Repository: metron Updated Branches: refs/heads/master 91c410fd2 -> b84c8740d
METRON-1774 Allow user to configure JAAS client in Ambari (nickwallen) closes apache/metron#1192 Project: http://git-wip-us.apache.org/repos/asf/metron/repo Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/b84c8740 Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/b84c8740 Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/b84c8740 Branch: refs/heads/master Commit: b84c8740db5fbd05f3876aee3cb5532622a6b9dd Parents: 91c410f Author: nickwallen <n...@nickallen.org> Authored: Tue Sep 18 11:35:13 2018 -0400 Committer: nickallen <nickal...@apache.org> Committed: Tue Sep 18 11:35:13 2018 -0400 ---------------------------------------------------------------------- .../configuration/metron-client-jaas-conf.xml | 61 ++++++++++++++++++++ .../common-services/METRON/CURRENT/metainfo.xml | 1 + .../CURRENT/package/scripts/metron_security.py | 4 +- .../package/scripts/params/params_linux.py | 2 + .../package/templates/client_jaas.conf.j2 | 44 -------------- 5 files changed, 66 insertions(+), 46 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml new file mode 100644 index 0000000..141a5eb --- /dev/null +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-client-jaas-conf.xml @@ -0,0 +1,61 @@ +<?xml version="1.0"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_adding_forbidden="true"> + <property> + <name>content</name> + <display-name>metron_client_jaas template</display-name> + <description>Metron client JAAS configuration</description> + <value> +StormClient { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=false + storeKey=false + useTicketCache=true + serviceName="nimbus" + principal="{{metron_principal_name}}"; +}; +Client { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + keyTab="{{metron_keytab_path}}" + storeKey=true + useTicketCache=false + serviceName="zookeeper" + principal="{{metron_principal_name}}"; +}; +KafkaClient { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + keyTab="{{metron_keytab_path}}" + storeKey=true + useTicketCache=false + serviceName="kafka" + principal="{{metron_principal_name}}"; +}; + </value> + <value-attributes> + <type>content</type> + <show-property-name>false</show-property-name> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml index f83d93b..644ba97 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml @@ -471,6 +471,7 @@ <config-type>kafka-broker</config-type> <config-type>kafka-env</config-type> <config-type>zeppelin-config</config-type> + <config-type>metron-client-jaas-conf</config-type> </configuration-dependencies> <restartRequiredAfterChange>true</restartRequiredAfterChange> <quickLinksConfigurations> http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py index 4f04daf..d9486e8 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_security.py @@ -16,6 +16,7 @@ limitations under the License. import os.path from resource_management.core.source import Template +from resource_management.core.source import InlineTemplate from resource_management.core.resources.system import Directory, File from resource_management.core import global_lock from resource_management.core.logger import Logger @@ -46,7 +47,7 @@ def storm_security_setup(params): ) File(ambari_format('{client_jaas_path}'), - content=Template('client_jaas.conf.j2'), + content=InlineTemplate(params.metron_client_jaas_conf_template), owner=params.metron_user, group=params.metron_group, mode=0755 @@ -80,4 +81,3 @@ def kinit(kinit_path_local, keytab_path, principal_name, execute_user=None): Execute(kinitcmd, user=execute_user) finally: kinit_lock.release() - http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py index 9be09f1..0525c7f 100755 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py @@ -259,6 +259,8 @@ if security_enabled: kafka_principal_name = kafka_principal_raw.replace('_HOST', hostname_lowercase) kafka_keytab_path = config['configurations']['kafka-env']['kafka_keytab'] + metron_client_jaas_conf_template = config['configurations']['metron-client-jaas-conf']['content'] + nimbus_seeds = config['configurations']['storm-site']['nimbus.seeds'] # Check wether Solr mpack is installed if 'solr-config-env' in config['configurations']: http://git-wip-us.apache.org/repos/asf/metron/blob/b84c8740/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 deleted file mode 100644 index c0a047e..0000000 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/client_jaas.conf.j2 +++ /dev/null @@ -1,44 +0,0 @@ -{# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#} - -StormClient { - com.sun.security.auth.module.Krb5LoginModule required - useKeyTab=false - storeKey=false - useTicketCache=true - serviceName="nimbus" - principal="{{metron_principal_name}}"; -}; -Client { - com.sun.security.auth.module.Krb5LoginModule required - useKeyTab=true - keyTab="{{metron_keytab_path}}" - storeKey=true - useTicketCache=false - serviceName="zookeeper" - principal="{{metron_principal_name}}"; -}; -KafkaClient { - com.sun.security.auth.module.Krb5LoginModule required - useKeyTab=true - keyTab="{{metron_keytab_path}}" - storeKey=true - useTicketCache=false - serviceName="kafka" - principal="{{metron_principal_name}}"; -};