AMBARI-20275. Credential Store should be enabled by default on fresh installs (Madhuvanthi Radhakrishnan via smohanty)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/584fdac8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/584fdac8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/584fdac8 Branch: refs/heads/branch-feature-AMBARI-12556 Commit: 584fdac8b6e1a7a970e0c39386687fdc4859aaef Parents: 3d42351 Author: Sumit Mohanty <smoha...@hortonworks.com> Authored: Sun Mar 5 10:42:40 2017 -0800 Committer: Sumit Mohanty <smoha...@hortonworks.com> Committed: Sun Mar 5 10:44:09 2017 -0800 ---------------------------------------------------------------------- .../0.12.0.2.0/package/scripts/hive_interactive.py | 7 +++++++ .../common-services/LOGSEARCH/0.5.0/metainfo.xml | 1 + .../stacks/HDP/2.5/services/HIVE/metainfo.xml | 2 +- .../stacks/HDP/2.5/services/OOZIE/metainfo.xml | 2 +- .../python/stacks/2.5/HIVE/test_hive_server_int.py | 15 ++++++++++++--- .../stacks/2.5/configs/hsi_default_for_restart.json | 1 + 6 files changed, 23 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/584fdac8/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py index 3a70fcf..fa822f9 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_interactive.py @@ -42,6 +42,7 @@ from resource_management.core.shell import quote_bash_args from resource_management.core.logger import Logger from resource_management.core import utils from resource_management.libraries.functions.setup_atlas_hook import has_atlas_in_cluster, setup_atlas_hook +from resource_management.libraries.functions.security_commons import update_credential_provider_path from ambari_commons.constants import SERVICE from ambari_commons.os_family_impl import OsFamilyFuncImpl, OsFamilyImpl @@ -199,6 +200,12 @@ def hive_interactive(name=None): group=params.user_group, mode=0644) else: + merged_hive_interactive_site = update_credential_provider_path(merged_hive_interactive_site, + 'hive-site', + os.path.join(conf_dir, 'hive-site.jceks'), + params.hive_user, + params.user_group + ) XmlConfig("hive-site.xml", conf_dir=conf_dir, configurations=merged_hive_interactive_site, http://git-wip-us.apache.org/repos/asf/ambari/blob/584fdac8/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml index 5f6ec51..9a12d45 100644 --- a/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/LOGSEARCH/0.5.0/metainfo.xml @@ -28,6 +28,7 @@ <credential-store> <supported>true</supported> <enabled>true</enabled> + <required>true</required> </credential-store> <components> http://git-wip-us.apache.org/repos/asf/ambari/blob/584fdac8/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml index 4230dd4..f2a1161 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/HIVE/metainfo.xml @@ -23,7 +23,7 @@ <version>1.2.1.2.5</version> <credential-store> <supported>true</supported> - <enabled>false</enabled> + <enabled>true</enabled> </credential-store> <components> <component> http://git-wip-us.apache.org/repos/asf/ambari/blob/584fdac8/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml index df1092a..830ff90 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/OOZIE/metainfo.xml @@ -22,7 +22,7 @@ <name>OOZIE</name> <credential-store> <supported>true</supported> - <enabled>false</enabled> + <enabled>true</enabled> </credential-store> <extends>common-services/OOZIE/4.2.0.2.5</extends> <themes> http://git-wip-us.apache.org/repos/asf/ambari/blob/584fdac8/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py b/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py index 6f017bc..d76ffaa 100644 --- a/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py +++ b/ambari-server/src/test/python/stacks/2.5/HIVE/test_hive_server_int.py @@ -292,7 +292,7 @@ class TestHiveServerInteractive(RMFTestCase): action=['delete'], ) - self.assert_configure_default() + self.assert_configure_default(with_cs_enabled=True) self.assertResourceCalled('Execute', '/home/hive/llap-slider-05Apr2016/run.sh', @@ -416,7 +416,7 @@ class TestHiveServerInteractive(RMFTestCase): self.assertNoMoreResources() - def assert_configure_default(self, no_tmp=False, default_fs_default=u'hdfs://c6401.ambari.apache.org:8020'): + def assert_configure_default(self, no_tmp=False, default_fs_default=u'hdfs://c6401.ambari.apache.org:8020', with_cs_enabled=False): self.assertResourceCalled('HdfsResource', '/user/hive', immutable_paths = self.DEFAULT_IMMUTABLE_PATHS, @@ -533,6 +533,15 @@ class TestHiveServerInteractive(RMFTestCase): configurations=hive_site_conf_for_client, ) else: + if with_cs_enabled: + self.assertResourceCalled('File', '/usr/hdp/current/hive-server2-hive2/conf/conf.server/hive-site.jceks', + content=StaticFile('/var/lib/ambari-agent/data/abc.jceks'), + owner='hive', + group='hadoop', + mode = 0640, + ) + self.assertTrue('hadoop.security.credential.provider.path' in hive_site_conf) + hive_site_conf['hadoop.security.credential.provider.path'] = 'jceks://file/usr/hdp/current/hive-server2-hive2/conf/conf.server/hive-site.jceks' self.assertResourceCalled('XmlConfig', 'hive-site.xml', group='hadoop', conf_dir=conf_dir, @@ -542,7 +551,7 @@ class TestHiveServerInteractive(RMFTestCase): u'javax.jdo.option.ConnectionPassword': u'true'}}, owner='hive', configurations=hive_site_conf, - ) + ) if conf_dir == '/usr/hdp/current/hive-server2-hive2/conf/conf.server': self.assertResourceCalled('XmlConfig', 'hiveserver2-site.xml', http://git-wip-us.apache.org/repos/asf/ambari/blob/584fdac8/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json b/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json index 52b3983..f6de1c4 100644 --- a/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json +++ b/ambari-server/src/test/python/stacks/2.5/configs/hsi_default_for_restart.json @@ -372,6 +372,7 @@ "a" : "e" }, "hive-site": { + "hadoop.security.credential.provider.path": "jceks://file/var/lib/ambari-agent/data/abc.jceks", "hive.enforce.sorting": "true", "javax.jdo.option.ConnectionPassword": "!`\"' 1", "javax.jdo.option.ConnectionDriverName": "com.mysql.jdbc.Driver",