more security changes
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/b2f2d796 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/b2f2d796 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/b2f2d796 Branch: refs/heads/feature/SLIDER-280_Restart_AM_fun_tests Commit: b2f2d796b92455bba0dae9bcc1d8dc8fd6a6e7db Parents: f4871c6 Author: Jon Maron <jma...@hortonworks.com> Authored: Sun Sep 7 13:53:16 2014 -0400 Committer: Jon Maron <jma...@hortonworks.com> Committed: Sun Sep 7 13:53:16 2014 -0400 ---------------------------------------------------------------------- app-packages/storm/package/scripts/params.py | 7 ++++--- app-packages/storm/package/scripts/service.py | 2 +- app-packages/storm/package/scripts/yaml_config.py | 2 +- app-packages/storm/package/templates/storm_jaas.conf.j2 | 11 ++++------- 4 files changed, 10 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/b2f2d796/app-packages/storm/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/params.py b/app-packages/storm/package/scripts/params.py index a8e36b9..e0bf9e4 100644 --- a/app-packages/storm/package/scripts/params.py +++ b/app-packages/storm/package/scripts/params.py @@ -48,15 +48,16 @@ if ganglia_installed: ganglia_port = config['configurations']['global']['ganglia_server_port'] security_enabled = config['configurations']['global']['security_enabled'] -hostname_lowercase = config['hostname'].lower() if security_enabled: + _hostname_lowercase = config['hostname'].lower() _kerberos_domain = config['configurations']['storm-env']['kerberos_domain'] _storm_client_principal_name = config['configurations']['storm-env']['storm_client_principal_name'] _storm_server_principal_name = config['configurations']['storm-env']['storm_server_principal_name'] - storm_jaas_client_principal = _storm_client_principal_name.replace('_HOST', hostname_lowercase) + storm_jaas_client_principal = _storm_client_principal_name.replace('_HOST', _hostname_lowercase) storm_client_keytab_path = config['configurations']['storm-env']['storm_client_keytab'] - storm_jaas_server_principal = _storm_server_principal_name.replace('_HOST', hostname_lowercase) + storm_jaas_server_principal = _storm_server_principal_name.replace('_HOST', _hostname_lowercase) + storm_jaas_stormclient_servicename = storm_jaas_server_principal.split("/")[0] storm_server_keytab_path = config['configurations']['storm-env']['storm_server_keytab'] kinit_path_local = functions.get_kinit_path(["/usr/bin", "/usr/kerberos/bin", "/usr/sbin"]) http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/b2f2d796/app-packages/storm/package/scripts/service.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/service.py b/app-packages/storm/package/scripts/service.py index 50ac44c..0ec6413 100644 --- a/app-packages/storm/package/scripts/service.py +++ b/app-packages/storm/package/scripts/service.py @@ -50,7 +50,7 @@ def service( if name == "rest_api": cmd = format("{rest_process_cmd} {rest_api_conf_file} > {log_dir}/restapi.log") else: - cmd = format("env JAVA_HOME={java64_home} PATH=$PATH:{java64_home}/bin STORM_BASE_DIR={app_root} STORM_CONF_DIR={conf_dir} {storm_bin} {name} > {log_dir}/{name}.out 2>&1") + cmd = format("env JAVA_HOME={java64_home} PATH={java64_home}/bin:$PATH STORM_BASE_DIR={app_root} STORM_CONF_DIR={conf_dir} {storm_bin} {name} > {log_dir}/{name}.out 2>&1") if params.security_enabled: if name == "nimbus": http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/b2f2d796/app-packages/storm/package/scripts/yaml_config.py ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/scripts/yaml_config.py b/app-packages/storm/package/scripts/yaml_config.py index 0a1ffa9..5f763cc 100644 --- a/app-packages/storm/package/scripts/yaml_config.py +++ b/app-packages/storm/package/scripts/yaml_config.py @@ -38,7 +38,7 @@ def escape_yaml_propetry(value): # if is map {'a':'b'} if re.match('^\w*\{.+\}\w*$', value): - unquouted = True + unquouted = True try: int(value) http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/b2f2d796/app-packages/storm/package/templates/storm_jaas.conf.j2 ---------------------------------------------------------------------- diff --git a/app-packages/storm/package/templates/storm_jaas.conf.j2 b/app-packages/storm/package/templates/storm_jaas.conf.j2 index e68cd57..a1ba6ea 100644 --- a/app-packages/storm/package/templates/storm_jaas.conf.j2 +++ b/app-packages/storm/package/templates/storm_jaas.conf.j2 @@ -20,8 +20,7 @@ StormServer { useKeyTab=true keyTab="{{storm_server_keytab_path}}" storeKey=true - useTicketCache=true - renewTGT=true + useTicketCache=false principal="{{storm_jaas_server_principal}}"; }; StormClient { @@ -29,9 +28,8 @@ StormClient { useKeyTab=true keyTab="{{storm_client_keytab_path}}" storeKey=true - useTicketCache=true - renewTGT=true - serviceName="nimbus" + useTicketCache=false + serviceName="{{storm_jaas_stormclient_servicename}}" debug=true principal="{{storm_jaas_client_principal}}"; }; @@ -40,8 +38,7 @@ Client { useKeyTab=true keyTab="{{storm_client_keytab_path}}" storeKey=true - useTicketCache=true - renewTGT=true + useTicketCache=false serviceName="zookeeper" principal="{{storm_jaas_client_principal}}"; };
