> On Dec. 5, 2016, 4:36 p.m., Nate Cole wrote: > > ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py, > > lines 376-379 > > <https://reviews.apache.org/r/54357/diff/1/?file=1576446#file1576446line376> > > > > Do clients matter here? Clients have no START but do use configs. > > Nahappan Somasundaram wrote: > This is meant only for service START.
So clients don't use JCEKS? The clients are load e.g. oozie-site and hive-site and will likely be using hadoop.security.credential.provider.path? - Nate ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/54357/#review158059 ----------------------------------------------------------- On Dec. 6, 2016, 11:23 a.m., Nahappan Somasundaram wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/54357/ > ----------------------------------------------------------- > > (Updated Dec. 6, 2016, 11:23 a.m.) > > > Review request for Ambari, Jonathan Hurley, Nate Cole, and Sumit Mohanty. > > > Bugs: AMBARI-19077 > https://issues.apache.org/jira/browse/AMBARI-19077 > > > Repository: ambari > > > Description > ------- > > AMBARI-19077: Ambari-server: Gather dependent configuration types and > password properties for a service component to support credential store. > > ** Description ** > To avoid generating JCEKS files for all configs that have passwords, add a > section to the command to have just the affected config types and the > corresponding password alias name and password value name pairs. > > > Diffs > ----- > > ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py > f9ed4cf04e88e71ce2cc2f72a7d970a3b80d6521 > > ambari-server/src/main/java/org/apache/ambari/server/agent/ExecutionCommand.java > e46167a43ef6c72954d3104c015dbe7987d7f1de > > ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java > aa35f09fba5513db047c6709bca675209a9240ab > > ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java > f975053451bb396db0651366660fddc30f7faee1 > > ambari-server/src/main/java/org/apache/ambari/server/state/PropertyInfo.java > 81de76ccf7436b6708f98b498e5415c9c33d6d02 > > Diff: https://reviews.apache.org/r/54357/diff/ > > > Testing > ------- > > ** 1. mvn clean install -DskipTests ** > > [INFO] > ------------------------------------------------------------------------ > [INFO] Reactor Summary: > [INFO] > [INFO] Ambari Main ....................................... SUCCESS [12.270s] > [INFO] Apache Ambari Project POM ......................... SUCCESS [0.041s] > [INFO] Ambari Web ........................................ SUCCESS [1:18.132s] > [INFO] Ambari Views ...................................... SUCCESS [1.197s] > [INFO] Ambari Admin View ................................. SUCCESS [7.359s] > [INFO] utility ........................................... SUCCESS [0.351s] > [INFO] ambari-metrics .................................... SUCCESS [0.615s] > [INFO] Ambari Metrics Common ............................. SUCCESS [6.858s] > [INFO] Ambari Metrics Hadoop Sink ........................ SUCCESS [4.644s] > [INFO] Ambari Metrics Flume Sink ......................... SUCCESS [2.592s] > [INFO] Ambari Metrics Kafka Sink ......................... SUCCESS [3.789s] > [INFO] Ambari Metrics Storm Sink ......................... SUCCESS [6.053s] > [INFO] Ambari Metrics Storm Sink (Legacy) ................ SUCCESS [2.288s] > [INFO] Ambari Metrics Collector .......................... SUCCESS [12.602s] > [INFO] Ambari Metrics Monitor ............................ SUCCESS [2.646s] > [INFO] Ambari Metrics Grafana ............................ SUCCESS [1.018s] > [INFO] Ambari Metrics Assembly ........................... SUCCESS [1:29.121s] > [INFO] Ambari Server ..................................... SUCCESS [3:22.602s] > [INFO] Ambari Functional Tests ........................... SUCCESS [2.842s] > [INFO] Ambari Agent ...................................... SUCCESS [27.845s] > [INFO] Ambari Client ..................................... SUCCESS [0.042s] > [INFO] Ambari Python Client .............................. SUCCESS [0.986s] > [INFO] Ambari Groovy Client .............................. SUCCESS [2.122s] > [INFO] Ambari Shell ...................................... SUCCESS [0.039s] > [INFO] Ambari Python Shell ............................... SUCCESS [0.676s] > [INFO] Ambari Groovy Shell ............................... SUCCESS [0.918s] > [INFO] ambari-logsearch .................................. SUCCESS [0.276s] > [INFO] Ambari Logsearch Appender ......................... SUCCESS [0.203s] > [INFO] Ambari Logsearch Solr Client ...................... SUCCESS [1.222s] > [INFO] Ambari Logsearch Portal ........................... SUCCESS [9.792s] > [INFO] Ambari Logsearch Log Feeder ....................... SUCCESS [4.349s] > [INFO] Ambari Logsearch Assembly ......................... SUCCESS [0.175s] > [INFO] Ambari Logsearch Integration Test ................. SUCCESS [0.368s] > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 8:08.366s > [INFO] Finished at: Sun Dec 04 19:14:14 PST 2016 > [INFO] Final Memory: 320M/1255M > [INFO] > ------------------------------------------------------------------------ > > ** 2. Manual Tests ** > > Deployed the ambari-server JAR from the local build on a VM. Verified the > following by enabling credential store for OOZIE and HIVE: > > ** OOZIE ** > ** command JSON: ** > {"configuration_credentials" : {'oozie-site': > {'oozie.service.JPAService.jdbc.password': > 'oozie.service.JPAService.jdbc.password'}}} > > ** OOZIE config at /etc/oozie/conf/oozie-site.xml: ** > <configuration> > <property> > <name>hadoop.security.credential.provider.path</name> > > <value>jceks://file/var/lib/ambari-agent/cred/conf/oozie/oozie-site.jceks</value> > </property> > > <property> > <name>oozie.action.retry.interval</name> > <value>30</value> > </property> > : > </configuration> > > ** HIVE ** > ** command JSON ** > { 'configuration_credentials' : > 'ranger-hive-policymgr-ssl': > {'xasecure.policymgr.clientssl.keystore.password': > 'xasecure.policymgr.clientssl.keystore.password', > 'xasecure.policymgr.clientssl.truststore.password': > 'xasecure.policymgr.clientssl.truststore.password'}, > 'ranger-hive-plugin-properties': {'REPOSITORY_CONFIG_PASSWORD': > 'REPOSITORY_CONFIG_PASSWORD'}, 'hive-site': > {'javax.jdo.option.ConnectionPassword': > 'javax.jdo.option.ConnectionPassword'}}} > > ** HIVE config at /etc/hive/conf/conf.server/hive-site.xml: ** > <configuration> > : > <property> > <name>datanucleus.fixedDatastore</name> > <value>true</value> > </property> > > <property> > <name>hadoop.security.credential.provider.path</name> > > <value>jceks://file/var/lib/ambari-agent/cred/conf/hive/hive-site.jceks</value> > </property> > : > </configuration > > > Thanks, > > Nahappan Somasundaram > >
