Ottomata has submitted this change and it was merged.
Change subject: Puppetizing oozie client and server
......................................................................
Puppetizing oozie client and server
Change-Id: I57d6289420e929f5badef04aab286c66db9bd3c5
---
M README.md
A manifests/oozie.pp
A manifests/oozie/database/mysql.pp
A manifests/oozie/defaults.pp
A manifests/oozie/server.pp
A templates/oozie/oozie-env.sh.erb
A templates/oozie/oozie-site.xml.erb
7 files changed, 729 insertions(+), 0 deletions(-)
Approvals:
Ottomata: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/README.md b/README.md
index b1a357c..2233d94 100644
--- a/README.md
+++ b/README.md
@@ -108,3 +108,24 @@
metastore_database => undef,
}
```
+
+
+## For Oozie client nodes:
+
+```puppet
+class { 'cdh4::oozie': }
+```
+
+## For Oozie Server Nodes
+
+The following will install and run oozie-server, as well as create a MySQL
+database for it to use. A MySQL database is the only currently supported
+automatically installable backend database. Alternatively, you may set
+```database => undef``` to avoid setting up MySQL and then configure your own
+Oozie database manually.
+
+```puppet
+class { 'cdh4::oozie::server:
+ jdbc_password -> $secret_password,
+}
+```
diff --git a/manifests/oozie.pp b/manifests/oozie.pp
new file mode 100644
index 0000000..1412a8b
--- /dev/null
+++ b/manifests/oozie.pp
@@ -0,0 +1,24 @@
+# == Class cdh4::oozie
+# Installs the oozie-client package
+# And sets OOZIE_URL in /etc/profile.d/oozie.sh.
+#
+class cdh4::oozie(
+ $oozie_host = 'localhost'
+)
+{
+ # oozie server url
+ $url = "http://$oozie_host:11000/oozie";
+
+ package { 'oozie-client':
+ ensure => 'installed',
+ }
+
+ # create a file in /etc/profile.d to export OOZIE_URL.
+ file { '/etc/profile.d/oozie.sh':
+ content => "# NOTE: This file is managed by Puppet.
+
+export OOZIE_URL='${url}'
+",
+ mode => '0444',
+ }
+}
\ No newline at end of file
diff --git a/manifests/oozie/database/mysql.pp
b/manifests/oozie/database/mysql.pp
new file mode 100644
index 0000000..b81811b
--- /dev/null
+++ b/manifests/oozie/database/mysql.pp
@@ -0,0 +1,52 @@
+# == Class cdh4::oozie::database::mysql
+# Configures and sets up a MySQL database for Oozie.
+#
+# Note that this class does not support running
+# the Oozie database on a different host than where your
+# oozie server will run. Permissions will only be granted
+# for localhost MySQL users, so oozie server must run on this node.
+#
+# Also, root must be able to run /usr/bin/mysql with no password and have
permissions
+# to create databases and users and grant permissions.
+#
+# You probably shouldn't be including this class directly. Instead, include
+# cdh4::oozie::server with database => 'mysql'.
+#
+# See:
http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.2.1/CDH4-Installation-Guide/cdh4ig_topic_17_6.html
+#
+class cdh4::oozie::database::mysql {
+ if (!defined(Package['libmysql-java'])) {
+ package { 'libmysql-java':
+ ensure => 'installed',
+ }
+ }
+
+ # symlink mysql.jar into /var/lib/oozie
+ file { '/var/lib/oozie/mysql.jar':
+ ensure => 'link',
+ target => '/usr/share/java/mysql.jar',
+ require => Package['libmysql-java'],
+ }
+
+ $db_name = $cdh4::oozie::server::jdbc_database
+ $db_user = $cdh4::oozie::server::jdbc_username
+ $db_pass = $cdh4::oozie::server::jdbc_password
+
+ # oozie is going to need an oozie database and user.
