http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py index efee103..0805ff4 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/journalnode.py @@ -104,63 +104,6 @@ class JournalNodeDefault(JournalNode): env.set_params(status_params) check_process_status(status_params.journalnode_pid_file) - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - - props_value_check = None - props_empty_check = ['dfs.journalnode.keytab.file', - 'dfs.journalnode.kerberos.principal'] - props_read_check = ['dfs.journalnode.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(hdfs_site_expectations) - hdfs_expectations.update(core_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML}) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hdfs-site' not in security_params or - 'dfs.journalnode.kerberos.keytab.file' not in security_params['hdfs-site'] or - 'dfs.journalnode.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['dfs.journalnode.kerberos.keytab.file'], - security_params['hdfs-site']['dfs.journalnode.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def get_log_folder(self): import params return params.hdfs_log_dir http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py index 350e704..9a9f9ca 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/namenode.py @@ -216,63 +216,6 @@ class NameNodeDefault(NameNode): try_sleep=10 ) - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['dfs.namenode.kerberos.internal.spnego.principal', - 'dfs.namenode.keytab.file', - 'dfs.namenode.kerberos.principal'] - props_read_check = ['dfs.namenode.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ( 'hdfs-site' not in security_params - or 'dfs.namenode.keytab.file' not in security_params['hdfs-site'] - or 'dfs.namenode.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['dfs.namenode.keytab.file'], - security_params['hdfs-site']['dfs.namenode.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def rebalancehdfs(self, env): import params env.set_params(params) http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py index 770df59..03a497a 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/nfsgateway.py @@ -76,64 +76,6 @@ class NFSGateway(Script): env.set_params(status_params) check_process_status(status_params.nfsgateway_pid_file) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['nfs.keytab.file', - 'nfs.kerberos.principal'] - props_read_check = ['nfs.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hdfs-site' not in security_params or - 'nfs.keytab.file' not in security_params['hdfs-site'] or - 'nfs.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['nfs.keytab.file'], - security_params['hdfs-site'][ - 'nfs.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py index 30eee07..ac45ffd 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/snamenode.py @@ -75,66 +75,6 @@ class SNameNodeDefault(SNameNode): if params.version and check_stack_feature(StackFeature.ROLLING_UPGRADE, params.version): conf_select.select(params.stack_name, "hadoop", params.version) stack_select.select("hadoop-hdfs-secondarynamenode", params.version) - - def security_status(self, env): - import status_params - - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - props_value_check = None - props_empty_check = ['dfs.secondary.namenode.kerberos.internal.spnego.principal', - 'dfs.secondary.namenode.keytab.file', - 'dfs.secondary.namenode.kerberos.principal'] - props_read_check = ['dfs.secondary.namenode.keytab.file'] - hdfs_site_expectations = build_expectations('hdfs-site', props_value_check, props_empty_check, - props_read_check) - - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - hdfs_expectations.update(hdfs_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML, - 'hdfs-site.xml': FILE_TYPE_XML}) - - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if ('hdfs-site' not in security_params or - 'dfs.secondary.namenode.keytab.file' not in security_params['hdfs-site'] or - 'dfs.secondary.namenode.kerberos.principal' not in security_params['hdfs-site']): - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out( - {"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - security_params['hdfs-site']['dfs.secondary.namenode.keytab.file'], - security_params['hdfs-site'][ - 'dfs.secondary.namenode.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) def get_log_folder(self): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py index 74b72c7..dff1548 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/zkfc_slave.py @@ -119,49 +119,6 @@ class ZkfcSlaveDefault(ZkfcSlave): env.set_params(status_params) check_process_status(status_params.zkfc_pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - props_value_check = {"hadoop.security.authentication": "kerberos", - "hadoop.security.authorization": "true"} - props_empty_check = ["hadoop.security.auth_to_local"] - props_read_check = None - core_site_expectations = build_expectations('core-site', props_value_check, props_empty_check, - props_read_check) - hdfs_expectations = {} - hdfs_expectations.update(core_site_expectations) - - security_params = get_params_from_filesystem(status_params.hadoop_conf_dir, - {'core-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hdfs_expectations) - if 'core-site' in security_params and 'hadoop.security.authentication' in security_params['core-site'] and \ - security_params['core-site']['hadoop.security.authentication'].lower() == 'kerberos': - if not result_issues: # If all validations passed successfully - if status_params.hdfs_user_principal or