-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54357/
-----------------------------------------------------------
(Updated Dec. 7, 2016, 1:48 p.m.)
Review request for Ambari, Jonathan Hurley, Nate Cole, and Sumit Mohanty.
Changes
-------
Revert restriction on role command
Bugs: AMBARI-19077
https://issues.apache.org/jira/browse/AMBARI-19077
Repository: ambari
Description
-------
AMBARI-19077: Ambari-server: Gather dependent configuration types and password
properties for a service component to support credential store.
** Description **
To avoid generating JCEKS files for all configs that have passwords, add a
section to the command to have just the affected config types and the
corresponding password alias name and password value name pairs.
Diffs (updated)
-----
ambari-agent/src/main/python/ambari_agent/CustomServiceOrchestrator.py
f9ed4cf04e88e71ce2cc2f72a7d970a3b80d6521
ambari-server/src/main/java/org/apache/ambari/server/agent/ExecutionCommand.java
e46167a43ef6c72954d3104c015dbe7987d7f1de
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java
aa35f09fba5513db047c6709bca675209a9240ab
ambari-server/src/main/java/org/apache/ambari/server/state/ConfigHelper.java
f975053451bb396db0651366660fddc30f7faee1
ambari-server/src/main/java/org/apache/ambari/server/state/PropertyInfo.java
81de76ccf7436b6708f98b498e5415c9c33d6d02
Diff: https://reviews.apache.org/r/54357/diff/
Testing
-------
** 1. mvn clean install -DskipTests **
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Ambari Main ....................................... SUCCESS [12.270s]
[INFO] Apache Ambari Project POM ......................... SUCCESS [0.041s]
[INFO] Ambari Web ........................................ SUCCESS [1:18.132s]
[INFO] Ambari Views ...................................... SUCCESS [1.197s]
[INFO] Ambari Admin View ................................. SUCCESS [7.359s]
[INFO] utility ........................................... SUCCESS [0.351s]
[INFO] ambari-metrics .................................... SUCCESS [0.615s]
[INFO] Ambari Metrics Common ............................. SUCCESS [6.858s]
[INFO] Ambari Metrics Hadoop Sink ........................ SUCCESS [4.644s]
[INFO] Ambari Metrics Flume Sink ......................... SUCCESS [2.592s]
[INFO] Ambari Metrics Kafka Sink ......................... SUCCESS [3.789s]
[INFO] Ambari Metrics Storm Sink ......................... SUCCESS [6.053s]
[INFO] Ambari Metrics Storm Sink (Legacy) ................ SUCCESS [2.288s]
[INFO] Ambari Metrics Collector .......................... SUCCESS [12.602s]
[INFO] Ambari Metrics Monitor ............................ SUCCESS [2.646s]
[INFO] Ambari Metrics Grafana ............................ SUCCESS [1.018s]
[INFO] Ambari Metrics Assembly ........................... SUCCESS [1:29.121s]
[INFO] Ambari Server ..................................... SUCCESS [3:22.602s]
[INFO] Ambari Functional Tests ........................... SUCCESS [2.842s]
[INFO] Ambari Agent ...................................... SUCCESS [27.845s]
[INFO] Ambari Client ..................................... SUCCESS [0.042s]
[INFO] Ambari Python Client .............................. SUCCESS [0.986s]
[INFO] Ambari Groovy Client .............................. SUCCESS [2.122s]
[INFO] Ambari Shell ...................................... SUCCESS [0.039s]
[INFO] Ambari Python Shell ............................... SUCCESS [0.676s]
[INFO] Ambari Groovy Shell ............................... SUCCESS [0.918s]
[INFO] ambari-logsearch .................................. SUCCESS [0.276s]
[INFO] Ambari Logsearch Appender ......................... SUCCESS [0.203s]
[INFO] Ambari Logsearch Solr Client ...................... SUCCESS [1.222s]
[INFO] Ambari Logsearch Portal ........................... SUCCESS [9.792s]
[INFO] Ambari Logsearch Log Feeder ....................... SUCCESS [4.349s]
[INFO] Ambari Logsearch Assembly ......................... SUCCESS [0.175s]
[INFO] Ambari Logsearch Integration Test ................. SUCCESS [0.368s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8:08.366s
[INFO] Finished at: Sun Dec 04 19:14:14 PST 2016
[INFO] Final Memory: 320M/1255M
[INFO] ------------------------------------------------------------------------
** 2. Manual Tests **
Deployed the ambari-server JAR from the local build on a VM. Verified the
following by enabling credential store for OOZIE and HIVE:
** OOZIE **
** command JSON: **
{"configuration_credentials" : {'oozie-site':
{'oozie.service.JPAService.jdbc.password':
'oozie.service.JPAService.jdbc.password'}}}
** OOZIE config at /etc/oozie/conf/oozie-site.xml: **
<configuration>
<property>
<name>hadoop.security.credential.provider.path</name>
<value>jceks://file/var/lib/ambari-agent/cred/conf/oozie/oozie-site.jceks</value>
</property>
<property>
<name>oozie.action.retry.interval</name>
<value>30</value>
</property>
:
</configuration>
** HIVE **
** command JSON **
{ 'configuration_credentials' :
'ranger-hive-policymgr-ssl': {'xasecure.policymgr.clientssl.keystore.password':
'xasecure.policymgr.clientssl.keystore.password',
'xasecure.policymgr.clientssl.truststore.password':
'xasecure.policymgr.clientssl.truststore.password'},
'ranger-hive-plugin-properties': {'REPOSITORY_CONFIG_PASSWORD':
'REPOSITORY_CONFIG_PASSWORD'}, 'hive-site':
{'javax.jdo.option.ConnectionPassword': 'javax.jdo.option.ConnectionPassword'}}}
** HIVE config at /etc/hive/conf/conf.server/hive-site.xml: **
<configuration>
:
<property>
<name>datanucleus.fixedDatastore</name>
<value>true</value>
</property>
<property>
<name>hadoop.security.credential.provider.path</name>
<value>jceks://file/var/lib/ambari-agent/cred/conf/hive/hive-site.jceks</value>
</property>
:
</configuration
Thanks,
Nahappan Somasundaram