+ exec { 'oozie_mysql_create_database':
+ command => "/usr/bin/mysql -e \"
+CREATE DATABASE ${db_name};
+GRANT ALL PRIVILEGES ON ${db_name}.* TO '${db_user}'@'localhost' IDENTIFIED BY
'${db_pass}';
+GRANT ALL PRIVILEGES ON ${db_name}.* TO '${db_user}'@'127.0.0.1' IDENTIFIED BY
'${db_pass}';\"",
+ unless => "/usr/bin/mysql -BNe 'SHOW DATABASES' | /bin/grep -q
${db_name}",
+ user => 'root',
+ }
+
+ # run ooziedb.sh to create the oozie database schema
+ exec { 'oozie_mysql_create_schema':
+ command => '/usr/lib/oozie/bin/ooziedb.sh create -run',
+ require => [Exec['oozie_mysql_create_database'],
File['/var/lib/oozie/mysql.jar']],
+ unless => "/usr/bin/mysql -u${db_user} -p'${db_pass}' ${db_name} -BNe
'SHOW TABLES;' | /bin/grep -q OOZIE_SYS",
+ user => 'oozie',
+ }
+}
\ No newline at end of file
diff --git a/manifests/oozie/defaults.pp b/manifests/oozie/defaults.pp
new file mode 100644
index 0000000..aca44dc
--- /dev/null
+++ b/manifests/oozie/defaults.pp
@@ -0,0 +1,28 @@
+# == Class cdh4::oozie::defaults
+#
+class cdh4::oozie::defaults {
+ $database = 'mysql'
+
+ $jdbc_driver = 'com.mysql.jdbc.Driver'
+ $jdbc_protocol = 'mysql'
+ $jdbc_database = 'oozie'
+ $jdbc_host = 'localhost'
+ $jdbc_port = 3306
+ $jdbc_username = 'oozie'
+ $jdbc_password = 'oozie'
+
+ $smtp_host = undef
+ $smtp_port = 25
+ $smtp_from_email = undef
+ $smtp_username = undef
+ $smtp_password = undef
+
+ $authorization_service_security_enabled = true
+
+ # Default puppet paths to template config files.
+ # This allows us to use custom template config files
+ # if we want to override more settings than this
+ # module yet supports.
+ $oozie_site_template = 'cdh4/oozie/oozie-site.xml.erb'
+ $oozie_env_template = 'cdh4/oozie/oozie-env.sh.erb'
+}
diff --git a/manifests/oozie/server.pp b/manifests/oozie/server.pp
new file mode 100644
index 0000000..f84c70e
--- /dev/null
+++ b/manifests/oozie/server.pp
@@ -0,0 +1,171 @@
+# == Class cdh4::oozie::server
+#
+# Installs and configureds oozie server. If database is set,
+# The oozie database will also be created by the database class.
+#
+# See:
http://www.cloudera.com/content/cloudera-content/cloudera-docs/CDH4/4.2.1/CDH4-Installation-Guide/cdh4ig_topic_17_6.html
+#
+# == Parameters
+# $database - Name of database class.
+# Set to undef to disable configuartion of
Oozie database.
+# Default: mysql
+#
+# $jdbc_database - Oozie database name.
Default: oozie
+# $jdbc_username - Oozie JDBC username.
Default: oozie
+# $jdbc_password - Oozie JDBC password.
Default: oozie
+# $jdbc_host - Oozie JDBC hostname.
Default: localhost
+# $jdbc_port - Oozie JDBC port.
Default: 3306
+# $jdbc_driver - Oozie JDBC driver class name.
Default: com.mysql.jdbc.Driver
+# $jdbc_protocol - Name of database protocol.
Default: mysql
+#
+# $smtp_host - SMTP host for email notifications.
+# Default: undef, SMTP will not be configured.
+# $smtp_port - SMTP port.
Default: 25
+# $smtp_from_email - Sender email address of notifications.
Default: undef
+# $smtp_username - Username for SMTP authentication.
Default: undef
+# $smtp_password - Password for SMTP authentication.
