This is an automated email from the ASF dual-hosted git repository. ncole pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 40f99c5 [AMBARI-25050] Create Ambari Setting to Control VDF Filesystem Access (#2729) 40f99c5 is described below commit 40f99c56d5896044d1075966377b1e434d777cb7 Author: ncole <nc...@hortonworks.com> AuthorDate: Tue Dec 18 17:09:16 2018 -0500 [AMBARI-25050] Create Ambari Setting to Control VDF Filesystem Access (#2729) --- ambari-server/docs/configuration/index.md | 4 ++++ .../apache/ambari/server/configuration/Configuration.java | 13 +++++++++++++ .../internal/VersionDefinitionResourceProvider.java | 3 +++ .../internal/VersionDefinitionResourceProviderTest.java | 6 +++++- 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ambari-server/docs/configuration/index.md b/ambari-server/docs/configuration/index.md index 2c9d05e..2441950 100644 --- a/ambari-server/docs/configuration/index.md +++ b/ambari-server/docs/configuration/index.md @@ -37,6 +37,7 @@ The following are the properties which can be used to configure Ambari. | Property Name | Description | Default | | --- | --- | --- | | active.instance | Indicates whether the current ambari server instance is active or not. |`true` | +| addservice.hostgroup.strategy | Fully qualified class name of the strategy used to form host groups for add service request layout recommendation. |`org.apache.ambari.server.topology.addservice.GroupByComponentsStrategy` | | agent.api.acceptor.count | Count of acceptors to configure for the jetty connector used for Ambari agent. | | | agent.api.gzip.compression.enabled | Determiens whether communication with the Ambari Agents should have the JSON payloads compressed with GZIP. |`true` | | agent.auto.cache.update | Determines whether the agents will automatically attempt to download updates to stack resources from the Ambari Server. |`true` | @@ -139,6 +140,7 @@ The following are the properties which can be used to configure Ambari. | metrics.retrieval-service.cache.timeout | The amount of time, in minutes, that JMX and REST metrics retrieved directly can remain in the cache. |`30` | | metrics.retrieval-service.request.ttl | The number of seconds to wait between issuing JMX or REST metric requests to the same endpoint. This property is used to throttle requests to the same URL being made too close together<br/><br/> This property is related to `metrics.retrieval-service.request.ttl.enabled`. |`5` | | metrics.retrieval-service.request.ttl.enabled | Enables throttling requests to the same endpoint within a fixed amount of time. This property will prevent Ambari from making new metric requests to update the cache for URLs which have been recently retrieved.<br/><br/> This property is related to `metrics.retrieval-service.request.ttl`. |`true` | +| mpacks-v2.staging.path | The Ambari Management Pack version-2 staging directory on the Ambari Server.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/mpacks-v2`</ul> | | | mpacks.staging.path | The Ambari Management Pack staging directory on the Ambari Server.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/mpacks`</ul> | | | notification.dispatch.alert.script.directory | The directory for scripts which are used by the alert notification dispatcher. |`/var/lib/ambari-server/resources/scripts` | | packages.pre.installed | Determines whether Ambari Agent instances have already have the necessary stack software installed |`false` | @@ -173,6 +175,7 @@ The following are the properties which can be used to configure Ambari. | security.server.csr_name | The name of the certificate request file used when generating certificates. |`ca.csr` | | security.server.disabled.ciphers | A list of cipher suites which are not strong enough to use and will be excluded when creating SSL connections.<br/><br/>The following are examples of valid values:<ul><li>`SSL_RSA_WITH_RC4_128_MD5\|SSL_RSA_WITH_RC4_128_MD5`</ul> | | | security.server.disabled.protocols | The list of protocols which should not be used when creating SSL connections.<br/><br/>The following are examples of valid values:<ul><li>`TLSv1.1\|TLSv1.2`</ul> | | +| security.server.encrypt_sensitive_data | Whether to encrypt sensitive data (at rest) on service level configuration. |`false` | | security.server.key_name | The name of the private key used to sign requests. |`ca.key` | | security.server.keys_dir | The directory on the Ambari Server where keystores are kept. |`.