Repository: ambari Updated Branches: refs/heads/trunk 58d77239b -> 70f9bd620
AMBARI-20569. Configure KMS/Zookeeper settings automatically when multiple KMS are involved (alexantonenko) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/70f9bd62 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/70f9bd62 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/70f9bd62 Branch: refs/heads/trunk Commit: 70f9bd6201ba2c3f406d414d52e40c6534abe870 Parents: 58d7723 Author: Alex Antonenko <hiv...@gmail.com> Authored: Thu Jun 15 13:32:07 2017 +0300 Committer: Alex Antonenko <hiv...@gmail.com> Committed: Thu Jun 15 16:30:07 2017 +0300 ---------------------------------------------------------------------- ambari-web/app/controllers/main/host/details.js | 83 +++++++++++++++++--- .../test/controllers/main/host/details_test.js | 64 ++++++++++++--- 2 files changed, 128 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/70f9bd62/ambari-web/app/controllers/main/host/details.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/main/host/details.js b/ambari-web/app/controllers/main/host/details.js index def75d6..6f34dfe 100644 --- a/ambari-web/app/controllers/main/host/details.js +++ b/ambari-web/app/controllers/main/host/details.js @@ -1407,7 +1407,10 @@ App.MainHostDetailsController = Em.Controller.extend(App.SupportClientConfigsDow name: 'admin.get.all_configurations', sender: this, data: { - urlParams: '(type=core-site&tag=' + data.Clusters.desired_configs['core-site'].tag + ')|(type=hdfs-site&tag=' + data.Clusters.desired_configs['hdfs-site'].tag + ')|(type=kms-env&tag=' + data.Clusters.desired_configs['kms-env'].tag + ')' + urlParams: '(type=core-site&tag=' + data.Clusters.desired_configs['core-site'].tag + ')|' + + '(type=hdfs-site&tag=' + data.Clusters.desired_configs['hdfs-site'].tag + ')|' + + '(type=kms-env&tag=' + data.Clusters.desired_configs['kms-env'].tag + ')|' + + '(type=kms-site&tag=' + data.Clusters.desired_configs['kms-site'].tag + ')' }, success: params.callback }); @@ -1420,7 +1423,7 @@ App.MainHostDetailsController = Em.Controller.extend(App.SupportClientConfigsDow * @method onLoadRangerConfigs */ onLoadRangerConfigs: function (data) { - var properties = [ + var hdfsProperties = [ { type: 'core-site', name: 'hadoop.security.key.provider.path' @@ -1430,12 +1433,47 @@ App.MainHostDetailsController = Em.Controller.extend(App.SupportClientConfigsDow name: 'dfs.encryption.key.provider.uri' } ], + kmsSiteProperties = [ + { + name: 'hadoop.kms.cache.enable', + notHaValue: 'true', + haValue: 'false' + }, + { + name: 'hadoop.kms.cache.timeout.ms', + notHaValue: '600000', + haValue: '0' + }, + { + name: 'hadoop.kms.current.key.cache.timeout.ms', + notHaValue: '30000', + haValue: '0' + }, + { + name: 'hadoop.kms.authentication.signer.secret.provider', + notHaValue: 'random', + haValue: 'zookeeper' + }, + { + name: 'hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type', + notHaValue: 'kerberos', + haValue: 'none' + }, + { + name: 'hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string', + notHaValue: '#HOSTNAME#:#PORT#,...', + haValue: this.getZookeeperConnectionString() + } + ], hostToInstall = this.get('rangerKMSServerHost'), - rkmsHosts = this.getRangerKMSServerHosts().join(';'), + rkmsHosts = this.getRangerKMSServerHosts(), + rkmsHostsStr = rkmsHosts.join(';'), + isHA = rkmsHosts.length > 1, rkmsPort = data.items.findProperty('type', 'kms-env').properties['kms_port'], - newValue = 'kms://http@' + rkmsHosts + ':' + rkmsPort + '/kms', + newValue = 'kms://http@' + rkmsHostsStr + ':' + rkmsPort + '/kms', coreSiteConfigs = data.items.findProperty('type', 'core-site'), hdfsSiteConfigs = data.items.findProperty('type', 'hdfs-site'), + kmsSiteConfigs = data.items.findProperty('type', 'kms-site'), groups = [ { properties: { @@ -1446,19 +1484,27 @@ App.MainHostDetailsController = Em.Controller.extend(App.SupportClientConfigsDow 'core-site': coreSiteConfigs.properties_attributes, 'hdfs-site': hdfsSiteConfigs.properties_attributes } + }, + { + properties: { + 'kms-site': kmsSiteConfigs.properties + }, + properties_attributes: { + 'kms-site': kmsSiteConfigs.properties_attributes + } } ], propertiesToChange = this.get('allPropertiesToChange'); this.saveLoadedConfigs(data); - properties.forEach(function (property) { + hdfsProperties.forEach(function (property) { var typeConfigs = data.items.findProperty('type', property.type).properties, currentValue = typeConfigs[property.name], pattern = new RegExp('^kms:\\/\\/http@(.+):' + rkmsPort + '\\/kms$'), patternMatch = currentValue && currentValue.match(pattern), currentHostsList = patternMatch && patternMatch[1].split(';').sort().join(';'); - if (currentHostsList !== rkmsHosts) { + if (currentHostsList !