Default: undef
+#
+# $authorization_service_security_enabled - If disabled any user can manage
Oozie
+# system and manage any job.
Default: true
+#
+class cdh4::oozie::server(
+ $database = $cdh4::oozie::defaults::database,
+
+ $jdbc_database =
$cdh4::oozie::defaults::jdbc_database,
+ $jdbc_username =
$cdh4::oozie::defaults::jdbc_username,
+ $jdbc_password =
$cdh4::oozie::defaults::jdbc_password,
+ $jdbc_host =
$cdh4::oozie::defaults::jdbc_host,
+ $jdbc_port =
$cdh4::oozie::defaults::jdbc_port,
+ $jdbc_driver =
$cdh4::oozie::defaults::jdbc_driver,
+ $jdbc_protocol =
$cdh4::oozie::defaults::jdbc_protocol,
+
+ $smtp_host =
$cdh4::oozie::defaults::smtp_host,
+ $smtp_port =
$cdh4::oozie::defaults::smtp_port,
+ $smtp_from_email =
$cdh4::oozie::defaults::smtp_from_email,
+ $smtp_username =
$cdh4::oozie::defaults::smtp_username,
+ $smtp_password =
$cdh4::oozie::defaults::smtp_password,
+
+ $authorization_service_security_enabled =
$cdh4::oozie::defaults::authorization_service_security_enabled,
+
+ $oozie_site_template =
$cdh4::oozie::defaults::oozie_site_template,
+ $oozie_env_template =
$cdh4::oozie::defaults::oozie_env_template
+) inherits cdh4::oozie::defaults
+{
+ # cdh4::oozie::server requires hadoop client and configs are installed.
+ Class['cdh4::hadoop'] -> Class['cdh4::oozie::server']
+ # Also require cdh4::oozie client class.
+ Class['cdh4::oozie'] -> Class['cdh4::oozie::server']
+
+ package { 'oozie':
+ ensure => 'installed',
+ }
+
+ if (!defined(Package['libjs-extjs'])) {
+ package { 'libjs-extjs':
+ ensure => 'installed',
+ }
+ }
+ # Symlink extjs install path into /var/lib/oozie.
+ # This is required for the Oozie web interface to work.
+ file { '/var/lib/oozie/extjs':
+ ensure => 'link',
+ target => '/usr/share/javascript/extjs',
+ require => [Package['oozie'], Package['libjs-extjs']],
+ }
+
+ $catalina_base = $cdh4::hadoop::use_yarn ? {
+ true => '/usr/lib/oozie/oozie-server',
+ false => '/usr/lib/oozie/oozie-server-0.20',
+ }
+ # Ensure that Catalina working directories exist.
+ # Without these, oozie will log the error:
+ # "The specified scratchDir is unusable:
/usr/lib/oozie/oozie-server/work/Catalina/localhost/_"
+ file { ["${catalina_base}/work",
+ "${catalina_base}/work/Catalina",
+ "${catalina_base}/work/Catalina/localhost"]:
+ ensure => 'directory',
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ require => Package['oozie'],
+ }
+ file { ["${catalina_base}/work/Catalina/localhost/_",
+ "${catalina_base}/work/Catalina/localhost/oozie"]:
+ ensure => 'directory',
+ owner => 'oozie',
+ group => 'oozie',
+ mode => '0755',
+ require => File["${catalina_base}/work/Catalina/localhost"],
+ }
+
+ # Extract and install Oozie ShareLib into HDFS
+ # at /user/oozie/share
+
+ # sudo -u hdfs hadoop fs -mkdir /user/oozie
+ # sudo -u hdfs hadoop fs -chmod 0775 /user/oozie
+ # sudo -u hdfs hadoop fs -chown hive:hadoop /user/oozie
+ cdh4::hadoop::directory { '/user/oozie':
+ owner => 'oozie',
+ group => 'hadoop',
+ mode => '0755',
+ require => Package['oozie'],
+ }
+
+ # Put oozie sharelib into HDFS:
+ $oozie_sharelib_archive = $cdh4::hadoop::use_yarn ? {
+ true => '/usr/lib/oozie/oozie-sharelib-yarn.tar.gz',
+ false => '/usr/lib/oozie/oozie-sharelib.tar.gz',
+ }
+ $oozie_sharelib_tmpdir = inline_template('/tmp/oozie_sharelib_install.<%=
rand() %>')
+ exec { 'oozie_sharelib_install':
+ command => "\
+/bin/mkdir -p ${oozie_sharelib_tmpdir} && \
+/bin/tar -C ${oozie_sharelib_tmpdir} -xzf ${oozie_sharelib_archive} && \
+/usr/bin/hadoop fs -put ${oozie_sharelib_tmpdir}/share /user/oozie/share && \
+/bin/rm -rf ${oozie_sharelib_tmpdir}",
+ # don't run this command if /user/oozie/share already exists in HDFS.