status_params.hdfs_user_keytab: - try: - cached_kinit_executor(status_params.kinit_path_local, - status_params.hdfs_user, - status_params.hdfs_user_keytab, - status_params.hdfs_user_principal, - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - self.put_structured_out( - {"securityIssuesFound": "hdfs principal and/or keytab file is not specified"}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def disable_security(self, env): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py index 79d886d..db7bb4a 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py @@ -114,58 +114,6 @@ class HiveMetastoreDefault(HiveMetastore): check_stack_feature(StackFeature.HIVE_METASTORE_UPGRADE_SCHEMA, params.stack_version_formatted_major): self.upgrade_schema(env) - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.metastore.kerberos.keytab.file", - "hive.metastore.kerberos.principal"] - - props_read_check = ["hive.metastore.kerberos.keytab.file"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.metastore.kerberos.keytab.file' not in security_params['hive-site'] \ - or 'hive.metastore.kerberos.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.metastore.kerberos.keytab.file'], - security_params['hive-site']['hive.metastore.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - - def upgrade_schema(self, env): """ Executes the schema upgrade binary. This is its own function because it could http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py index 63f8da1..8f7d068 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py @@ -136,67 +136,6 @@ class HiveServerDefault(HiveServer): if resource_created: params.HdfsResource(None, action="execute") - - def security_status(self, env): - import status_params - env.set_params(status_params) - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.kerberos.principal", - "hive.server2.authentication.spnego.principal", - "hive.server2.authentication.spnego.keytab"] - - props_read_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.spnego.keytab"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.kerberos.keytab'], - security_params['hive-site']['hive.server2.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.spnego.keytab'], - security_params['hive-site']['hive.server2.authentication.spnego.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def _base_node(self, path): if not path.startswith('/'): path = '/' + path http://git-wip-us.apache.org/repos/asf/ambari/blob/712b3d21/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py index efd5c7e..bb8fbfa 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server_interactive.py @@ -153,67 +153,6 @@ class HiveServerInteractiveDefault(HiveServerInteractive): # Recursively check all existing gmetad pid files check_process_status(pid_file) - def security_status(self, env): - import status_params - env.set_params(status_params) - - if status_params.security_enabled: - props_value_check = {"hive.server2.authentication": "KERBEROS", - "hive.metastore.sasl.enabled": "true", - "hive.security.authorization.enabled": "true"} - props_empty_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.kerberos.principal", - "hive.server2.authentication.spnego.principal", - "hive.server2.authentication.spnego.keytab"] - - props_read_check = ["hive.server2.authentication.kerberos.keytab", - "hive.server2.authentication.spnego.keytab"] - hive_site_props = build_expectations('hive-site', props_value_check, props_empty_check, - props_read_check) - - hive_expectations ={} - hive_expectations.update(hive_site_props) - - security_params = get_params_from_filesystem(status_params.hive_server_interactive_conf_dir, - {'hive-site.xml': FILE_TYPE_XML}) - result_issues = validate_security_config_properties(security_params, hive_expectations) - if not result_issues: # If all validations passed successfully - try: - # Double check the dict before calling execute - if 'hive-site' not in security_params \ - or 'hive.server2.authentication.kerberos.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.kerberos.principal' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.keytab' not in security_params['hive-site'] \ - or 'hive.server2.authentication.spnego.principal' not in security_params['hive-site']: - self.put_structured_out({"securityState": "UNSECURED"}) - self.put_structured_out({"securityIssuesFound": "Keytab file or principal are not set property."}) - return - - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.kerberos.keytab'], - security_params['hive-site']['hive.server2.authentication.kerberos.principal'], - status_params.hostname, - status_params.tmp_dir) - cached_kinit_executor(status_params.kinit_path_local, - status_params.hive_user, - security_params['hive-site']['hive.server2.authentication.spnego.keytab'], - security_params['hive-site']['hive.server2.authentication.spnego.principal'], - status_params.hostname, - status_params.tmp_dir) - self.put_structured_out({"securityState": "SECURED_KERBEROS"}) - except Exception as e: - self.put_structured_out({"securityState": "ERROR"}) - self.put_structured_out({"securityStateErrorInfo": str(e)}) - else: - issues = [] - for cf in result_issues: - issues.append("Configuration file %s did not pass the validation. Reason: %s" % (cf, result_issues[cf])) - self.put_structured_out({"securityIssuesFound": ". ".join(issues)}) - self.put_structured_out({"securityState": "UNSECURED"}) - else: - self.put_structured_out({"securityState": "UNSECURED"}) - def restart_llap(self, env): """ Custom command to Restart LLAP