Repository: ambari Updated Branches: refs/heads/branch-2.5 bc06736ef -> 84b3c7139
AMBARI-21234. Ambari rack awareness for Kafka. (Ambud Sharma via stoader) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/84b3c713 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/84b3c713 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/84b3c713 Branch: refs/heads/branch-2.5 Commit: 84b3c7139486e733a5fbc3de628e51510eb0b261 Parents: bc06736 Author: Ambud Sharma <ambud.sha...@hortonworks.com> Authored: Fri Jul 14 14:28:55 2017 +0200 Committer: Toader, Sebastian <stoa...@hortonworks.com> Committed: Fri Jul 14 14:28:55 2017 +0200 ---------------------------------------------------------------------- .../0.10.0/configuration/ranger-kafka-audit.xml | 58 ++++++++++++++ .../common-services/KAFKA/0.10.0/kerberos.json | 79 ++++++++++++++++++++ .../common-services/KAFKA/0.10.0/metainfo.xml | 28 +++++++ .../KAFKA/0.8.1/package/scripts/kafka.py | 12 +++ .../KAFKA/0.8.1/package/scripts/params.py | 3 + .../stacks/HDP/2.5/services/KAFKA/metainfo.xml | 1 + 6 files changed, 181 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/84b3c713/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/configuration/ranger-kafka-audit.xml new file mode 100644 index 0000000..fff9132 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/configuration/ranger-kafka-audit.xml @@ -0,0 +1,58 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>xasecure.audit.destination.db</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.jdbc.url</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.user</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.password</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.jdbc.driver</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.credential.provider.file</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + <property> + <name>xasecure.audit.destination.db.batch.filespool.dir</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/84b3c713/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json new file mode 100644 index 0000000..b4d0018 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/kerberos.json @@ -0,0 +1,79 @@ +{ + "services": [ + { + "name": "KAFKA", + "identities": [ + { + "name": "/smokeuser" + } + ], + "configurations": [ + { + "kafka-broker": { + "authorizer.class.name": "kafka.security.auth.SimpleAclAuthorizer", + "principal.to.local.class":"kafka.security.auth.KerberosPrincipalToLocal", + "super.users": "user:${kafka-env/kafka_user}", + "security.inter.broker.protocol": "PLAINTEXTSASL", + "zookeeper.set.acl": "true", + "listeners": "${kafka-broker/listeners|replace(\\bPLAINTEXT\\b, PLAINTEXTSASL)}" + } + }, + { + "ranger-kafka-audit": { + "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule", + "xasecure.audit.jaas.Client.loginModuleControlFlag": "required", + "xasecure.audit.jaas.Client.option.useKeyTab": "true", + "xasecure.audit.jaas.Client.option.storeKey": "false", + "xasecure.audit.jaas.Client.option.serviceName": "solr", + "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true" + } + } + ], + "auth_to_local_properties" : [ + "kafka-broker/sasl.kerberos.principal.to.local.rules|comma" + ], + "components": [ + { + "name": "KAFKA_BROKER", + "identities": [ + { + "name": "kafka_broker", + "principal": { + "value": "${kafka-env/kafka_user}/_HOST@${realm}", + "type": "service", + "configuration": "kafka-env/kafka_principal_name" + }, + "keytab": { + "file": "${keytab_dir}/kafka.service.keytab", + "owner": { + "name": "${kafka-env/kafka_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "kafka-env/kafka_keytab" + } + }, + { + "name": "/KAFKA/KAFKA_BROKER/kafka_broker", + "principal": { + "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.principal" + }, + "keytab": { + "configuration": "ranger-kafka-audit/xasecure.audit.jaas.Client.option.keyTab" + } + }, + { + "name": "/HDFS/NAMENODE/hdfs", + "when" : { + "contains" : ["services", "HDFS"] + } + } + ] + } + ] + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/84b3c713/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/metainfo.xml b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/metainfo.xml new file mode 100644 index 0000000..c1fcde8 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.10.0/metainfo.xml @@ -0,0 +1,28 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<metainfo> + <schemaVersion>2.0</schemaVersion> + <services> + <service> + <name>KAFKA</name> + <extends>common-services/KAFKA/0.9.0</extends> + <version>0.10.0</version> + <restartRequiredAfterRackChange>true</restartRequiredAfterRackChange> + </service> + </services> +</metainfo> http://git-wip-us.apache.org/repos/asf/ambari/blob/84b3c713/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py index 1327090..e6d7339 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/kafka.py @@ -108,6 +108,18 @@ def kafka(upgrade_type=None): kafka_data_dir = kafka_server_config['log.dirs'] kafka_data_dirs = filter(None, kafka_data_dir.split(",")) + + rack="/default-rack" + i=0 + if len(params.all_racks) > 0: + for host in params.all_hosts: + if host == params.hostname: + rack=params.all_racks[i] + break + i=i+1 + + kafka_server_config['broker.rack']=rack + Directory(kafka_data_dirs, mode=0755, cd_access='a', http://git-wip-us.apache.org/repos/asf/ambari/blob/84b3c713/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py index c36a10f..8aa4fc2 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py @@ -105,6 +105,9 @@ zookeeper_hosts.sort() secure_acls = default("/configurations/kafka-broker/zookeeper.set.acl", False) kafka_security_migrator = os.path.join(kafka_home, "bin", "zookeeper-security-migration.sh") +all_hosts = default("/clusterHostInfo/all_hosts", []) +all_racks = default("/clusterHostInfo/all_racks", []) + #Kafka log4j kafka_log_maxfilesize = default('/configurations/kafka-log4j/kafka_log_maxfilesize',256) kafka_log_maxbackupindex = default('/configurations/kafka-log4j/kafka_log_maxbackupindex',20) http://git-wip-us.apache.org/repos/asf/ambari/blob/84b3c713/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/metainfo.xml index 12f6c45..14367ea 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/KAFKA/metainfo.xml @@ -21,6 +21,7 @@ <service> <name>KAFKA</name> <version>0.10.0.2.5</version> + <extends>common-services/KAFKA/0.10.0</extends> </service> </services> </metainfo>