+ unless => '/usr/bin/hadoop fs -ls /user/oozie | grep -q
/user/oozie/share',
+ user => 'oozie',
+ require => Cdh4::Hadoop::Directory['/user/oozie'],
+ }
+
+ file { '/etc/oozie/conf/oozie-site.xml':
+ content => template($oozie_site_template),
+ mode => '0440', # has database pw in it, shouldn't be world
readable.
+ owner => 'root',
+ group => 'oozie',
+ require => Package['oozie'],
+ }
+ file { '/etc/oozie/conf/oozie-env.sh':
+ content => template($oozie_env_template),
+ mode => '0444',
+ owner => 'root',
+ group => 'oozie',
+ require => Package['oozie'],
+ }
+
+ # Set up the database by including $database_class
+ $database_class = "cdh4::oozie::database::${database}"
+ if ($database) {
+ class { $database_class: }
+ # Make sure the $database_class is included and set up
+ # before we start the oozie server service
+ Class[$database_class] -> Service['oozie']
+ }
+
+ service { 'oozie':
+ ensure => 'running',
+ hasrestart => true,
+ hasstatus => true,
+ subscribe => [
+ File['/etc/oozie/conf/oozie-site.xml'],
+ File['/etc/oozie/conf/oozie-env.sh']
+ ],
+ require => [
+ File['/var/lib/oozie/extjs'],
+ # Package['libcnative-1'],
+ File["${catalina_base}/work/Catalina/localhost/oozie"],
+ File["${catalina_base}/work/Catalina/localhost/_"]
+ ],
+ }
+}
\ No newline at end of file
diff --git a/templates/oozie/oozie-env.sh.erb b/templates/oozie/oozie-env.sh.erb
new file mode 100644
index 0000000..e4a9a98
--- /dev/null
+++ b/templates/oozie/oozie-env.sh.erb
@@ -0,0 +1,20 @@
+#! /bin/bash
+
+# Note: This file is managed by Puppet.
+
+export OOZIE_CONFIG=/etc/oozie/conf
+export OOZIE_DATA=/var/lib/oozie
+export OOZIE_LOG=/var/log/oozie
+export OOZIE_CATALINA_HOME=/usr/lib/bigtop-tomcat
+export CATALINA_TMPDIR=/var/lib/oozie
+export CATALINA_PID=/var/run/oozie/oozie.pid
+export CATALINA_BASE=<%= @catalina_base %>
+export CATALINA_OPTS=-Xmx1024m
+<%
+# This puppet module doesn't (yet) support HTTPS configuration.
+# These are the defaults that ship with CDH4.