` | | security.server.keystore_name | The name of the keystore file, located in `security.server.keys_dir` |`keystore.p12` | @@ -259,6 +262,7 @@ The following are the properties which can be used to configure Ambari. | server.timeline.metrics.https.enabled | Determines whether to use to SSL to connect to Ambari Metrics when retrieving metric data. |`false` | | server.tmp.dir | The location on the Ambari Server where temporary artifacts can be created. |`/var/lib/ambari-server/tmp` | | server.version.file | The full path to the file which contains the Ambari Server version. This is used to ensure that there is not a version mismatch between Ambari Agents and Ambari Server.<br/><br/>The following are examples of valid values:<ul><li>`/var/lib/ambari-server/resources/version`</ul> | | +| server.version_definition.allow_from_filesystem | Controls whether VDF can be read from the filesystem. |`false` | | server.version_definition.connect.timeout.millis | The time, in milliseconds, that requests to connect to a URL to retrieve Version Definition Files (VDF) will wait before being terminated. |`5000` | | server.version_definition.read.timeout.millis | The time, in milliseconds, that requests to read from a connected URL to retrieve Version Definition Files (VDF) will wait before being terminated. |`5000` | | shared.resources.dir | The location on the Ambari Server where resources are stored. This is exposed via HTTP in order for Ambari Agents to access them. |`/usr/lib/ambari-server/lib/ambari_commons/resources` | diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java index a4af46c..45496c5 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java @@ -2612,6 +2612,12 @@ public class Configuration { public static final ConfigurationProperty<String> ADD_SERVICE_HOST_GROUP_STRATEGY = new ConfigurationProperty<>( "addservice.hostgroup.strategy", GroupByComponentsStrategy.class.getName()); + /** + * Gets whether file-based VDF are allowed to be used. + */ + @Markdown(description = "Controls whether VDF can be read from the filesystem.") + public static final ConfigurationProperty<Boolean> VDF_FROM_FILESYSTEM = new ConfigurationProperty<>( + "server.version_definition.allow_from_filesystem", Boolean.FALSE); private static final Logger LOG = LoggerFactory.getLogger( Configuration.class); @@ -6065,4 +6071,11 @@ public class Configuration { public int getAlertServiceCorePoolSize() { return Integer.parseInt(getProperty(SERVER_SIDE_ALERTS_CORE_POOL_SIZE)); } + + /** + * @return {@code true} if local files can be specified in the API to consume VDF + */ + public boolean areFileVDFAllowed() { + return Boolean.parseBoolean(getProperty(VDF_FROM_FILESYSTEM)); + } } diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java index ecd848b..3a615a7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProvider.java @@ -573,6 +573,9 @@ public class VersionDefinitionResourceProvider extends AbstractAuthorizedResourc InputStream stream = null; if (uri.getScheme().equalsIgnoreCase("file")) { + if (!s_configuration.areFileVDFAllowed()) { + throw new AmbariException("File URL for VDF are not enabled"); + } stream = uri.toURL().openStream(); } else { URLStreamProvider provider = new URLStreamProvider(connectTimeout, readTimeout, diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProviderTest.java index 5a657fd..779f9c5 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/VersionDefinitionResourceProviderTest.java @@ -31,6 +31,7 @@ import java.util.Set; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.H2DatabaseCleaner; import org.apache.ambari.server.api.services.AmbariMetaInfo; +import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.controller.ResourceProviderFactory; import org.apache.ambari.server.controller.predicate.AndPredicate; import org.apache.ambari.server.controller.spi.Predicate; @@ -73,7 +74,10 @@ public class VersionDefinitionResourceProviderTest { @Before public void before() throws Exception { - injector = Guice.createInjector(new InMemoryDefaultTestModule()); + InMemoryDefaultTestModule module = new InMemoryDefaultTestModule(); + module.getProperties().put(Configuration.VDF_FROM_FILESYSTEM.getKey(), "true"); + + injector = Guice.createInjector(module); injector.getInstance(GuiceJpaInitializer.class); AmbariMetaInfo ami = injector.getInstance(AmbariMetaInfo.class);