== rkmsHostsStr) { typeConfigs[property.name] = newValue; if (this.get('isReconfigureRequired')) { var service = App.config.get('serviceByConfigTypeMap')[property.type]; @@ -1473,6 +1519,22 @@ App.MainHostDetailsController = Em.Controller.extend(App.SupportClientConfigsDow } } }, this); + + kmsSiteProperties.forEach(function (property) { + var currentValue = kmsSiteConfigs.properties[property.name]; + var newValue = isHA ? property.haValue : property.notHaValue; + kmsSiteConfigs.properties[property.name] = newValue; + + propertiesToChange.pushObject({ + propertyFileName: 'kms-site', + propertyName: property.name, + serviceDisplayName: App.Service.find().findProperty('serviceName', 'RANGER_KMS').get('displayName'), + initialValue: currentValue, + recommendedValue: newValue, + saveRecommended: true + }); + }); + if (this.get('isReconfigureRequired')) { this.setConfigsChanges(groups); } else { @@ -1492,17 +1554,20 @@ App.MainHostDetailsController = Em.Controller.extend(App.SupportClientConfigsDow if (!!rangerKMSServerHost) { rkmsHosts.push(rangerKMSServerHost); - this.set('rangerKMSServerHost', ''); } if (this.get('fromDeleteHost') || this.get('deleteRangerKMSServer')) { - this.set('deleteRangerKMSServer', false); - this.set('fromDeleteHost', false); return rkmsHosts.without(this.get('content.hostName')); } return rkmsHosts.sort(); }, + getZookeeperConnectionString: function () { + return this.getRangerKMSServerHosts().map(function (host) { + return host + ':2181'; + }).join(','); + }, + /** * Delete Storm Nimbus is performed * @type {bool} http://git-wip-us.apache.org/repos/asf/ambari/blob/70f9bd62/ambari-web/test/controllers/main/host/details_test.js ---------------------------------------------------------------------- diff --git a/ambari-web/test/controllers/main/host/details_test.js b/ambari-web/test/controllers/main/host/details_test.js index c7e1808..34794f7 100644 --- a/ambari-web/test/controllers/main/host/details_test.js +++ b/ambari-web/test/controllers/main/host/details_test.js @@ -690,6 +690,9 @@ describe('App.MainHostDetailsController', function () { }, 'core-site': { tag: 'tag' + }, + 'kms-site': { + tag: 'tag' } } }}, null, {}); @@ -697,7 +700,7 @@ describe('App.MainHostDetailsController', function () { expect(args[0]).exists; expect(args[0].sender).to.be.eql(controller); expect(args[0].data).to.be.eql({ - urlParams: '(type=core-site&tag=tag)|(type=hdfs-site&tag=tag)|(type=kms-env&tag=tag)' + urlParams: '(type=core-site&tag=tag)|(type=hdfs-site&tag=tag)|(type=kms-env&tag=tag)|(type=kms-site&tag=tag)' }); }); }); @@ -720,15 +723,6 @@ describe('App.MainHostDetailsController', function () { it('hosts list is valid', function() { expect(this.hosts).to.eql(['host2']); }); - it('rangerKMSServerHost is empty', function () { - expect(controller.get('rangerKMSServerHost')).to.be.empty; - }); - it('deleteRangerKMSServer is false', function () { - expect(controller.get('deleteRangerKMSServer')).to.be.false; - }); - it('fromDeleteHost is false', function () { - expect(controller.get('fromDeleteHost')).to.be.false; - }); }); describe("#getStormNimbusHosts()", function() { @@ -3257,6 +3251,21 @@ describe('App.MainHostDetailsController', function () { 'core-site': undefined, 'hdfs-site': undefined } + }, + { + properties: { + 'kms-site': { + 'hadoop.kms.cache.enable': 'true', + 'hadoop.kms.cache.timeout.ms': '600000', + 'hadoop.kms.current.key.cache.timeout.ms': '30000', + 'hadoop.kms.authentication.signer.secret.provider': 'random', + 'hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type': 'kerberos', + 'hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string': '#HOSTNAME#:#PORT#,...' + } + }, + properties_attributes: { + 'kms-site': undefined + } } ] }, @@ -3275,6 +3284,21 @@ describe('App.MainHostDetailsController', function () { 'core-site': undefined, 'hdfs-site': undefined } + }, + { + properties: { + 'kms-site': { + 'hadoop.kms.cache.enable': 'false', + 'hadoop.kms.cache.timeout.ms': '0', + 'hadoop.kms.current.key.cache.timeout.ms': '0', + 'hadoop.kms.authentication.signer.secret.provider': 'zookeeper', + 'hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type': 'none', + 'hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string': 'host1:2181,host2:2181' + } + }, + properties_attributes: { + 'kms-site': undefined + } } ] } @@ -3282,11 +3306,20 @@ describe('App.MainHostDetailsController', function () { beforeEach(function () { sinon.spy(controller, 'saveConfigsBatch'); + sinon.stub(App.Service, 'find', function () { + return [ + Em.Object.create({ + displayName: 'service', + serviceName: 'RANGER_KMS' + }) + ]; + }); sinon.stub(controller, 'saveLoadedConfigs', Em.K); }); afterEach(function () { controller.saveConfigsBatch.restore(); + App.Service.find.restore(); controller.saveLoadedConfigs.restore(); }); @@ -3310,6 +3343,17 @@ describe('App.MainHostDetailsController', function () { properties: { 'dfs.encryption.key.provider.uri': 'kms://http@host2:port/kms' } + }, + { + type: 'kms-site', + properties: { + 'hadoop.kms.cache.enable': 'true', + 'hadoop.kms.cache.timeout.ms': '600000', + 'hadoop.kms.current.key.cache.timeout.ms': '30000', + 'hadoop.kms.authentication.signer.secret.provider': 'random', + 'hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type': 'kerberos', + 'hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string': '#HOSTNAME#:#PORT#,...' + } } ] };