+-%>
+export OOZIE_HTTPS_PORT=11443
+export OOZIE_HTTPS_KEYSTORE_PASS=password
+export CATALINA_OPTS="$CATALINA_OPTS -Doozie.https.port=${OOZIE_HTTPS_PORT}"
+export CATALINA_OPTS="$CATALINA_OPTS
-Doozie.https.keystore.pass=${OOZIE_HTTPS_KEYSTORE_PASS}"
diff --git a/templates/oozie/oozie-site.xml.erb
b/templates/oozie/oozie-site.xml.erb
new file mode 100644
index 0000000..927761d
--- /dev/null
+++ b/templates/oozie/oozie-site.xml.erb
@@ -0,0 +1,413 @@
+<?xml version="1.0"?>
+<!-- NOTE: This file is managed by Puppet. -->
+
+<configuration>
+
+ <!--
+ Refer to the oozie-default.xml file for the complete list of
+ Oozie configuration properties and their default values.
+ -->
+
+ <property>
+ <name>oozie.service.ActionService.executor.ext.classes</name>
+ <value>
+ org.apache.oozie.action.email.EmailActionExecutor,
+ org.apache.oozie.action.hadoop.HiveActionExecutor,
+ org.apache.oozie.action.hadoop.ShellActionExecutor,
+ org.apache.oozie.action.hadoop.SqoopActionExecutor,
+ org.apache.oozie.action.hadoop.DistcpActionExecutor
+ </value>
+ </property>
+
+ <property>
+ <name>oozie.service.SchemaService.wf.ext.schemas</name>
+
<value>shell-action-0.1.xsd,shell-action-0.2.xsd,email-action-0.1.xsd,hive-action-0.2.xsd,hive-action-0.3.xsd,sqoop-action-0.2.xsd,sqoop-action-0.3.xsd,ssh-action-0.1.xsd,distcp-action-0.1.xsd</value>
+ </property>
+
+ <property>
+ <name>oozie.system.id</name>
+ <value>oozie-${user.name}</value>
+ <description>
+ The Oozie system ID.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.systemmode</name>
+ <value>NORMAL</value>
+ <description>
+ System mode for Oozie at startup.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.AuthorizationService.security.enabled</name>
+ <value><%= @authorization_service_security_enabled %></value>
+ <description>
+ Specifies whether security (user name/admin role) is enabled or
not.
+ If disabled any user can manage Oozie system and manage any job.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.PurgeService.older.than</name>
+ <value>30</value>
+ <description>
+ Jobs older than this value, in days, will be purged by the
PurgeService.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.PurgeService.purge.interval</name>
+ <value>3600</value>
+ <description>
+ Interval at which the purge service will run, in seconds.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.CallableQueueService.queue.size</name>
+ <value>10000</value>
+ <description>Max callable queue size</description>
+ </property>
+
+ <property>
+ <name>oozie.service.CallableQueueService.threads</name>
+ <value>10</value>
+ <description>Number of threads used for executing
callables</description>
+ </property>
+
+ <property>
+ <name>oozie.service.CallableQueueService.callable.concurrency</name>
+ <value>3</value>
+ <description>
+ Maximum concurrency for a given callable type.
+ Each command is a callable type (submit, start, run, signal, job,
jobs, suspend,resume, etc).
+ Each action type is a callable type (Map-Reduce, Pig, SSH, FS,
sub-workflow, etc).
+ All commands that use action executors (action-start, action-end,
action-kill and action-check) use
+ the action type as the callable type.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.coord.normal.default.timeout</name>
+ <value>120</value>
+ <description>
+ Default timeout for a coordinator action input check (in minutes)
for normal job.
+ -1 means infinite timeout
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.db.schema.name</name>
+ <value><%= @jdbc_database %></value>
+ <description>
+ Oozie DataBase Name
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.JPAService.create.db.schema</name>
+ <value>true</value>
+ <description>
+ Creates Oozie DB.
+
+ If set to true, it creates the DB schema if it does not exist. If
the DB schema exists is a NOP.
