AMBARI-22027. Add UID/GID related issue with external users not listed in /etc/passwd (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f1b53000 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f1b53000 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f1b53000 Branch: refs/heads/branch-3.0-ams Commit: f1b53000c65a97ac7784d51c9a648e7e135acaab Parents: 2a06021 Author: Eugene Chekanskiy <echekans...@apache.org> Authored: Thu Sep 21 21:07:03 2017 +0300 Committer: Eugene Chekanskiy <echekans...@apache.org> Committed: Thu Sep 21 21:07:03 2017 +0300 ---------------------------------------------------------------------- .../before-ANY/scripts/shared_initialization.py | 29 +++++-- .../2.0.6/hooks/before-ANY/test_before_any.py | 85 ++++---------------- 2 files changed, 36 insertions(+), 78 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f1b53000/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py index ee950e8..11593fe 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/hooks/before-ANY/scripts/shared_initialization.py @@ -139,11 +139,19 @@ def set_uid(user, user_dirs): content=StaticFile("changeToSecureUid.sh"), mode=0555) ignore_groupsusers_create_str = str(params.ignore_groupsusers_create).lower() - uid = get_uid(user) + uid = get_uid(user, return_existing=True) Execute(format("{tmp_dir}/changeUid.sh {user} {user_dirs} {new_uid}", new_uid=0 if uid is None else uid), not_if = format("(test $(id -u {user}) -gt 1000) || ({ignore_groupsusers_create_str})")) -def get_uid(user): +def get_uid(user, return_existing=False): + """ + Tries to get UID for username. It will try to find UID in custom properties in *cluster_env* and, if *return_existing=True*, + it will try to return UID of existing *user*. + + :param user: username to get UID for + :param return_existing: return UID for existing user + :return: + """ import params user_str = str(user) + "_uid" service_env = [ serviceEnv for serviceEnv in params.config['configurations'] if user_str in params.config['configurations'][serviceEnv]] @@ -155,13 +163,18 @@ def get_uid(user): Logger.warning("Multiple values found for %s, using %s" % (user_str, uid)) return uid else: - if user == params.smoke_user: + if return_existing: + # pick up existing UID or try to find available UID in /etc/passwd, see changeToSecureUid.sh for more info + if user == params.smoke_user: + return None + File(format("{tmp_dir}/changeUid.sh"), + content=StaticFile("changeToSecureUid.sh"), + mode=0555) + code, newUid = shell.call(format("{tmp_dir}/changeUid.sh {user}")) + return int(newUid) + else: + # do not return UID for existing user, used in User resource call to let OS to choose UID for us return None - File(format("{tmp_dir}/changeUid.sh"), - content=StaticFile("changeToSecureUid.sh"), - mode=0555) - code, newUid = shell.call(format("{tmp_dir}/changeUid.sh {user}")) - return int(newUid) def setup_hadoop_env(): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/f1b53000/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py b/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py index a13ac24..9dceb69 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py +++ b/ambari-server/src/test/python/stacks/2.0.6/hooks/before-ANY/test_before_any.py @@ -52,33 +52,22 @@ class TestHookBeforeInstall(RMFTestCase): self.assertResourceCalled('Group', 'hadoop',) self.assertResourceCalled('Group', 'nobody',) self.assertResourceCalled('Group', 'users',) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) + self.assertResourceCalled('User', 'hive', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'oozie', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'users'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'nobody', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'nobody'], fetch_nonlocal_groups = True, ) @@ -88,113 +77,69 @@ class TestHookBeforeInstall(RMFTestCase): groups = [u'users'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'flume', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'hdfs', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'storm', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'mapred', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'hbase', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'tez', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'users'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'zookeeper', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'falcon', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'users'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'sqoop', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'yarn', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, ) - self.assertResourceCalled('File', '/tmp/changeUid.sh', - content = StaticFile('changeToSecureUid.sh'), - mode = 0555, - ) self.assertResourceCalled('User', 'hcat', gid = 'hadoop', - uid = 1000, + uid = None, groups = [u'hadoop'], fetch_nonlocal_groups = True, )