+ If set to false, it does not create the DB schema. If the DB
schema does not exist it fails start up.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.JPAService.jdbc.driver</name>
+ <value><%= @jdbc_driver %></value>
+ <description>
+ JDBC driver class.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.JPAService.jdbc.url</name>
+ <value><%=
"jdbc:#{@jdbc_protocol}://#{@jdbc_host}:#{@jdbc_port}/#{@jdbc_database}"
%></value>
+ <description>
+ JDBC URL.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.JPAService.jdbc.username</name>
+ <value><%= @jdbc_username %></value>
+ <description>
+ DB user name.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.JPAService.jdbc.password</name>
+ <value><%= @jdbc_password %></value>
+ <description>
+ DB user password.
+
+ IMPORTANT: if password is empty leave a 1 space string, the
service trims the value,
+ if empty Configuration assumes it is NULL.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.JPAService.pool.max.active.conn</name>
+ <value>10</value>
+ <description>
+ Max number of connections.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.HadoopAccessorService.kerberos.enabled</name>
+ <value>false</value>
+ <description>
+ Indicates if Oozie is configured to use Kerberos.
+ </description>
+ </property>
+
+ <property>
+ <name>local.realm</name>
+ <value>LOCALHOST</value>
+ <description>
+ Kerberos Realm used by Oozie and Hadoop. Using 'local.realm' to be
aligned with Hadoop configuration
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.HadoopAccessorService.keytab.file</name>
+ <value>${user.home}/oozie.keytab</value>
+ <description>
+ Location of the Oozie user keytab file.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.HadoopAccessorService.kerberos.principal</name>
+ <value>${user.name}/localhost@${local.realm}</value>
+ <description>
+ Kerberos principal for Oozie service.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.HadoopAccessorService.jobTracker.whitelist</name>
+ <value> </value>
+ <description>
+ Whitelisted job tracker for Oozie service.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.HadoopAccessorService.nameNode.whitelist</name>
+ <value> </value>
+ <description>
+ Whitelisted job tracker for Oozie service.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.HadoopAccessorService.hadoop.configurations</name>
+ <value>*=/etc/hadoop/conf</value>
+ <description>
+ Comma separated AUTHORITY=HADOOP_CONF_DIR, where AUTHORITY is the
HOST:PORT of
+ the Hadoop service (JobTracker, HDFS). The wildcard '*'
configuration is
+ used when there is no exact match for an authority. The
HADOOP_CONF_DIR contains
+ the relevant Hadoop *-site.xml files. If the path is relative is
looked within
+ the Oozie configuration directory; though the path can be absolute
(i.e. to point
+ to Hadoop client conf/ directories in the local filesystem.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.WorkflowAppService.system.libpath</name>
+ <value>/user/${user.name}/share/lib</value>
+ <description>
+ System library path to use for workflow applications.
+ This path is added to workflow application if their job properties
sets
+ the property 'oozie.use.system.libpath' to true.
+ </description>
+ </property>
+
+ <property>
+ <name>use.system.libpath.for.mapreduce.and.pig.jobs</name>
+ <value>false</value>
+ <description>
+ If set to true, submissions of MapReduce and Pig jobs will include
+ automatically the system library path, thus not requiring users to
+ specify where the Pig JAR files are. Instead, the ones from the
system
+ library path are used.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.type</name>
+ <value>simple</value>
+ <description>
+ Defines authentication used for Oozie HTTP endpoint.
+ Supported values are: simple | kerberos |
#AUTHENTICATION_HANDLER_CLASSNAME#
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.token.validity</name>
+ <value>36000</value>
+ <description>
+ Indicates how long (in seconds) an authentication token is valid
before it has
+ to be renewed.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.signature.secret</name>
+ <value>oozie</value>
+ <description>
+ The signature secret for signing the authentication tokens.
+ If not set a random secret is generated at startup time.
+ In order to authentiation to work correctly across multiple hosts
+ the secret must be the same across al the hosts.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.cookie.domain</name>
+ <value></value>
+ <description>
+ The domain to use for the HTTP cookie that stores the authentication
token.
+ In order to authentiation to work correctly across multiple hosts
+ the domain must be correctly set.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.simple.anonymous.allowed</name>
+ <value>true</value>
+ <description>
+ Indicates if anonymous requests are allowed.
+ This setting is meaningful only when using 'simple' authentication.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.kerberos.principal</name>
+ <value>HTTP/localhost@${local.realm}</value>
+ <description>
+ Indicates the Kerberos principal to be used for HTTP endpoint.
+ The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO
specification.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.kerberos.keytab</name>
+ <value>${oozie.service.HadoopAccessorService.keytab.file}</value>
+ <description>
+ Location of the keytab file with the credentials for the principal.
+ Referring to the same keytab file Oozie uses for its Kerberos
credentials for Hadoop.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.authentication.kerberos.name.rules</name>
+ <value>DEFAULT</value>
+ <description>
+ The kerberos names rules is to resolve kerberos principal names,
refer to Hadoop's
+ KerberosName for more details.
+ </description>
+ </property>
+
+ <!-- Proxyuser Configuration -->
+
+ <!--
+
+ <property>
+ <name>oozie.service.ProxyUserService.proxyuser.#USER#.hosts</name>
+ <value>*</value>
+ <description>
+ List of hosts the '#USER#' user is allowed to perform 'doAs'
+ operations.
+
+ The '#USER#' must be replaced with the username o the user who is
+ allowed to perform 'doAs' operations.
+
+ The value can be the '*' wildcard or a list of hostnames.
+
+ For multiple users copy this property and replace the user name
+ in the property name.
+ </description>
+ </property>
+
+ <property>
+ <name>oozie.service.ProxyUserService.proxyuser.#USER#.groups</name>
+ <value>*</value>
+ <description>
+ List of groups the '#USER#' user is allowed to impersonate users
+ from to perform 'doAs' operations.
+
+ The '#USER#' must be replaced with the username o the user who is
+ allowed to perform 'doAs' operations.
+
+ The value can be the '*' wildcard or a list of groups.
+
+ For multiple users copy this property and replace the user name
+ in the property name.
+ </description>
+ </property>
+
+ -->
+
+ <!-- Default proxyuser configuration for Hue -->
+
+ <property>
+ <name>oozie.service.ProxyUserService.proxyuser.hue.hosts</name>
+ <value>*</value>
+ </property>
+
+ <property>
+ <name>oozie.service.ProxyUserService.proxyuser.hue.groups</name>
+ <value>*</value>
+ </property>
+
+ <!-- enable uber jars -->
+ <property>
+ <name>oozie.action.mapreduce.uber.jar.enable</name>
+ <value>true</value>
+ </property>
+
+<% if @smtp_host -%>
+ <!-- smtp email configuration -->
+ <property>
+ <name>oozie.email.smtp.host</name>
+ <value><%= @smtp_host %></value>
+ </property>
+ <property>
+ <name>oozie.email.smtp.port</name>
+ <value><%= @smtp_port %></value>
+ </property>
+
+<% if @smtp_from_email -%>
+ <property>
+ <name>oozie.email.from.address</name>
+ <value><%= @smtp_from_email %></value>
+ </property>
+<% end -%>
+
+<% if @smtp_username -%>
+ <property>
+ <name>oozie.email.smtp.auth</name>
+ <value>true</value>
+ </property>
+ <property>
+ <name>oozie.email.smtp.username</name>
+ <value><%= @smtp_username %></value>
+ </property>
+ <property>
+ <name>oozie.email.smtp.password</name>
+ <value><%= @smtp_password %></value>
+ </property>
+<% end -%>
+
+<% end # if @smtp_host -%>
+
+</configuration>
\ No newline at end of file
--
To view, visit https://gerrit.wikimedia.org/r/69804
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I57d6289420e929f5badef04aab286c66db9bd3c5
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet/cdh4
Gerrit-Branch: master
Gerrit-Owner: Ottomata <o...@wikimedia.org>
Gerrit-Reviewer: Akosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Faidon <fai...@wikimedia.org>
Gerrit-Reviewer: Ottomata <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
